The vulnerability, disclosed In October, gives an unauthenticated attacker a way to take control of an affected product.
Follow Dark Reading:
 December 01, 2022
LATEST SECURITY NEWS & COMMENTARY
Cyberattackers Selling Access to Networks Compromised via Recent Fortinet Flaw
The vulnerability, disclosed In October, gives an unauthenticated attacker a way to take control of an affected product.
Killnet Gloats About DDoS Attacks Downing Starlink, White House
Elon Musk-owned Starlink, WhiteHouse.gov, and the Prince of Wales were targeted by Killnet in apparent retaliation for its support of Ukraine.
New Exploit Broker on the Scene Pays Premium for Signal App Zero-Days
Signal messaging app zero-day vulnerabilities have sparked a $1.5M bidding match, as gray-market exploit brokers flourish in today's geopolitical climate.
Cyber-Threat Group Targets Critical RCE Vulnerability in 'Bleed You' Campaign
More than 1,000 systems are exposed to a campaign hunting weak Windows servers and more.
For Gaming Companies, Cybersecurity Has Become a Major Value Proposition
New users and monetization methods are increasingly profitable for gaming industry, but many companies find they have to stem growth in cheats, hacks, and other fraud to keep customers loyal.
Acer Firmware Flaw Lets Attackers Bypass Key Security Feature
The manufacturer is working to fix a vulnerability — similar to a previous problem in Lenovo laptops — that allows threat actors to modify or disable Secure Boot settings to load malware.
Cybersecurity Consolidation Continues, Even as Valuations Stall
Financing and acquisitions are trending toward smaller deals, which means fewer high-valuation purchases and funding, but likely fewer post-merger layoffs as well.
Black Basta Gang Deploys Qakbot Malware in Aggressive Cyber Campaign
The ransomware group is using Qakbot to make the initial point of entry before moving laterally within an organization’s network.
Critical Quarkus Flaw Threatens Cloud Developers With Easy RCE
Red Hat has issued patches for a bug in an open source Java virtual machine software that opens the door to drive-by localhost attacks. Patch now, as it's easy for cyberattackers to exploit.
Microsoft: Popular IoT SDKs Leave Critical Infrastructure Wide Open to Cyberattack
Chinese threat actors have already used the vulnerable and pervasive Boa server to infiltrate the electrical grid in India, in spate of malicious incidents.
Bring Your Own Key — A Placebo?
BYOK was envisioned to reduce the risk of using a cloud service provider processing sensitive data, yet there are several deficiencies.
CISA's Strategic Plan Is Ushering in a New Cybersecurity Era
Today's cyber environment requires less emphasis on detection and perimeter defenses and more focus on bolstering security with resilience.
The Evolution of Business Email Compromise
The simplicity and profitability of these attacks continue to appeal to threat actors a decade later.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Name That Toon: Fall Cleanup
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Where Are We Heading With Data Privacy Regulations?
New laws have made the current US privacy landscape increasingly complex.

How Banks Can Upgrade Security Without Affecting Client Service
New protective measures work behind the scenes, with little impact on the customer experience.

MORE
EDITORS' CHOICE
Time to Get Kids Hacking: Our 2022 Holiday Gift Guide
Check out our slideshow of 10 fun games and toys that teach programming principles, electronics, and engineering concepts to get kids ready to hack the planet.
LATEST FROM THE EDGE

Why Africa's Telecoms Must Actively Collaborate to Combat Fraud
Unique conditions contribute to outsized telecom fraud across the continent, but working together can bring solutions.
LATEST FROM DR TECHNOLOGY

How Development Teams Should Respond to Text4Shell
Yet another *4Shell exploit highlights the horror of strange visitors into enterprise environments. This Tech Tip focuses on what to do next.
WEBINARS
  • Security Considerations for Working with Cloud Services Providers

    With so many workloads in the could these days, enterprises are working with one or more of the major cloud services providers. How you can be ensured that these providers are handling data securely? What is the plan if there ...

  • Cloud Security Essentials

    The pandemic accelerated cloud technology adoption to better support and streamline remote workers, but going to the cloud is not just a set-it-and-forget-it strategy for security. The potential attack surface actually expands with the cloud, and without the proper controls ...
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
PRODUCTS & RELEASES
CyberRatings.org Revives NSS Labs Research
Delinea Introduces Granular Privileged Access Controls on Servers
Identity Digital Releases Its First DNS Anti-Abuse Report
Nok Nok and UberEther Partner to Deliver Phishing-Resistant MFA FedRAMP-Certified IAM Solutions
Cybersecurity and ESG Among Top Areas of Concern for Audit Leaders in 2023
9 Out of 10 Security Leaders State That Control Failures Are the Primary Reason For Data Breaches
NanoLock Brings Built-In Meter-Level Cybersecurity to Renesas Customers
CDNetworks Releases State of Web Security H1 2022: Attacks Against API Services Surged 168.8%
KnowBe4 Launches New Mobile Learner App for Cybersecurity Learning
MORE PRODUCTS & RELEASES
CURRENT ISSUE

Creating an Effective Incident Response Plan
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2022  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us