The enterprise resource planning platform bug CVE-2024-38856 has a vulnerability-severity score of 9.8 out of 10 on the CVSS scale and offers a wide avenue into enterprise applications for cyberattackers.
Follow Dark Reading:
 August 06, 2024
LATEST SECURITY NEWS & COMMENTARY
Critical Apache OFBiz Vulnerability Allows Preauth RCE
The enterprise resource planning platform bug CVE-2024-38856 has a vulnerability-severity score of 9.8 out of 10 on the CVSS scale and offers a wide avenue into enterprise applications for cyberattackers.
Sophisticated Android Spyware Targets Users in Russia
Researchers say "LianSpy" malware has been in use in a covert data gathering operation that's gone undetected for at least three years.
20K Ubiquiti IoT Cameras & Routers Are Sitting Ducks for Hackers
In the cloud, patches disseminate automatically. On your computer, you get notified. IoT devices, meanwhile, can escape attention for years on end.
China's Evasive Panda Attacks ISP to Send Malicious Software Updates
The APT used DNS poisoning to install the Macma backdoor on targeted networks and then deliver malware to steal data via post-exploitation activity.
Russia's 'Fighting Ursa' APT Uses Car Ads to Install HeadLace Malware
The scheme, from the group also known as APT28, involves targeting Eastern European diplomats in need of personal transportation and tempting them with a purported good deal on a Audi Q7 Quattro SUV.
FTC Slams TikTok With Lawsuit After Continued COPPA Violations
Though TikTok is expected to adhere to certain COPPA-outlined measures, the social media giant has failed to meet those expectations, the Feds allege.
Protect Data Differently for a Different World
Adopting a military mindset toward cybersecurity means the industry moves beyond the current network protection strategies and toward a data-centric security approach.
How Regional Regulations Shape Global Cybersecurity Culture
Ultimately, a more cyber-secure world requires a global governing body to regulate and campaign for cybersecurity, with consistent regulatory requirements in the various regions around the world.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Attacks on Bytecode Interpreters Conceal Malicious Injection Activity
By injecting malicious bytecode into interpreters for VBScript, Python, and Lua, researchers found they can circumvent malicious code detection.

Disney, Nike, IBM Signatures Anchor 3M Fake Emails a Day
A simple toggle in Proofpoint's email service allowed for brand impersonation at an industrial scale. It prompts the question: Are secure email gateways (SEGs) secure enough?

Implementing Identity Continuity With the NIST Cybersecurity Framework
Having a robust identity continuity plan is not just beneficial but essential for avoiding financially costly and potentially brand-damaging outages.

Is the US Federal Government Increasing Cyber-Risk Through Monoculture?
In a monoculture, cybercriminals need to look for a weakness in only one product, or discover an exploitable vulnerability, to affect a significant portion of services.

MORE
PRODUCTS & RELEASES
AI-Driven Executive Impersonations Emerge As Significant Threat to Business Payment Processes
ESET Reveals Latest Cloud-Native Authentication Solution
Protect AI Acquires SydeLabs to Red Team Large Language Models
MORE PRODUCTS & RELEASES
EDITORS' CHOICE
Fortune 50 Co. Pays Record-Breaking $75M Ransomware Demand
The runaway success of an upstart ransomware outfit called "Dark Angels" may well influence the cyberattack landscape for years to come.
LATEST FROM THE EDGE

Name That Edge Toon: Pointing Fingers
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
LATEST FROM DR TECHNOLOGY

Startup Spotlight: LeakSignal Helps Plug Leaky Data in Organizations
Cybersecurity startup LeakSignal, a finalist in this year's Black Hat USA Startup Spotlight competition, helps organizations see where data is leaking within their environments.
LATEST FROM DR GLOBAL

China's APT41 Targets Taiwan Research Institute for Cyber Espionage
The state-sponsored Chinese threat actor gained access to three systems and stole at least some research data around computing and related technologies.
WEBINARS
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2024  |   Informa Tech  |   Privacy Statement  |   Terms & Conditions  |  Contact Us