In the race over Citrix's latest vulnerability, the bad guys have a huge head start, with broad implications for businesses and critical infrastructure providers worldwide.
| | | LATEST SECURITY NEWS & COMMENTARY | | As Citrix Urges Its Clients to Patch, Researchers Release an Exploit In the race over Citrix's latest vulnerability, the bad guys have a huge head start, with broad implications for businesses and critical infrastructure providers worldwide. 'Log in with...' Feature Allows Full Online Account Takeover for Millions Hundreds of millions of users of Grammarly, Vidio, and the Indonesian e-commerce giant Bukalapak are at risk for financial fraud and credential theft due to OAuth misfires — and other online services likely have the same problems. Virtual Alarm: VMware Issues Major Security Advisory VMware vCenter Servers need immediate patch against critical RCE bug as race against threat actors begins. 1Password Becomes Latest Victim of Okta Customer Service Breach Okta's IAM platform finds itself in cyberattackers' sights once again, as threat actors mount a supply chain attack targeting Okta customer support engagements. Critical SolarWinds RCE Bugs Enable Unauthorized Network Takeover SolarWinds' access controls contain five high-severity and three critical-severity security vulnerabilities that need to be patched yesterday. Cyberattackers Alter Implant on 30K Compromised Cisco IOS XE Devices A seemingly sharp drop in the number of compromised Cisco IOS XE devices visible on the Internet led to a flurry of speculation over the weekend — but it turns out the malicious implants were just hiding. Cisco Finds New Zero-Day Bug, Pledges Patches in Days A patch for the max-severity zero-day bug tracked as CVE-2023-20198 is coming soon, but the bug has already led to the compromise of tens of thousands of Cisco devices. And now, there's a new unpatched threat. Patch Now: Massive RCE Campaign Wrangles Routers Into Botnet Thousands of devices, including D-Link and Zyxel gear, remain vulnerable to takeover despite the availability of patches for the several bugs being exploited by IZ1H9 campaign. Change From Within: 3 Cybersecurity Transformation Traps for CISOs to Avoid To make cybersecurity an organizationwide priority, CISOs must avoid these common input, empathy, and alignment obstacles. Cybersecurity Awareness Doesn't Cut It; It's Time to Focus on Behavior We have too much cybersecurity awareness. It's time to implement repeatable, real-world practice that ingrains positive habits and security behaviors. The Need for a Cybersecurity-Centric Business Culture Building a culture of cybersecurity is achievable by acknowledging its importance and consistently reinforcing that message. MORE NEWS / MORE COMMENTARY | | |
|
| | | FEATURED REPORTS | | What Ransomware Groups Look for in Enterprise Victims Ransomware attackers cast a wide net -- they just care about causing damage, making money, and gaining new victims. That means no organization is automatically immune to attack just because of its size or industry. Organizations need to take steps ... How to Use Threat Intelligence to Mitigate Third-Party Risk The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ... Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware | | View More Dark Reading Reports >> |
|
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
