Active ransomware attacks against vulnerable Atlassian Confluence Data Center and Servers ratchets up risk to enterprises, now reflected in the bug's revised CVSS score of 10.
| | | LATEST SECURITY NEWS & COMMENTARY | | Atlassian Bug Escalated to 10, All Unpatched Instances Vulnerable Active ransomware attacks against vulnerable Atlassian Confluence Data Center and Servers ratchets up risk to enterprises, now reflected in the bug's revised CVSS score of 10. CVSS 4.0 Offers Significantly More Patching Context The latest vulnerability severity scoring system addresses gaps in the previous version; here's how to get the most out of it. Ransomware Mastermind Uncovered After Oversharing on Dark Web Meet "farnetwork," one of the most prolific RaaS operators around, who spilled too many details during an affiliate "job interview." Sandworm Cyberattackers Down Ukrainian Power Grid During Missile Strikes A premier Russian APT used living-off-the-land techniques in a major OT hit, raising tough questions about whether or not we can defend against the attack vector. Kinsing Cyberattackers Debut 'Looney Tunables' Cloud Exploits Admins need to patch immediately, as the prolific cybercrime group pivots from cryptomining to going after cloud secrets and credentials. Marina Bay Sands Becomes Latest Hospitality Cyber Victim Unknown attackers have accessed PII for hundreds of thousands of loyalty customers at the high-end Singapore establishment. Novel Google Cloud RAT Uses Calendar Events for C2 Cybercriminals are abusing legitimate functions within cloud services, and providers can't totally stop them, especially when it comes to innovative approaches like this. Critical Atlassian Bug Exploit Now Available; Immediate Patching Needed In-the-wild exploit activity from dozens of cyberattacker networks is ramping up for the security vulnerability in Confluence, tracked as CVE-2023-22518. Attackers Target Max-Severity Apache ActiveMQ Bug to Drop Ransomware More than 3,000 systems are exposed and vulnerable to attack on the Internet. Okta Customer Support Breach Exposed Data on 134 Companies 1Password, BeyondTrust, and Cloudflare were among five customers directly targeted with stolen Okta session tokens, the company's CSO says. CISOs Beware: SEC's SolarWinds Action Shows They're Scapegoating Us In a rapidly evolving cybersecurity landscape, CISOs must take proactive measures to safeguard their careers and mitigate risks associated with their roles. Meet Your New Cybersecurity Auditor: Your Insurer As cyber insurance gets more expensive and competitive, security decision-makers have actionable opportunities to strengthen their cyber defenses. MGM and Caesars Attacks Highlight Social Engineering Risks Relying on passwords to secure user accounts is a gamble that never pays off. Crafting an AI Policy That Safeguards Data Without Stifling Productivity Companies must recognize AI's utility, while setting clear boundaries to curtail unsafe utilization. Identity Alone Won't Save Us: The TSA Paradigm and MGM's Hack To combat sophisticated threats, we need to improve how we approach authorization and access controls. Ransomware Readiness Assessments: One Size Doesn't Fit All Tailored ransomware readiness assessments help organizations develop comprehensive response plans that minimize damage and restore operations quickly. MORE NEWS / MORE COMMENTARY | | |
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
