Dark Reading Daily -- December 20, 2023

Attackers can chain the vulnerabilities to gain full remote code execution.

LATEST SECURITY NEWS & COMMENTARY

Microsoft Outlook Zero-Click Security Flaws Triggered by Sound File

Attackers can chain the vulnerabilities to gain full remote code execution.

Feds Snarl ALPHV/BlackCat Ransomware Operation

Dark Web chatter indicates that Scattered Spider worked with the FBI to take down the BlackCat/ALPHV operation.

Microsoft: Multiple Perforce Server Flaws Allow for Network Takeover

The most critical of the bugs gives attackers privileged access to the local Windows system, paving the way for unauthenticated RCE and installing backdoors.

Fresh Qakbot Sightings Confirm Recent Takedown Was a Temporary Setback

Microsoft and several others have reported seeing the noxious malware surfacing again in a campaign targeting the hospitality industry.

Comcast Xfinity Breached via CitrixBleed; 35M Customers Affected

A trove of personal data belonging to millions of Americans is just the latest bullet point in a bad year for Citrix customers.

Unsung GitHub Features Anchor Novel Hacker C2 Infrastructure

More and more hackers are choosing to host their malicious campaigns from public services, and they're pioneering new ways of doing it.

Why I Chose Google Bard to Help Write Security Policies

Large language models (LLMs) like Bard and ChatGPT can help produce simpler, more readable security documentation in a fraction of the time it takes to do it manually.

Changing How We Think About Technology

To make real change, organizations need to augment logical thinking with critical thinking.

MORE NEWS / MORE COMMENTARY


HOT TOPICS
Pro-Israeli Hacktivists Attack Iranian Gas Stations Iranian officials blame a software issue for the "disruption" to gasoline pumps. Adapting to the Post-SolarWinds Era: Supply Chain Security in 2024 Three years after the SolarWinds attack, new revelations show more must be done to help prevent such a drastic security breach from happening again. Name That Toon: Just for Kicks Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. MORE

PRODUCTS & RELEASES

SANS Institute Research Shows What Frameworks, Benchmarks, and Techniques Organizations Use on their Path to Security Maturity

Salvador Technologies Raises $6M to Empower Cyber Resilience in Operational Technologies and Critical Infrastructures

Console & Associates, P.C.: Comcast Xfinity Reports Data Breach Exposing Confidential Information of 35M Customers

MORE PRODUCTS & RELEASES

EDITORS' CHOICE

Millions of Microsoft Accounts Power Lattice of Automated Cyberattacks

Crimeware-as-a-service (CaaS) gang flies past CAPTCHAs, creating fraudulent accounts to sell to the likes of Scattered Spider; Microsoft mounts a counterattack.

LATEST FROM THE EDGE

How States Help Municipalities Build Their Cyber Defenses

State CISOs and cybersecurity task forces are grappling with the best ways to use federal grant money to keep their citizens safe online.

LATEST FROM DR TECHNOLOGY

Bugcrowd Announces Vulnerability Ratings for LLMs

The update to the company's Vulnerability Rating Taxonomy offers vulnerability researchers a framework for assessing and prioritizing vulnerabilities in large language models.

LATEST FROM DR GLOBAL

Israel Blames Iran for Hospital Data Breach

Israeli intelligence said a cyber unit of Hezbollah also was involved in the cyberattack.

WEBINARS

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

What Ransomware Groups Look for in Enterprise Victims
Ransomware attackers cast a wide net -- they just care about causing damage, making money, and gaining new victims. That means no organization is automatically immune to attack just because of its size or industry. Organizations need to take steps ...
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
Everything You Need to Know About DNS Attacks

View More Dark Reading Reports >>