Dark Reading Weekly -- December 07, 2023

LATEST SECURITY NEWS & COMMENTARY

Patch Now: Critical Atlassian Bugs Endanger Enterprise Apps

Four RCE vulnerabilities in Confluence, Jira, and other platforms, allow instance takeover and environment infestation.

Critical Bluetooth Flaw Exposes Android, Apple & Linux Devices to Takeover

Various devices remain vulnerable to the bug, which has existed without notice for years and allows an attacker to control devices as if from a Bluetooth keyboard.

Microsoft Is Getting a New 'Outsider' CISO

Igor Tsyganskiy inherits the high-profile CISO spot in Redmond, while his predecessor, Bret Arsenault, is named chief security adviser.

Simple Hacking Technique Can Extract ChatGPT Training Data

Apparently all it takes to get a chatbot to start spilling its secrets is prompting it to repeat certain words like "poem" forever.

Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCs

Hundreds of consumer and enterprise-grade x86 and ARM models from various vendors, including Intel, Acer, and Lenovo, are potentially vulnerable to bootkits and takeover.

Meta AI Models Cracked Open With Exposed API Tokens

Researchers at Lasso Security found 1,500+ tokens in total that gave them varying levels of access to LLM repositories at Google, Microsoft, VMware, and some 720 other organizations.

Siemens PLCs Still Vulnerable to Stuxnet-like Cyberattacks

Security updates are tedious and difficult, so users continue to use a weak version of a core protocol and remain exposed to major attacks on critical infrastructure.

'AeroBlade' Group Hacks US Aerospace Company

Aeroblade flew under the radar, slicing through detection checks on a quest to steal sensitive commercial data.

23andMe: Data Breach Was a Credential-Stuffing Attack

The DNA testing company believes that the attack has now been contained and is notifying impacted individuals.

Japan's Space Program at Risk After Microsoft Active Directory Breach

The agency, known as JAXA, has shut down parts of its network as it conducts an investigation to discover the scope and impact of the breach.

Establishing New Rules for Cyber Warfare

Why we should applaud the Red Cross's efforts, even if they likely won't work.

MORE NEWS / MORE COMMENTARY


HOT TOPICS
The US Needs to Follow Germany's Attack-Detection Mandate A more proactive approach to fighting cyberattacks for US companies and agencies is shaping up under the CISA's proposal to emphasize real-time attack detection and response. 8 Tips on Leveraging AI Tools Without Compromising Security AI tools can deliver quick and easy results and offer huge business benefits — but they also bring hidden risks. Strategy, Harmony & Research: Triaging Priorities for OT Cybersecurity Despite a focus on the future, there's no indication of how well the cybersecurity basics needed to stay safe are being applied. Embrace Generative AI for Security, but Heed Caution AI could be a net positive for security, with a caveat: It could make security teams dangerously complacent. MORE

PRODUCTS & RELEASES

Cloudbrink Presents Firewall-As-Service for the Hybrid Workplace

DTEX Systems Appoints Mandiant Global CTO Marshall Heilman As CEO

Keeper Security Survey Finds 82% of IT Leaders Want to Move Their On-Premises Privileged Access Management (PAM) Solution to the Cloud

Foresite Cybersecurity Partners With Crowdstrike

Mine Secures $30M in Series B Funding

Enveedo Closes $3.15M Seed Round to Help Businesses Build and Maintain Cyber Resiliency

The Latest Delinea Secret Server Release Boosts Usability With New Features

Flow Security Launches GenAI DLP

Klarytee Raises $900k Pre-Seed Round to Make Data Secure by Default

MORE PRODUCTS & RELEASES

EDITORS' CHOICE

Okta Breach Widens to Affect 100% of Customer Base

Early disclosures related to September compromise insisted less than 1% of Okta customers were impacted; now, the company says it was all of them.

LATEST FROM THE EDGE

Name That Edge Toon: On Your Mark...

Come up with a clever cybersecurity-related caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

LATEST FROM DR TECHNOLOGY

Dragos Expands Defense Program for Small Utilities

The Dragos Community Defense Program provides small water, gas, and electric utilities with access to the Dragos Platform, training resources, and threat intelligence.

LATEST FROM DR GLOBAL

Middle East CISOs Fear Disruptive Cloud Breach

Increasingly, businesses are concerned about the speed of their cloud incident response times.

WEBINARS

What's In Your Cloud?
How to Combat the Latest Cloud Security Threats
More businesses have shifted critical assets and operations to the cloud, as service providers enhance their security capabilities and companies adapt to more remote workforces. In this webinar, experts outline the top ways that attackers are exploiting cloud services, applications ...

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

How to Use Threat Intelligence to Mitigate Third-Party Risk
The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ...
Everything You Need to Know About DNS Attacks
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks
The most profound change to enterprise security with the rise of remote work is the way endpoint security has moved from last line of defense to being on the frontline. The user's endpoint is the first device attackers encounter, making ...

View More Dark Reading Reports >>