Attackers can chain the vulnerabilities to gain full remote code execution.
| | | LATEST SECURITY NEWS & COMMENTARY | | Microsoft Outlook Zero-Click Security Flaws Triggered by Sound File Attackers can chain the vulnerabilities to gain full remote code execution. Novel SMTP Smuggling Technique Slips Past DMARC, Email Protections Attackers can spoof millions of email addresses to create targeted phishing attacks using flaws in Microsoft, GTX, and Cisco Secure Email Gateway servers. Defiant BlackCat Gang Stands Up New Site, Calls for Revenge Attacks Ransomware group tries to claw back operations following FBI disruption, and lifts a previous ban on attacks against critical infrastructure in retaliation. Patch Now: Exploit Activity Mounts for Dangerous Apache Struts 2 Bug CVE-2023-50164 is harder to exploit than the 2017 Struts bug behind the massive breach at Equifax, but don't underestimate the potential for attackers to use it in targeted attacks. Pro-Israeli Hacktivists Attack Iranian Gas Stations Iranian officials blame a software issue for the "disruption" to gasoline pumps. Volt Typhoon-Linked SOHO Botnet Infects Multiple US Gov't Entities Chinese threat actors are taking advantage of the poor state of edge security to breach both small and big fish. Attackers Exploit 6-Year-Old Microsoft Office Bug to Spread Spyware Malicious attachments that exploit an RCE flaw from 2017 are propagating Agent Tesla via socially engineered emails and an evasive infection method. Comcast Xfinity Breached via CitrixBleed; 35M Customers Affected A trove of personal data belonging to millions of Americans is just the latest bullet point in a bad year for Citrix customers. Fresh Qakbot Sightings Confirm Recent Takedown Was a Temporary Setback Microsoft and several others have reported seeing the noxious malware surfacing again in a campaign targeting the hospitality industry. Feds Snarl ALPHV/BlackCat Ransomware Operation Dark Web chatter indicates that Scattered Spider worked with the FBI to take down the BlackCat/ALPHV operation. Microsoft: Multiple Perforce Server Flaws Allow for Network Takeover The most critical of the bugs gives attackers privileged access to the local Windows system, paving the way for unauthenticated RCE and installing backdoors. Millions of Microsoft Accounts Power Lattice of Automated Cyberattacks Crimeware-as-a-service (CaaS) gang flies past CAPTCHAs, creating fraudulent accounts to sell to the likes of Scattered Spider; Microsoft mounts a counterattack. Why I Chose Google Bard to Help Write Security Policies Large language models (LLMs) like Bard and ChatGPT can help produce simpler, more readable security documentation in a fraction of the time it takes to do it manually. Name That Toon: Just for Kicks Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. Adapting to the Post-SolarWinds Era: Supply Chain Security in 2024 Three years after the SolarWinds attack, new revelations show more must be done to help prevent such a drastic security breach from happening again. Omdia: Standalone Security Products Outsell Cybersecurity Platforms Cybersecurity platform vendors say enterprises want to buy fewer solutions from fewer vendors. Omdia research, however, tells a different, more nuanced story. MORE NEWS / MORE COMMENTARY | | | | | | PRODUCTS & RELEASES | | Black Hat Europe 2023 Closes on Record-Breaking Event in London Console & Associates, P.C.: ESO Solutions Notifies 2.7M People of Data Breach That Leaked Their SSNs SANS Institute Research Shows What Frameworks, Benchmarks, and Techniques Organizations Use on their Path to Security Maturity Zero Networks Raises $20M in Series B to Prevent Attackers from Spreading in Corporate Networks ONCD Welcomes Mr. Harry Coker, Jr. as Next National Cyber Director Salvador Technologies Raises $6M to Empower Cyber Resilience in Operational Technologies and Critical Infrastructures MORE PRODUCTS & RELEASES |
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
