Critical dependency manager supply chain vulnerabilities have exposed millions and millions of devices to arbitrary malware for the better part of decade.
Follow Dark Reading:
 July 02, 2024
LATEST SECURITY NEWS & COMMENTARY
Apple CocoaPods Bugs Expose Millions of Apps to Code Injection
Critical dependency manager supply chain vulnerabilities have exposed millions and millions of devices to arbitrary malware for the better part of decade.
Juniper Rushes Out Emergency Patch for Critical Smart Router Flaw
Although not yet exploited in the wild, the max-critical authentication bypass bug could allow adversaries to take over unpatched Juniper Session Smart Routers and Conductors, and WAN Assurance Routers, the company warns.
'RegreSSHion' Bug Threatens Takeover of Millions of Linux Systems
The high-severity CVE-2024-6387 in OpenSSH is a reintroduction of a 2006 flaw, and it allows unauthenticated RCE as root.
Prudential Data Breach Victim Count Soars to 2.5M
The company seemingly underestimated the severity of the breach after originally providing a head count of roughly 36,000 impacted individuals.
Multi-Malware 'Cluster Bomb' Campaign Drops Widespread Cyber Havoc
"Unfurling Hemlock" has deployed malware on tens of thousands of systems worldwide by nesting multiple malicious files inside other malicious files.
Thinking About Security, Fast & Slow
To be effective, managing risk demands both fast responses and strategic thinking.
Google Opens $250K Bug Bounty Contest for VM Hypervisor
If security researchers can execute a guest-to-host attack using a zero-day vulnerability in the KVM open source hypervisor, Google will make it worth their while.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
CISA Flags Memory-Unsafe Code in Major Open Source Projects
Despite more than 50% of all open source code being written in memory-unsafe languages like C++, we are unlikely to see a massive overhaul to codebases anytime soon.

CISO Corner: The NYSE & the SEC; Ransomware Negotiation Tips
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps.

Unfounded Fears: AI Extinction-Level Threats & the AI Arms Race
There is an extreme lack of evidence of AI-related danger, and proposing or implementing limits on technological advancement isn't the answer.

Hundreds of Thousands Impacted in Children's Hospital Cyberattack
Though the Chicago-area hospital did not pay a ransom, a host of sensitive medical information is now at risk.

MORE
PRODUCTS & RELEASES
The Mount Kisco Surgery Center LLC d/b/a The Ambulatory Surgery Center of Westchester - Notice of Data Security Incident
Cybersecurity Veteran Kevin Mandia Named General Partner of Ballistic Ventures
Landmark Admin, LLC Provides Notice of Data Privacy Incident
MORE PRODUCTS & RELEASES
EDITORS' CHOICE
Dark Reading Confidential: Meet the Ransomware Negotiators
Episode 2: Incident response experts-turned-ransomware negotiators Ed Dubrovsky, COO and managing partner of CYPFER, and Joe Tarraf, chief delivery officer of Surefire Cyber, explain how they interact with cyber threat actors who hold victim organizations' systems and data for ransom. Among their fascinating stories: how they negotiated with cybercriminals to restore operations in a hospital NICU where lives were at stake, and how they helped a church, where the attackers themselves "got a little religion."
LATEST FROM THE EDGE

Name That Edge Toon: Cyber Cloudburst
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
LATEST FROM DR TECHNOLOGY

Apple's AI Moves Will Impact Future Chip, Cloud Security Plans
Analysts say Apple's black-box approach provides a blueprint for rival chip makers and cloud providers.
LATEST FROM DR GLOBAL

Papua New Guinea Sets High Bar in Data Security
The small island nation's new data protection and governance policy reflects a forward-thinking cybersecurity strategy.
WEBINARS
  • Enhance Cloud Security with Cloud-Native Security

    In this webinar, learn how your current cloud security measures may be falling short as you shift to cloud-native, and what new tools and processes you will need to put in place to stay ahead of attackers.

  • Smart Service Management

    Attend this webinar to get real-life examples of how teams are expediting response time, decreasing team drain, and increasing self-service adoption.
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2024  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us