Ongoing Rapid Reset DDoS flood attacks exposed organizations need to patch CVE-2023-44487 immediately to head off crippling outages and business disruption.
Follow Dark Reading:
 October 12, 2023
LATEST SECURITY NEWS & COMMENTARY
Internet-Wide Zero-Day Bug Fuels Largest-Ever DDoS Event
Ongoing Rapid Reset DDoS flood attacks exposed organizations need to patch CVE-2023-44487 immediately to head off crippling outages and business disruption.
Microsoft: Chinese APT Behind Atlassian Confluence Attacks; PoCs Appear
Organizations should brace for mass exploitation of CVE-2023-22515, an uber-critical security bug that opens the door to crippling supply chain attacks on downstream victims.
Curl Bug Hype Fizzles After Patching Reveal
Touted for days as potentially catastrophic, the curl flaws only impact a narrow set of deployments.
'Looney Tunables' Linux Flaw Sees Snowballing Proof-of-Concept Exploits
Following the publication of the critical Linux security vulnerability, security specialists released PoC exploits to test the implications of CVE-2023-4911.
Critical Zero-Day Bug in Atlassian Confluence Under Active Exploit
Patch now: The Atlassian security vulnerability appears to be a remotely exploitable privilege-escalation bug that cyberattackers could use to crack collaboration environments wide open.
Too Rich to Ransomware? MGM Brushes Off $100M in Losses
MGM wins big bet that choosing days of operations outages is a better business decision than paying a ransom, following last month's data breach.
Operation Behind Predator Mobile Spyware Is 'Industrial Scale'
The Intellexa alliance has been using a range of tools for intercepting and subverting mobile and Wi-Fi technologies to deploy its surveillance tools, according to an investigation by Amnesty International and others.
Legions of Critical Infrastructure Devices Subject to Cyber Targeting
Nearly 100,000 ICS devices have been found open to the public Internet, potentially threatening physical safety globally. Here's how to quantify the risk.
23andMe Cyberbreach Exposes DNA Data, Potential Family Ties
The information leaked in the breach involves personally identifiable information as well as genetic ancestry data, potential relatives, and geolocations.
Suspected Crime Gang Hacks Israeli President's Telegram Account
The encrypted messaging app was hacked in the wake of an online scam before access was "swiftly restored."
Could Cybersecurity Breaches Become Harmless in the Future?
With these five steps, organizations can develop stronger security practices and make the inevitable breaches inconsequential.
Cybersecurity Talent in America: Bridging the Gap
It's past time to reimagine how to best nurture talent and expand recruiting and training to alleviate the shortage of trained cybersecurity staff. We need a diverse talent pool trained for tomorrow's challenges.
Preparing for the Unexpected: A Proactive Approach to Operational Resilience
Try these steps to create an operational resilience action plan that will satisfy financial regulators and help sustain business without disruption.
Reassessing the Impacts of Risk Management With NIST Framework 2.0
The latest NIST Cybersecurity Framework draft highlights four major themes that organizations should pay attention to for managing risk.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Old-School Attacks Are Still a Danger, Despite Newer Techniques
The cold, hard truth? Cybercriminals are still perpetuating plenty of unsophisticated attacks for a simple reason: They work.

How Keyloggers Have Evolved From the Cold War to Today
Keyloggers have been used for espionage since the days of the typewriter, but today's threats are easier to get and use than ever.

Addressing a Breach Starts With Getting Everyone on the Same Page
The best incident-response plans cover contingencies and are fine-tuned in stress tests to ensure collaboration, remediation, and recovery efforts align.

MORE
EDITORS' CHOICE
Microsoft Patch Tuesday Haunted by Zero-Days, Wormable Bug
October's CVE update is here. Here's which security vulnerabilities to patch now to exorcise your Microsoft systems demons.
LATEST FROM THE EDGE

Name That Edge Toon: Office Artifacts
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.
LATEST FROM DR TECHNOLOGY

How to Scan Your Environment for Vulnerable Versions of Curl
This Tech Tip outlines how enterprise defenders can mitigate the risks of the curl and libcurl vulnerabilities in their environment.
LATEST FROM DR GLOBAL

Hacktivists Enter Fray Following Hamas Strikes Against Israel
Killnet, Anonymous Sudan, along with other groups, pick up up their Middle East activities as war breaks out.
WEBINARS
  • The Enterprise View to Cloud Security

    Today's enterprises may have dozens and dozens of cloud applications and services running in their environment. Enterprises need to coordinate security, manage privileges and access, and handle incident response - the service provider will do only so much. In this ...

  • Fundamentals of a Cyber Risk Assessment

    Executives are increasingly thinking about cyberattacks and security threats in terms of risk to their organization. It can be difficult for organizations to quantitatively measure risk, or to assess how an attack or breach would impact the business. In this ...

View More Dark Reading Webinars >>
WHITE PAPERS
FEATURED REPORTS
View More Dark Reading Reports >>
PRODUCTS & RELEASES
CURRENT ISSUE
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.