The flaw poses a significant risk of unauthorized data access, system alterations, potential data theft, and complete takeover of vulnerable systems, especially in the IoT and embedded computing space.
Follow Dark Reading:
 October 05, 2023
LATEST SECURITY NEWS & COMMENTARY
'Looney Tunables' Bug Opens Millions of Linux Systems to Root Takeover
The flaw poses a significant risk of unauthorized data access, system alterations, potential data theft, and complete takeover of vulnerable systems, especially in the IoT and embedded computing space.
Patch Confusion for Critical Exim Bug Puts Email Servers at Risk — Again
Defenders have been left scrambling after the way patches were released for six flaws in the open source mail server, which is the most popular mail transfer agent on the Internet.
Bing Chat LLM Tricked into Circumventing CAPTCHA Filter
By reframing the narrative of the filter, the large-language model chatbot was more willing to solve the visual puzzle and override its programming.
Turnkey Rootkit for Amateur Hackers Makes Supply Chain Attacks Easy
It's never been easier to hide malware in plain sight in open source software package repositories, and "DiscordRAT 2.0" now makes it easy to take advantage of those who stumble upon it.
AWS Plans Multifactor Authentication Mandates for 2024
Amazon will add new MFA requirements for users with the highest privileges, with plans to include other user levels over time.
Breaches Are the Cost of Doing Business, but NIST Is Here to Help
Treating the NIST Cybersecurity Framework as a business requirement is a strong step toward preventing breaches.
How to Measure Patching and Remediation Performance
Tracking metrics like MTTR, MTTD, MTTP, and MTTC can demonstrate the effectiveness of your patch management process and your value to the business.
(Sponsored Article) AI in Software Development: The Good, the Bad, and the Dangerous
Just like with using open source, organizations need to be diligent about testing AI components and understanding where and how it is used in their software.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Attacks on Maximum Severity WS_FTP Bug Have Been Limited — So Far
While CVE-2023-40044 is critical, threat watchers hope it won't be another MOVEit for customers of Progress Software's file transfer technology.

Ransomware Crisis, Recession Fears Leave CISOs in Tough Spot
Combining robust decryption and orchestration of encrypted traffic with threat prevention is crucial to staying ahead of attackers.

USPS Anchors Snowballing Smishing Campaigns
Researchers found 164 domains connected to a single threat actor located in Tehran.

Threat Data Feeds and Threat Intelligence Are Not the Same Thing
It's important to know the difference between the two terms. Here's why.

MORE
EDITORS' CHOICE
Fast-Growing Dropbox Campaign Steals Microsoft SharePoint Credentials
Thousands of messages are being sent weekly in a campaign that uses links hosted on legitimate websites to evade natural language processing and URL-scanning email protections.
LATEST FROM THE EDGE

Insurance Companies Have a Lot to Lose in Cyberattacks
Not only do insurance companies collate sensitive information from their clients, but they also generate their own corporate data to protect.
LATEST FROM DR TECHNOLOGY

7 Ways SMBs Can Secure Their WordPress Sites
This Tech Tip outlines seven easy fixes that small and midsize businesses can use to prevent the seven most common WordPress vulnerabilities.
LATEST FROM DR GLOBAL

On the Dark Web, Prices Are Down for Middle Eastern Network Access
A mere $35 can buy you stealth access to corporate networks across the region, according to new research.
WEBINARS
  • The Enterprise View to Cloud Security

    Today's enterprises may have dozens and dozens of cloud applications and services running in their environment. Enterprises need to coordinate security, manage privileges and access, and handle incident response - the service provider will do only so much. In this ...

  • Tips for A Streamlined Transition to Zero Trust

    From identifying the potential attack surface to determining policy, there is a clear path to zero trust and best practices to make the transition as smooth as possible - both for your organization and your customers. Zero trust is more ...
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
PRODUCTS & RELEASES
ForAllSecure Announces First Dynamic Software Bill of Materials for Application Security
Mitiga Secures Strategic Investment From Cisco
Okta Launches Cybersecurity Workforce Development Initiative to Help Close the Tech and Cybersecurity Skills Gap
37% Intimidated, 39% Frustrated With Online Security Highlighting Digital Anxiety
BeyondID Introduces Identity-First Model for Zero-Trust Maturity
MORE PRODUCTS & RELEASES
CURRENT ISSUE

How to Deploy Zero Trust for Remote Workforce Security
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2023  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us