Dark Reading Daily -- November 06, 2023

Follow Dark Reading:

November 06, 2023

LATEST SECURITY NEWS & COMMENTARY

Critical Atlassian Bug Exploit Now Available; Immediate Patching Needed

In-the-wild exploit activity from dozens of cyberattacker networks is ramping up for the security vulnerability in Confluence, tracked as CVE-2023-22518.

Okta Customer Support Breach Exposed Data on 134 Companies

1Password, BeyondTrust, and Cloudflare were among five customers directly targeted with stolen Okta session tokens, the company's CSO says.

Ace Hardware Still Reeling From Weeklong Cyberattack

Cyberattackers downed a quarter of the hardware giant's entire IT apparatus. Now, before the company can recover, they're going after individual branches.

'KandyKorn' macOS Malware Lures Crypto Engineers

Posing as fellow engineers, the North Korean state-sponsored cybercrime group Lazarus tricked crypto-exchange developers into downloading the hard-to-detect malware.

Somebody Just Killed the Mozi Botnet

The once great botnet was nearly entirely eliminated in August. Why, who did it, and what comes next remain unclear.

Ransomware Readiness Assessments: One Size Doesn't Fit All

Tailored ransomware readiness assessments help organizations develop comprehensive response plans that minimize damage and restore operations quickly.

MORE NEWS / MORE COMMENTARY


HOT TOPICS
Okta Data Compromised Through Third-Party Vendor After 1Password, MGM, and Caesars, yet more cybersecurity woes mount for the identity and access management company. Threat Prevention Begins With IT & Security Team Collaboration As cyber threats evolve, so does the shared responsibility mindset that calls for IT and security to work in tandem. 'Scarred Manticore' Unleashes the Most Advanced Iranian Cyber Espionage Yet The government-backed APT's new malware framework represents a step up in Iran's cyber sophistication. Middle East Advances in Generative AI Hold Promise Gulf countries are heavily invested in GenAI, but security is still a concern. MORE

EDITORS' CHOICE

Attackers Target Max-Severity Apache ActiveMQ Bug to Drop Ransomware

More than 3,000 systems are exposed and vulnerable to attack on the Internet.

LATEST FROM THE EDGE

To Improve Cyber Defenses, Practice for Disaster

Trained teams can implement and test security measures and protocols to prevent and mitigate cyber breaches.

LATEST FROM DR TECHNOLOGY

New Index Finds AI Models Are Murky, Not Transparent At All

Despite the growing demand for AI transparency, 10 of the better-known models did not score very highly on Stanford's new Foundation Model Transparency Index.

LATEST FROM DR GLOBAL

Spyware Designed for Telegram Mods Also Targets WhatsApp Add-Ons

Researchers discovered spyware designed to steal from Android devices and from Telegram mods can also reach WhatsApp users.

WEBINARS

Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing
Many of today's most damaging cyberattacks begin with a phishing lure delivered over corporate email. The attacks against Microsoft Exchange illustrated the extent of damage attackers can inflict by targeting enterprise email servers. Many enterprises still don't have a unified ...
Building an Effective Active Directory Security Strategy
For many organizations, Microsoft's Active Directory is the source of truth for user identity and system access. For criminals, Active Directory is a gold mine of information for moving laterally through the corporate infrastructure. Despite its importance, many security teams ...

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

What Ransomware Groups Look for in Enterprise Victims
Ransomware attackers cast a wide net -- they just care about causing damage, making money, and gaining new victims. That means no organization is automatically immune to attack just because of its size or industry. Organizations need to take steps ...
Everything You Need to Know About DNS Attacks
How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment
Concerns over API security and low-code/no-code use added to an already-full plate of application security challenges for many organizations over the last year. IT and security decision-makers are deeply concerned about compromises resulting from vulnerabilities in the software supply ...

View More Dark Reading Reports >>

PRODUCTS & RELEASES

SonicWall Data Confirms That Ransomware Is Still the Enterprise's Biggest Fear

ReasonLabs Unveils RAV VPN for Apple iOS

Proofpoint Signs Definitive Agreement to Acquire Tessian

Graylog Secures $39 Million Investment to Accelerate Growth and Security Product Line Expansion

MORE PRODUCTS & RELEASES

CURRENT ISSUE

Tips for a Streamlined Transition to Zero Trust
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES

Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA

To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.

Thoughts about this newsletter? Give us feedback.

Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:

If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.

We take your privacy very seriously. Please review our Privacy Statement.

Tips for a Streamlined Transition to Zero Trust