Dark Reading Daily -- January 10, 2024

A second, easy-to-exploit critical security vulnerability in Microsoft's first 2024 Patch Tuesday allows RCE within Hyper-Virtualization.

LATEST SECURITY NEWS & COMMENTARY

Patch Now: Critical Windows Kerberos Bug Bypasses Microsoft Security

A second, easy-to-exploit critical security vulnerability in Microsoft's first 2024 Patch Tuesday allows RCE within Hyper-Virtualization.

Ukraine Claims Revenge Hack Against Moscow Internet Provider

Reports say M9 Telecom servers were destroyed in retaliation for Russia-backed cyberattack against Kyivstar mobile phone operator.

Ransomware Gang Gives Toronto Zoo the Monkey Business

As the investigation continues, the zoo reports that it does not store the credit card information of its guests.

Turkish Cyber Threat Targets MSSQL Servers With Mimic Ransomware

Microsoft's database continues to attract cybercriminal attention; the nature of this wave's threat group is unknown, with the attacks having been exposed only after a happenstance OpSec lag.

Beware Weaponized YouTube Channels Spreading Lumma Stealer

Videos promoting how to crack popular software circumvent Web filters by using GitHub and MediaFire to propagate the malware.

It's Time to Close the Curtain on Security Theater

A shift of focus to cyberattack prevention strategies will more effectively mitigate risk.

Path Traversal Bug Besets Popular Kyocera Office Printers

A printer bug could lead to much worse, in IT networks without proper segmentation.

MORE NEWS / MORE COMMENTARY


HOT TOPICS
'Swatting' Becomes Latest Extortion Tactic in Ransomware Attacks Threat actors leave medical centers with the difficult choice of paying the ransom or witnessing patients suffer the consequences. Protecting Critical Infrastructure Means Getting Back to Basics Critical infrastructure organizations need to recognize that the technology and cybersecurity landscapes have changed. Cacti Monitoring Tool Spiked by Critical SQL Injection Vulnerability Attackers can exploit the issue to access all data in Cacti database; and, it enables RCE when chained with a previous vulnerability. Why Red Teams Can't Answer Defenders' Most Important Questions Red-team assessments aren't very good at validating that defenses are working, so defenders don't have a realistic sense of how strong their defenses are. MORE

PRODUCTS & RELEASES

Delinea Acquires Authomize to Strengthen Extended PAM

TitanHQ Launches PhishTitan to Combat Advanced Phishing Attacks

Industrial Defender Risk Signal, a Risk-Based Vulnerability Management Solution for OT Security

MORE PRODUCTS & RELEASES

EDITORS' CHOICE

US, Israel Used Dutch Spy to Launch Stuxnet Malware Against Iran

Report says US and Israel spent $1 billion to develop the infamous Stuxnet virus, built to sabotage Iran's nuclear program in 2008.

LATEST FROM THE EDGE

Is the vCISO Model Right for Your Organization?

More and more organizations are working with virtual CISOs to handle security-related responsibilities. Here are tips on how to find the right fit.

LATEST FROM DR TECHNOLOGY

Localization Mandates, AI Regs to Pose Major Data Challenges in 2024

With more than three-quarters of countries adopting some form of data localization and, soon, three-quarters of people worldwide protected by privacy rules, companies need to take care.

LATEST FROM DR GLOBAL

Bangladesh Election App Crashes Amid Suspected Cyberattack

The country's election commission pointed the blame at traffic coming from Ukraine and Germany.

WEBINARS

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

The State of Supply Chain Threats
How to Deploy Zero Trust for Remote Workforce Security
What Ransomware Groups Look for in Enterprise Victims
Ransomware attackers cast a wide net -- they just care about causing damage, making money, and gaining new victims. That means no organization is automatically immune to attack just because of its size or industry. Organizations need to take steps ...

View More Dark Reading Reports >>