Patch now: The Atlassian security vulnerability appears to be a remotely exploitable privilege-escalation bug that cyberattackers could use to crack collaboration environments wide open.
Follow Dark Reading:
 October 06, 2023
LATEST SECURITY NEWS & COMMENTARY
Critical Zero-Day Bug in Atlassian Confluence Under Active Exploit
Patch now: The Atlassian security vulnerability appears to be a remotely exploitable privilege-escalation bug that cyberattackers could use to crack collaboration environments wide open.
Legions of Critical Infrastructure Devices Subject to Cyber Targeting
Nearly 100,000 ICS devices have been found open to the public Internet, potentially threatening physical safety globally. Here's how to quantify the risk.
Unkillable? Qakbot Infections Fly On Even After Its High-Profile Raid
A literal seven-nation (cyber) army wasn't enough to hold back the famous initial access broker (IAB) for long — it's been chugging along, spreading ransomware, despite a massive takedown in August.
Stealthy, Thieving Python Packages Slither Onto Windows Systems
A campaign that's been active since April has already racked up nearly 75,000 downloads, stealing data and cryptocurrency in the process.
'Operation Jacana' Reveals DinodasRAT Custom Backdoor
The previously undocumented data exfiltration malware was part of a successful cyber-espionage campaign against the Guyanese government, likely by the Chinese.
Critical 'ShellTorch' Flaws Light Up Open Source AI Users, Like Google
The vulnerabilities exist in the widely used TorchServe framework, used by Amazon, Google, Walmart, and many other heavy hitters.
Group-IB: 'GoldDigger' Banking Trojan Targets Vietnamese Organizations
The malware uses software to evade detection while also making it difficult to analyze.
Could Cybersecurity Breaches Become Harmless in the Future?
With these five steps, organizations can develop stronger security practices and make the inevitable breaches inconsequential.
(Sponsored Article) The Silent Threat of APIs: What the New Data Reveals About Unknown Risk
The rapid growth of APIs creates a widening attack surface and increasing unknown cybersecurity risks.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Turnkey Rootkit for Amateur Hackers Makes Supply Chain Attacks Easy
It's never been easier to hide malware in plain sight in open source software package repositories, and "DiscordRAT 2.0" now makes it easy to take advantage of those who stumble upon it.

How to Measure Patching and Remediation Performance
Tracking metrics like MTTR, MTTD, MTTP, and MTTC can demonstrate the effectiveness of your patch management process and your value to the business.

Breaches Are the Cost of Doing Business, but NIST Is Here to Help
Treating the NIST Cybersecurity Framework as a business requirement is a strong step toward preventing breaches.

MORE
EDITORS' CHOICE
'Looney Tunables' Bug Opens Millions of Linux Systems to Root Takeover
The flaw poses a significant risk of unauthorized data access, system alterations, potential data theft, and complete takeover of vulnerable systems, especially in the IoT and embedded computing space.
LATEST FROM THE EDGE

Name That Edge Toon: Office Artifacts
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.
LATEST FROM DR TECHNOLOGY

Quash EDR/XDR Exploits With These Countermeasures
With tools and hacker groups constantly evading defenses, expanding cybersecurity beyond endpoint security becomes crucial.
LATEST FROM DR GLOBAL

Madagascar Drops Predator Spyware on Citizens in Watering Hole Attack
The Predator spyware was distributed by dropping malicious links inside typosquatted facsimiles of news websites.
WEBINARS
  • The Enterprise View to Cloud Security

    Today's enterprises may have dozens and dozens of cloud applications and services running in their environment. Enterprises need to coordinate security, manage privileges and access, and handle incident response - the service provider will do only so much. In this ...

  • Using AI in Application Security Tooling

    As AI continues to improve, security vendors are considering how they can use AI to protect applications. In web application and API security tooling used to protect production environments, AI/ML can be used to enhance and complement existing tactics ...
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
PRODUCTS & RELEASES
Nokia Selected by Brazil's K2 Telecom As Partner to Strengthen its Security and Create Revenue Streams
Trend Micro Drives Latest Phase of Channel Prosperity and Engagement
New Malwarebytes Survey: Consumers Lack Trust in New Tech
ForAllSecure Announces First Dynamic Software Bill of Materials for Application Security
MORE PRODUCTS & RELEASES
CURRENT ISSUE

Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2023  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us