Microsoft, three others release patches to fix a vulnerability in their respective products that enables such manipulation. Other EDR products potentially are affected as well.
Follow Dark Reading:
 December 08, 2022
LATEST SECURITY NEWS & COMMENTARY
For Cyberattackers, Popular EDR Tools Can Turn into Destructive Data Wipers
Microsoft, three others release patches to fix a vulnerability in their respective products that enables such manipulation. Other EDR products potentially are affected as well.
Hacker Fails for the Win
Security researchers share their biggest initial screwups in some of their key vulnerability discoveries.
Infostealer Malware Market Booms, as MFA Fatigue Sets In
The successful combo of stolen credentials and social engineering to breach networks is increasing demand for infostealers on the Dark Web.
Machine Learning Models: A Dangerous New Attack Vector
Threat actors can weaponize code within AI technology to gain initial network access, move laterally, deploy malware, steal data, or even poison an organization's supply chain.
Shift to Memory-Safe Languages Gains Momentum
Software firms and the National Security Agency urge developers to move to memory-safe programming languages to eliminate a major source of high-severity flaws.
Zerobot Weaponizes Numerous Flaws in Slew of IoT Devices
The botnet exploits flaws in various routers, firewalls, network-attached storage, webcams, and other products and allows attackers to take over affected systems.
Artifact Poisoning in GitHub Actions Imports Malware via Software Pipelines
A vulnerability discovered in GitHub Actions could allow an attacker to poison a developer's pipeline, highlighting the risk that insecure software pipelines pose.
Where Advanced Cyberattackers Are Heading Next: Disruptive Hits, New Tech
Following a year of increasingly disruptive attacks, advanced persistent threat groups will likely only become emboldened in 2023, security experts say.
Android Serves Up a Slew of Security Updates, 4 Critical
Out of more than 80 flaws fixed this month, the most critical was a system component bug that could allow RCE over Bluetooth.
Hive Social Buzzing With Security Flaws, Analysts Warn
Twitter alternative Hive Social took down its servers after researchers discovered several critical vulnerabilities.
The Privacy War Is Coming
Privacy standards are only going to increase. It's time for organizations to get ahead of the coming reckoning.
Data Security Concerns Are Driving Changes in US Consumer Behavior and Demands
As consumers catch on to the dangers, protection could become a major topic for legislative bodies.
Will New CISA Guidelines Help Bolster Cyber Defenses?
Learn how BOD 23-01 asset inventory mandates can help all organizations tighten cybersecurity.
A Risky Business: Choosing the Right Methodology
Rather than regarding risk assessment as a negative exercise, consider it one that benefits your organization's aims, and then translate the risk level to its impact on operations, reputation, or finances.
Applying the OODA Loop to Cybersecurity and Secure Access Service Edge
Organizations can best defend themselves on the cyber battlefield by adopting a military-style defense.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Time to Get Kids Hacking: Our 2022 Holiday Gift Guide
Check out our slideshow of 10 fun games and toys that teach programming principles, electronics, and engineering concepts to get kids ready to hack the planet.

3 xIoT Attacks Companies Aren't Prepared For
A world of increasingly connected devices has created a vast attack surface for sophisticated adversaries.

What Will It Take to Secure Critical Infrastructure?
There's no quick fix after decades of underinvestment, but the process has started. Cybersecurity grants, mandatory reporting protocols, and beefed-up authentication requirements are being put in place.

MORE
EDITORS' CHOICE
Rackspace Incident Highlights How Disruptive Attacks on Cloud Providers Can Be
A ransomware attack on the company's Hosted Exchange environment disrupted email for thousands of mostly small and midsize businesses.
LATEST FROM THE EDGE

Name That Edge Toon: Not Your Average Bear
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.
LATEST FROM DR TECHNOLOGY

Key Security Announcements From AWS re:Invent 2022
At AWS re:Invent last week, the cloud giant previewed security services including Amazon Security Lake for security telemetry, Verified Permissions for developers, and a VPN bypass service.
WEBINARS
  • Cloud Security Essentials

    The pandemic accelerated cloud technology adoption to better support and streamline remote workers, but going to the cloud is not just a set-it-and-forget-it strategy for security. The potential attack surface actually expands with the cloud, and without the proper controls ...

  • Seeing Your Attack Surface Through the Eyes of an Adversary

    The best way to manage exposure, reduce risk, and improve your security posture is to understand your attack surface through the eyes of an attacker. Cortex Xpanse provides automated Attack Surface Management with an agentless implementation. Xpanse scans the entirety ...
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
PRODUCTS & RELEASES
Piiano Equips Developers to Stop Sensitive Data Breaches
Cybersecurity Resilience Emerges as Top Priority as 62% of Companies Say Security Incidents Impacted Business Operations
Cambridge Centre for Risk Studies and Kivu Release Benchmark of Cost-Effective Responses to Cybercrime
Intellicene Brand Launches After Completion of Acquisition by Volaris Group
AlgoSec Acquires Prevasio To Disrupt Agentless Cloud Security Market
Palo Alto Networks Announces Medical IoT Security to Protect Connected Devices Critical to Patient Care
CyberRatings.org Announces Results from First-of-its-Kind Comparative Test on Cloud Network Firewall
OpenSSF Membership Exceeds 100, With Many New Members Dedicated to Securing Open Source Software
MORE PRODUCTS & RELEASES
CURRENT ISSUE

Developing and Testing an Effective Breach Response Plan
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2022   |   Informa Tech  |   Privacy Statement   |   Terms & Conditions  |  Contact Us