To boot, the technology could be riddled with other flaws via its Apache services components, a security vendor says.
Follow Dark Reading:
 September 14, 2023
LATEST SECURITY NEWS & COMMENTARY
Microsoft Azure HDInsight Plagued With XSS Vulnerabilities
To boot, the technology could be riddled with other flaws via its Apache services components, a security vendor says.
'Scattered Spider' Behind MGM Cyberattack, Targets Casinos
The ransomware group is a collection of young adults, and also recently breached Caesars Entertainment and made a ransom score in the tens of millions range.
When LockBit Ransomware Fails, Attackers Deploy Brand-New '3AM'
Nothing good happens after 2 a.m., they say, especially when hackers have two kinds of ransomware at their disposal.
A 2-Week Prescription for Eliminating Supply Chain Threats
Giving users time to detect and then update hijacked packages can help developers avoid using malicious code in software development.
Federal Mandates on Medical-Device Cybersecurity Get Serious
In October, the US Food and Drug Administration will start rejecting medical devices that lack a secure design or a post-market cybersecurity plan.
Cybersecurity Skills Gap: Roadies & Gamers Are Untapped Talent
Gamers and former sound engineers and roadies can help boost the cybersecurity talent pool. Their flexible mindset and attention to detail make them valuable resources.
Kubernetes Admins Warned to Patch Clusters Against New RCE Vulns
All Windows endpoints within a vulnerable Kubernetes cluster are open to command injection attacks, new research finds.
Recent Rhysida Attacks Show Focus on Healthcare by Ransomware Actors
The operators of the Rhysida ransomware-as-a-service have claimed credit for a crippling attack on Mississippi's Singing River health system.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Microsoft Patches a Pair of Actively Exploited Zero-Days
Five critical bugs, zero-days exploited in the wild, Exchange Server, and more headline Microsoft's September 2023 Patch Tuesday release. Here's what to patch now.

Attackers Abuse Google Looker Studio to Evade DMARC, Email Security
Cyberattackers are tapping the legitimacy of the Web-based data-visualization tool in a campaign aimed at stealing credentials and defrauding hundreds of business users.

Overcoming the Rising Threat of Session Hijacking
Passkeys and multifactor authentication aren't enough for combating infostealer malware, which can exfiltrate corporate data before anyone knows an attack happened.

MORE
EDITORS' CHOICE
MGM Resorts Cyberattack Hobbles Las Vegas Strip Operations
Hospitality behemoth struggles to recover following a Sunday cyber incident that looks a lot like a ransomware attack.
LATEST FROM THE EDGE

Rail Cybersecurity Is a Complex Environment
CISOs in the rail industry must protect an older, more complex infrastructure than most industries. Here are some of the unique, high-stakes challenges.
LATEST FROM DR TECHNOLOGY

Microsoft, Google Take on Obsolete TLS Protocols
Google shortened the lifetime of Transport Layer Security (TLS) certificates, and Microsoft plans to downgrade support for older versions, giving companies more data security but also removing visibility into their own traffic.
LATEST FROM DR GLOBAL

Iran's Charming Kitten Pounces on Israeli Exchange Servers
Archrivals face off in the cyber plane, as opportunistic hackers prey on the unpatched and generally negligent.
WEBINARS
  • Cyber Risk Assessment Secrets From the Pros

    Executives want to know whether they should worry about an attack that hit another organization. They worry how safe they are from a breach. But it can be difficult for security teams to quantitatively measure risk, or even say with ...

  • Managing Security In a Hybrid Cloud Environment

    Many enterprises have embraced hybrid- and multi-clouds. They spread their workloads across private data centers and public cloud, or across multiple cloud providers. How do you manage security when the tools are all different? How do you enforce security controls ...
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
  • What Ransomware Groups Look for in Enterprise Victims

    Ransomware attackers cast a wide net -- they just care about causing damage, making money, and gaining new victims. That means no organization is automatically immune to attack just because of its size or industry. Organizations need to take steps ...

  • How to Use Threat Intelligence to Mitigate Third-Party Risk

    The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ...

  • How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment

    Concerns over API security and low-code/no-code use added to an already-full plate of application security challenges for many organizations over the last year. IT and security decision-makers are deeply concerned about compromises resulting from vulnerabilities in the software supply ...
View More Dark Reading Reports >>
PRODUCTS & RELEASES
Claroty Unveils Vulnerability & Risk Management Capabilities to Elevate Risk Reduction for Cyber-Physical Systems
NordVPN Launches Sonar to Prevent Phishing Attacks
World Security Report Finds Physical Security Incidents Cost Companies USD $1T in 2022
Google and Acalvio Partner to Deliver Active Defense to Protect Customers From Advanced Threats
MORE PRODUCTS & RELEASES
CURRENT ISSUE

How Supply Chain Attacks Work, and How to Stop Them
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2023  |   Informa Tech  |   Privacy Statement   |   Terms & Conditions  |  Contact Us