78 new CVEs patched in this month's batch — nearly half of which are remotely executable and three of which attackers already are exploiting.
Follow Dark Reading:
 February 16, 2023
LATEST SECURITY NEWS & COMMENTARY
9 New Microsoft Bugs to Patch Now
78 new CVEs patched in this month's batch — nearly half of which are remotely executable and three of which attackers already are exploiting.
OT Network Security Myths Busted in a Pair of Hacks
How newly exposed security weaknesses in industrial wireless, cloud-based interfaces, and nested PLCs serve as a wake-up call for hardening the physical process control layer of the OT network.
ChatGPT Subs In as Security Analyst, Hallucinates Only Occasionally
Incident response triage and software vulnerability discovery are two areas where the large language model has demonstrated success, although false positives are common.
Embattled VMware ESXi Hypervisor Flaw Exploitable in Myriad Ways
It's not just Internet-accessible hosts that are vulnerable, researchers say.
Reddit Hack Shows Limits of MFA, Strengths of Security Training
A tailored spear-phishing attack successfully convinced a Reddit employee to hand over their credentials and their one-time password, but soon after, the same worker notified security.
NIST's New Crypto Standard a Step Forward in IoT Security
The National Institute of Standards and Technology has settled on a standard for encrypting Internet of Things (IoT) communications, but many devices remain vulnerable and unpatched.
Dark Web Revenue Down Dramatically After Hydra's Demise
Competitor markets working to replace Hydra's money-laundering services for cybercriminals.
NewsPenguin Goes Phishing for Maritime & Military Secrets
A sophisticated cyber-espionage attack against high-value targets attending a maritime technology conference in Pakistan this weekend has been in the works since last year.
Russian Hackers Disrupt NATO Earthquake Relief Operations
Killnet claims DDoS attack against NATO Special Operations Headquarters, Strategic Airlift Capability, and more.
Addressing the Elephant in the Room: Getting Developers & Security Teams to Work Together
Bridging the divide between developers and security can create a culture change organically.
How Security Teams Can Protect Employees Beyond Corporate Walls
De-shaming security mistakes and taking the blame and punishment out of incident reporting can strengthen security efforts both inside and outside of the workplace.
Lessons From the Cold War: How Quality Trumps Quantity in Cybersecurity
High-quality tools and standards remain critical components in cybersecurity efforts even as budgets decline. It's important that staff knows response procedures and their roles, and also communicates well.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
What Happened to #OpRussia?
The cyberwar to attack Russia has never really stopped, despite a decreasing interest from the West.

Why SecDataOps Is the Future of Your Security Program
The goal: Ensure that data is always finely curated and accessible, and that security decisions get made with high-fidelity data.

Attacker Allure: A Look at the Super Bowl's Operational Cyber-Risks
Event organizers should be exercising various cyberattack scenarios to ensure they have the proper checks and balances in place to respond accordingly and maintain resilience.

MORE
EDITORS' CHOICE
7 Critical Cloud Threats Facing the Enterprise in 2023
From shadow data to misconfigurations, and overpermissioning to multicloud sprawl, Dark Reading's cloud security slideshow helps security pros understand the threat horizon.
LATEST FROM THE EDGE

What CISOs Can Do About Brand Impersonation Scam Sites
Apply these nine tips to proactively fight fraudulent websites that use your brand to rip people off.
LATEST FROM DR TECHNOLOGY

Descope Handles Authentication So Developers Don't Have To
Developers don't have to build authentication and user management from scratch, and can devote their energies to the core functions of the application, instead.
WEBINARS
  • Shoring Up the Software Supply Chain Across Enterprise Applications

    Modern-day software development depends heavily on third-party components, libraries, and frameworks. Attackers are increasingly targeting these software building blocks to compromise enterprise applications. In this webinar, experts discuss the ever-expanding software attack surface. Find out where potential attack vectors are ...

  • The Ransomware Evolution: Protecting Against Professionalized Cybercriminal Operations

    Ransomware gangs are highly professional operations, with teams dedicated for customer service, help-desk, software development, distribution, and even marketing. There are marketplaces where attackers can easily pick up ransomware and attack infrastructure. Does your organization understand what kind of cybercriminal ...
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
PRODUCTS & RELEASES
Call for Speakers Now Open for the RH-ISAC Cyber Intelligence Summit
Report Reveals Record-Breaking Year for Cyber Threats
Brivo Reveals Top Security Trends for 2023: Convenience Is King in Securing the Hybrid Workplaces of the Future
5th State of CCPA, CPRA, and GDPR Compliance Report Shows More Than 90% of Companies Are Not Compliant
Ping Identity and Deloitte Forge Alliance to Give Organizations Advanced Identity and Access Solutions
Avast Threat Report: Consumers Plagued With Refund Fraud, Tech Support Scams, and Adware
MORE PRODUCTS & RELEASES
CURRENT ISSUE

The Promise and Reality of Cloud Security
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2023  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us