Dark Reading Daily -- April 05, 2024

So far this year, Ivanti has disclosed a total of 11 flaws — many of them critical — in its remote access products.

LATEST SECURITY NEWS & COMMENTARY

Ivanti Pledges Security Overhaul the Day After 4 More Vulns Disclosed

So far this year, Ivanti has disclosed a total of 11 flaws — many of them critical — in its remote access products.

Critical Security Flaw Exposes 1 Million WordPress Sites to SQL Injection

A researcher received a $5,500 bug bounty for discovering a vulnerability (CVE-2024-2879) in LayerSlider, a plug-in with more than a million active installations.

Malicious Latrodectus Downloader Picks Up Where QBot Left Off

Initial access brokers are using the new downloader malware, which emerged just after QBot's 2023 disruption.

SEXi Ransomware Desires VMware Hypervisors in Ongoing Campaign

A Babuk variant has been involved in at least four attacks on VMware EXSi servers in the last six weeks, in one case demanding $140 million from a Chilean data center company.

How CISOs Can Make Cybersecurity a Long-Term Priority for Boards

Cybersecurity is far more than a check-the-box exercise. To create companywide buy-in, CISOs need to secure board support, up their communication game, and offer awareness-training programs to fight social engineering and help employees apply what they've learned.

Cyberattack Shutters Some Operations at Japanese Lens Manufacturer

Tokyo-based eyeglass and medical lens-maker Hoya said the attack has halted production processes in some locations as well as an ordering system for some of its products.

MORE NEWS / MORE COMMENTARY


HOT TOPICS
How Soccer's 2022 World Cup in Qatar Was Nearly Hacked A China-linked threat actor had access to a router configuration database that could have completely disrupted coverage, a security vendor says. The Biggest Mistake Security Teams Make When Buying Tools Security teams often confuse tool purchasing with program management. They should focus on what a security program means to them, and what they are trying to accomplish. LockBit Ransomware Takedown Strikes Deep Into Brand's Viability Nearly three months after Operation Cronos, it's clear the gang is not bouncing back from the innovative law-enforcement action. RaaS operators are on notice, and businesses should pay attention. Why Cybersecurity Is a Whole-of-Society Issue Working together and integrating cybersecurity as part of our corporate and individual thinking can make life harder for hackers and safer for ourselves. MORE

PRODUCTS & RELEASES

Action1 Unveils 'School Defense' Program To Help Small Educational Institutions Thwart Cyberattacks

More Than Half of Organizations Plan to Adopt AI Solutions in Coming Year, Reports Cloud Security Alliance and Google Cloud

CyberRatings.org Announces Test Results for Cloud Network Firewall

TruCentive Enhances Privacy With HIPAA Compliant Personal Information De-identification

MORE PRODUCTS & RELEASES

EDITORS' CHOICE

Feds to Microsoft: Clean Up Your Cloud Security Act Now

A federal review board demanded that the tech giant prioritize its "inadequate" security posture, putting the blame solely on the company for last year's Microsoft 365 breach that allowed China's Storm-0558 to hack the email accounts of key government officials.

LATEST FROM THE EDGE

AI's Dual Role in SMB Brand Spoofing

Cybercriminals are using AI to impersonate small businesses. Security architects are using it to help small businesses fight back.

LATEST FROM DR TECHNOLOGY

How to Tame SQL Injection

As part of its Secure by Design initiative, CISA urged companies to redouble efforts to quash SQL injection vulnerabilities. Here's how.

LATEST FROM DR GLOBAL

Thousands of Australian Businesses Targeted With 'Reliable' Agent Tesla RAT

Latest campaign underscores wide-ranging functionality and staying power of a decade-old piece of information-stealing malware.

WEBINARS

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

View More Dark Reading Reports >>