Dark Reading Daily -- December 20, 2024

Fortinet has patched CVE-2023-34990 in its Wireless LAN Manager (FortiWLM), which combined with CVE-2023-48782 could allow for unauthenticated remote code execution (RCE) and the ability to read all log files.

LATEST SECURITY NEWS & COMMENTARY

Fortinet Addresses Unpatched Critical RCE Vector

OT/ICS Engineering Workstations Face Barrage of Fresh Malware

Cyberattacks against OT/ICS engineering workstations are widely underestimated, according to researchers who discovered malware designed to shut down Siemens workstation engineering processes.

Orgs Scramble to Fix Actively Exploited Bug in Apache Struts 2

A newly discovered vulnerability, CVE-2024-53677, in the aging Apache framework is going to cause major headaches for IT teams, since patching isn't enough to fix it.

Malvertisers Fool Google With AI-Generated Decoy Content

Seemingly innocent "white pages," including an elaborate Star Wars-themed site, are bypassing Google's malvertising filters, showing up high in search results to lure users to second-stage phishing sites.

Supply Chain Risk Mitigation Must Be a Priority in 2025

A balance of rigorous supplier validation, purposeful data exposure, and meticulous preparation is key to managing and mitigating risk.

MORE NEWS / MORE COMMENTARY


HOT TOPICS
Interpol: Can We Drop the Term 'Pig Butchering'? The agency asks the cybersecurity community to adopt "romance baiting" in place of dehumanizing language. To Defeat Cybercriminals, Understand How They Think Getting inside the mind of a threat actor can help security pros understand how they operate and what they're looking for — in essence, what makes a soft target. The Importance of Empowering CFOs Against Cyber Threats Working closely with CISOs, chief financial officers can become key players in protecting their organizations' critical assets and ensuring long-term financial stability. Phishers Spoof Google Calendar Invites in Fast-Spreading, Global Campaign Attackers are using links to the popular Google scheduling app to lead users to pages that steal credentials, with the ultimate goal of committing financial fraud. MORE

PRODUCTS & RELEASES

Wallarm Releases API Honeypot Report Highlighting API Attack Trends

Delinea Joins CVE Numbering Authority Program

CompTIA Xpert Series Expands With SecurityX Professional Certification

CISA Directs Federal Agencies to Secure Cloud Environments

MORE PRODUCTS & RELEASES

EDITORS' CHOICE

Manufacturers Lose Azure Creds to HubSpot Phishing Attack

Cyberattackers used fake DocuSign links and HubSpot forms to try to solicit Azure cloud logins from hundreds of thousands of employees across Europe.

LASTEST FROM THE EDGE

Test Your Cyber Skills With the SANS Holiday Hack Challenge

Open to players of all skill levels, the "Snow-mageddon" cybersecurity competition takes place in the world of Santa, elves, and Christmas mayhem.

LASTEST FROM DR TECHNOLOGY

Vendors Chase Potential of Non-Human Identity Management

Non-human identities authenticate machine-to-machine communication. The big challenge now is to secure their elements and processes — before attackers can intercept.

LASTEST FROM DR GLOBAL

India Sees Surge in API Attacks, Especially in Banking, Utilities

The number of DDoS-related incidents targeting APIs have jumped by 30x compared with traditional Web assets, suggesting that attackers see the growing API landscape as the more attractive target.

WEBINARS

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

View More Dark Reading Reports >>