Active ransomware attacks against vulnerable Atlassian Confluence Data Center and Servers ratchets up risk to enterprises, now reflected in the bug's revised CVSS score of 10.
Follow Dark Reading:
 November 09, 2023
LATEST SECURITY NEWS & COMMENTARY
Atlassian Bug Escalated to 10, All Unpatched Instances Vulnerable
Active ransomware attacks against vulnerable Atlassian Confluence Data Center and Servers ratchets up risk to enterprises, now reflected in the bug's revised CVSS score of 10.
CVSS 4.0 Offers Significantly More Patching Context
The latest vulnerability severity scoring system addresses gaps in the previous version; here's how to get the most out of it.
Ransomware Mastermind Uncovered After Oversharing on Dark Web
Meet "farnetwork," one of the most prolific RaaS operators around, who spilled too many details during an affiliate "job interview."
Sandworm Cyberattackers Down Ukrainian Power Grid During Missile Strikes
A premier Russian APT used living-off-the-land techniques in a major OT hit, raising tough questions about whether or not we can defend against the attack vector.
Kinsing Cyberattackers Debut 'Looney Tunables' Cloud Exploits
Admins need to patch immediately, as the prolific cybercrime group pivots from cryptomining to going after cloud secrets and credentials.
Marina Bay Sands Becomes Latest Hospitality Cyber Victim
Unknown attackers have accessed PII for hundreds of thousands of loyalty customers at the high-end Singapore establishment.
Novel Google Cloud RAT Uses Calendar Events for C2
Cybercriminals are abusing legitimate functions within cloud services, and providers can't totally stop them, especially when it comes to innovative approaches like this.
Critical Atlassian Bug Exploit Now Available; Immediate Patching Needed
In-the-wild exploit activity from dozens of cyberattacker networks is ramping up for the security vulnerability in Confluence, tracked as CVE-2023-22518.
Attackers Target Max-Severity Apache ActiveMQ Bug to Drop Ransomware
More than 3,000 systems are exposed and vulnerable to attack on the Internet.
Okta Customer Support Breach Exposed Data on 134 Companies
1Password, BeyondTrust, and Cloudflare were among five customers directly targeted with stolen Okta session tokens, the company's CSO says.
CISOs Beware: SEC's SolarWinds Action Shows They're Scapegoating Us
In a rapidly evolving cybersecurity landscape, CISOs must take proactive measures to safeguard their careers and mitigate risks associated with their roles.
Meet Your New Cybersecurity Auditor: Your Insurer
As cyber insurance gets more expensive and competitive, security decision-makers have actionable opportunities to strengthen their cyber defenses.
MGM and Caesars Attacks Highlight Social Engineering Risks
Relying on passwords to secure user accounts is a gamble that never pays off.
Crafting an AI Policy That Safeguards Data Without Stifling Productivity
Companies must recognize AI's utility, while setting clear boundaries to curtail unsafe utilization.
Identity Alone Won't Save Us: The TSA Paradigm and MGM's Hack
To combat sophisticated threats, we need to improve how we approach authorization and access controls.
Ransomware Readiness Assessments: One Size Doesn't Fit All
Tailored ransomware readiness assessments help organizations develop comprehensive response plans that minimize damage and restore operations quickly.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Threat Prevention Begins With IT & Security Team Collaboration
As cyber threats evolve, so does the shared responsibility mindset that calls for IT and security to work in tandem.

3 Ways to Close the Cybersecurity Skills Gap — Now
The future of the cybersecurity workforce will rely less on long-led legacy education models and more on skills-now training.

Middle East's 5G Acceleration May Pose Serious Security Issues
Telcos across the Middle East are rapidly rolling out 5G networks. Will this accelerated adoption lead to higher security vulnerabilities?

MORE
EDITORS' CHOICE
Ace Hardware Still Reeling From Weeklong Cyberattack
Cyberattackers downed a quarter of the hardware giant's entire IT apparatus. Now, before the company can recover, they're going after individual branches.
LATEST FROM THE EDGE

Steps to Follow to Comply With the SEC Cybersecurity Disclosure Rule
Mandiant/Google Cloud's Jill C. Tyson offers up timelines, checklists, and other guidance around enterprisewide readiness to ensure compliance with the new rule.
LATEST FROM DR TECHNOLOGY

Software Complexity Bedevils Mainframe Security
The high-performance and resilient platforms satisfy critical roles, but software complexity and the graying of the specialist workforce are creating security challenges.
LATEST FROM DR GLOBAL

Saudi Aramco CEO Warns of New Threat of Generative AI
Oil executive Amin H. Nasser calls for global cooperation and international standards to combat the dark side of artificial intelligence.
WEBINARS
  • How to Combat the Latest Cloud Security Threats

    More businesses have shifted critical assets and operations to the cloud, as service providers enhance their security capabilities and companies adapt to more remote workforces. In this webinar, experts outline the top ways that attackers are exploiting cloud services, applications ...

  • Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication Methods

    Inadequate authentication measures leave your digital identity vulnerable to cybercriminals. Tools like multi-factor authentication, biometrics, passwords, PINs, and tokens are all more vulnerable to attacks and social engineering than you realize. And one wrong move leaves you and your organization ...
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
PRODUCTS & RELEASES
Risk Ledger Secures £6.25M to Prevent Cyberattacks on the Supply Chains of Nation's Largest Enterprises
Myrror Security Emerges From Stealth With $6M Seed Round to Prevent Attacks on the Software Development Process
Malwarebytes Launches ThreatDown to Empower Resource Constrained IT Organizations
Proofpoint Signs Definitive Agreement to Acquire Tessian
Excelsior University Contends for National Cyber League Competition Title
MORE PRODUCTS & RELEASES
CURRENT ISSUE

Effective Security Analytics for Enterprises
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2023  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us