Dark Reading Daily -- August 28, 2024

So far, the threat actor has compromised at least five organizations using CVE-2024-39717; CISA has added bug to its Known Exploited Vulnerability database.

LATEST SECURITY NEWS & COMMENTARY

China's Volt Typhoon Exploits Zero-Day in Versa's SD-WAN Director Servers

So far, the threat actor has compromised at least five organizations using CVE-2024-39717; CISA has added bug to its Known Exploited Vulnerability database.

Threat Group 'Bling Libra' Pivots to Extortion for Cloud Attacks

The ShinyHunters attackers are skipping selling stolen data on hacker forums in favor of using deadline-driven ransom notes for financial gain.

Hundreds of LLM Servers Expose Corporate, Health & Other Online Data

LLM automation tools and vector databases can be rife with sensitive data — and vulnerable to pilfering.

Microsoft's Sway Serves as Launchpad for 'Quishing' Campaign

The attack is a mashup of QR codes and phishing that gets users to click on links to malicious webpages.

PoC Exploit for Zero-Click Vulnerability Made Available to the Masses

The exploit can be accessed on GitHub and makes it easier for the flaw to be exploited by threat actors.

Why Every Business Should Prioritize Confidential Computing

Confidential computing safeguards data in use, making it a crucial component of cloud security.

MORE NEWS / MORE COMMENTARY


HOT TOPICS
Cybercriminals Tap Greasy Opal to Create 750M Fake Microsoft Accounts Such cyberattack enablement services let attackers breach security measures, establish new fake accounts, and brute-force servers. Patch Now: Second SolarWinds Critical Bug in Web Help Desk The disclosure of CVE-2024-28987 means that, in two weeks, there have been two critical bugs and corresponding patches for SolarWinds' less-often-discussed IT help desk software. Assume Breach When Building AI Apps AI jailbreaks are not vulnerabilities; they are expected behavior. Aggressively Monitoring for Changes Is a Key Aspect of Cybersecurity Employees and management must fully support change detection and file integrity monitoring, allowing a proactive approach with definitive security controls to be implemented against threat actors. MORE

PRODUCTS & RELEASES

77% of Educational Institutions Spotted a Cyberattack Within the Last 12 Months

Pluralsight Releases Courses to Help Cyber Pros Defend Against Volt Typhoon Hacker Group

New ISAGCA Report Explores Zero-Trust Outcomes in OT Cybersecurity

Malicious Links, AI-Enabled Tools, and Attacks on SMBs Among Top Cybersecurity Threats in H1 Mimecast Global Threat Intelligence Report

MORE PRODUCTS & RELEASES

EDITORS' CHOICE

Hackers Use Rare Stealth Techniques to Down Asian Military, Gov't Orgs

A threat actor resembling APT41 performed "AppDomainManager Injection," which is like DLL sideloading, but arguably easier and stealthier.

LATEST FROM THE EDGE

White House Pledges $10 Million for Open Source Initiative

The Open-Source Software Prevalence Initiative, announced at DEF CON, will examine how open source software is used in critical infrastructure.

LATEST FROM DR TECHNOLOGY

DARPA Announces AI Cyber Challenge Finalists

Teams designed AI systems to secure open source infrastructure software to be used in industries like financial services, utilities, and healthcare. Each finalist was awarded a $2 million prize.

LATEST FROM DR GLOBAL

Zimbabwe Trains Government Officials in Cybersecurity Skills

African nation's proactive approach to cybersecurity comes amid a rise in painful cyberattacks, including the breach of a major bank.

WEBINARS

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

View More Dark Reading Reports >>