Russia's APT29 is going after a critical RCE flaw in the JetBrains TeamCity software developer platform, prompting governments worldwide to issue an urgent warning to patch
| LATEST SECURITY NEWS & COMMENTARY | Global TeamCity Exploitation Opens Door to SolarWinds-Style Nightmare Russia's APT29 is going after a critical RCE flaw in the JetBrains TeamCity software developer platform, prompting governments worldwide to issue an urgent warning to patch. MITRE Debuts ICS Threat Modeling for Embedded Systems EMB3D, like ATT&CK and CWE, seeks to provide a common understanding of cyber-threats to embedded devices and of the security mechanisms for addressing them. Apple: 2.5B Records Exposed, Marking Staggering Surge in Data Breaches Data breaches are rapidly accelerating, according to a number-crunching report from Apple this week — heightening the need to finally implement end-to-end data encryption. Attackers Target Microsoft Accounts to Weaponize OAuth Apps After compromising Azure and Outlook user accounts, threat actors are creating malicious apps with high privileges to conduct cryptomining, phishing, and password spraying. Dozens of Bugs Patched in Apple TVs and Watches, Macs, iPads, iPhones A laundry list of tweaks to Safari, Bluetooth, Accessibility, and much more. Ransomware, Data Breaches Inundate OT & Industrial Sector Because of the criticality of remaining operational, industrial companies and utilities are far more likely to pay, attracting even more threat groups and a focus on OT systems. ALPHV/BlackCat Takedown Appears to Be Law Enforcement Related Threat intel sources confirm the ransomware group's site has been shuttered by law enforcement. Increased Cyber Regulation in the Offing as Attacks Mount Cybersecurity could be heading for a Sarbanes Oxley-type of regulation in light of escalating attacks, but the devil is in the details. Municipalities Face a Constant Battle as Ransomware Snowballs As record-breaking volumes of ransomware hit cities, towns, and counties this year, municipalities remain easy targets that pay, and there's no end of the attacks in sight. Microsoft: Mystery Group Targeting Telcos Linked to Chinese APTs Analysis shows evidence the previously unknown Sandman group shares backdoor malware with various Chinese APT groups. Ex-Uber CISO Advocates 'Personal Incident Response Plan' for Security Execs Why Joe Sullivan feels paying off attackers was a way of solving the problem. Critical WordPress Plug-in RCE Bug Exposes Reams of Websites to Takeover Attackers can inject and execute arbitrary PHP code using a flaw in Backup Migration, which has been downloaded more than 90K times. 4 Metrics That Help CISOs Become Strategic Partners With the Board To demonstrate the CISO role's value, frame your work using metrics that align with the most critical parts of every business: risk, growth, expenses, and people. Data's Perilous Journey & Lessons Not Learned From the Target Breach A decade after Target suffered a major security breach, are we still disregarding the gaping holes in our cyber fortifications? The 3 Most Prevalent Cyber Threats of the Holidays Chaos and volume of holiday season sales make a perfect storm of threat opportunity. Companies need to prepare — and practice! — action plans, identify key stakeholders, and consider cyber insurance. MORE NEWS / MORE COMMENTARY | | | PRODUCTS & RELEASES | Survey: 90% of IT Pros Felt Prepared for a Password-Based Cyberattack, Yet More Than Half Fell Victim to One Fortress Information Security & CodeSecure Team Up to Analyze SBOMs & Remediate Critical Vulnerabilities CISOs See Software Supply Chain Security as Bigger Blind Spot Than GenAI: Cycode Cybersixgill Announces Identity Intelligence Module for Threat Analysis MORE PRODUCTS & RELEASES |
|
Dark Reading Weekly -- Published By Dark Reading Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | We take your privacy very seriously. Please review our Privacy Statement. |
|
|