Cyberattackers are targeting Apache webservers and websites using the popular Laravel Web application framework in order to steal credentials for the apps
Follow Dark Reading:
 January 18, 2024
LATEST SECURITY NEWS & COMMENTARY
CISA: AWS, Microsoft 365 Accounts Under Active 'Androxgh0st' Attack
Cyberattackers are targeting Apache webservers and websites using the popular Laravel Web application framework in order to steal credentials for the apps.
Patch ASAP: Max-Critical Atlassian Bug Allows Unauthenticated RCE
Rated at a CVSS score of 10, the bug is as bad as it gets, allowing remote cyberattackers unfettered access to corporate environments.
Ivanti Zero-Day Exploits Skyrocket Worldwide; No Patches Yet
Anyone who hasn't mitigated two zero-day security bugs in Ivanti VPNs may already be compromised by a Chinese nation-state actor.
Ivanti Researchers Report Two Critical Zero-Day Vulnerabilities
Patches will be available in late January and February, but until then, customers must take mitigation measures.
SEC X Account Hack Draws Senate Outrage
Senators from both parties called the Securities and Exchange Commission's lack of MFA "inexcusable" and demand investigation into the regulator's cybersecurity lapse.
Volt Typhoon Ramps Up Malicious Activity Against Critical Infrastructure
The Chinese state-sponsored APT has compromised as many as 30% of Cisco legacy routers on a SOHO botnet that multiple threat groups use.
CISA Adds 9.8 'Critical' Microsoft SharePoint Bug to its KEV Catalog
It's a tale as old as time: an old, long-since patched vulnerability that remains actively exploited.
War or Cost of Doing Business? Cyber Insurers Hashing Out Exclusions
Following a settlement over Merck's $700 million claims over NotPetya damages, questions remain about what constitutes an act of war for cyber-insurance policies.
Africa, Middle East Lead Peers in Cybersecurity, but Lag Globally
Both regions score above average compared to similar sized economies, but investing in updated technologies and patching processes would help cyber resilience globally.
Name That Toon: Cast Adrift
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
Your Cybersecurity Budget Is a Horse's Rear End
Are historical budget constraints limiting your cybersecurity program? Don't let old saws hold you back. It's time to revisit your budget with revolutionary future needs front of mind.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Anti-Ransomware Coalition Bound to Fail Without Key Adjustments
International pledge to reject ransomware demands misses the most important way to combat cybercrime: prevention.

Strength in Numbers: The Case for Whole-of-State Cybersecurity
WoS cybersecurity creates a united front for governments to defend against threat actors, harden security postures, and protect constituents who depend on services.

Hospitals Must Treat Patient Data and Health With Equal Care
All companies are under the data privacy compliance gun — but healthcare companies have a target on their backs.

MORE
PRODUCTS & RELEASES
EDITORS' CHOICE
Google Chrome Zero-Day Bug Under Attack, Allows Code Injection
The first Chrome zero-day bug of 2024 adds to a growing list of actively exploited vulnerabilities found in Chromium and other browser technologies.
LATEST FROM THE EDGE

Lock Down the Software Supply Chain With 'Secure by Design'
As zero days and complex networks create gaps for cyberattacks, software developers and agencies such as CISA look to secure by design for building in defenses.
Zero Trust, AI, Capital Markets Drive Consolidation in Cloud Security
Companies that quickly shifted to cloud-native operations are looking for greater visibility and protection — and AI benefits — while an uncertain economic future has venture capitalists looking toward safety.
LATEST FROM DR GLOBAL

Hyundai MEA X Account Hacked, Followed by Crypto Promotion
Attackers hit more X accounts to promote Overworld Bitcoin registration.
WEBINARS
WHITE PAPERS
FEATURED REPORTS
View More Dark Reading Reports >>
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.