CVE-2023-50164 is harder to exploit than the 2017 Struts bug behind the massive breach at Equifax, but don't underestimate the potential for attackers to use it in targeted attacks.
Follow Dark Reading:
 December 18, 2023
LATEST SECURITY NEWS & COMMENTARY
Patch Now: Exploit Activity Mounts for Dangerous Apache Struts 2 Bug
CVE-2023-50164 is harder to exploit than the 2017 Struts bug behind the massive breach at Equifax, but don't underestimate the potential for attackers to use it in targeted attacks.
Meta's AI-Powered Ray-Bans Portend Privacy Issues
AI will make Meta's smart glasses more attractive for consumers. But can the company straddle cutting-edge functionality and responsible data stewardship?
Complex 'NKAbuse' Malware Uses Blockchain to Hide on Linux, IoT Machines
The multifaceted malware leverages the NKN blockchain-based peer-to-peer networking protocol, operating as both a sophisticated backdoor and a flooder launching DDoS attacks.
In Appreciation: ESET Founder Rudolf Hruby Passes Away
Cybersecurity pioneer and soccer fan Rudolf Hruby was a prominent business figure in post-independence Slovakia.
Pro-Hamas Cyberattackers Aim 'Pierogi' Malware at Multiple Mideast Targets
Gaza Cybergang has created a new backdoor version stuffed with tools to spy on and attack targets.
Soft Skills Every CISO Needs to Inspire Better Boardroom Relationships
Now more than ever, CISOs have an opportunity to impact business strategy and change the culture of their organization.
Omdia: Standalone Security Products Still Reign over All-In-One Cybersecurity Platforms
Cybersecurity platform vendors say enterprises want to buy fewer solutions from fewer vendors. Omdia research, however, tells a different, more nuanced story.
(Sponsored Article) Ragnar Locker Takedown Alone Won't Stop Ransomware Growth, but Here's What Will
Companies must ask how at risk they are and how limited their operations would be after a cyberattack, then address gaps to make paying ransomware less necessary.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
New 'GambleForce' Threat Actor Behind String of SQL Injection Attacks
The fresh-faced cybercrime group has been using nothing but publicly available penetration testing tools in its campaign so far.

Zoom's Bug-Scoring System Prioritizes Riskiest Vulns for Cyber Teams
New vulnerability impact scoring system aims to help cyber defenders find threats and patch against bugs most likely to disrupt their environments.

The Unlikely Romance of Hackers and Government Suitors
Very little modern federal infrastructure is managed by the government — putting a substantial portion of potentially targetable attack surfaces under oversight of federal contractors.

Safeguarding Our Children's Digital Future: A Call to Action
Frequent cyberattacks on America's schools are putting our children at risk. Urgent action is needed to protect students and families.

MORE
PRODUCTS & RELEASES
Cybersecurity Startup, Xeol, Raises $3.2M in Seed Round
Swinfen Charitable Trust, UVA Health, Telemedicine AI, and MITRE Collaborate on Secure Global Health Telemedicine
Stamus Networks Supports NATO Red Teaming Cyber Exercise for the Fifth Consecutive Year
Survey: 90% of IT Pros Felt Prepared for a Password-Based Cyberattack, Yet More Than Half Fell Victim to One
MORE PRODUCTS & RELEASES
EDITORS' CHOICE
Volt Typhoon-Linked SOHO Botnet Infects Multiple US Gov't Entities
Chinese threat actors are taking advantage of the poor state of edge security to breach both small and big fish.
LATEST FROM THE EDGE

Tips for Modernizing SecOps Teams
Dark Reading's special report looks at ways security operations teams can improve their efficiency and effectiveness to address the latest threats.
LATEST FROM DR TECHNOLOGY

Smartphones That Help You Bust Out of the Android/iOS Ecosystem
If you are in the market for a smartphone but want to break away from the Apple-Google duopoly, look no further: these alternative smartphones are based on various Linux variants and custom hardware.
LATEST FROM DR GLOBAL

UAE to Chair World Bank's Cloud Computing Working Group
The World Bank recognized UAE for its work with the private sector in implementing and securing cloud systems.
WEBINARS
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
  • What Ransomware Groups Look for in Enterprise Victims

    Ransomware attackers cast a wide net -- they just care about causing damage, making money, and gaining new victims. That means no organization is automatically immune to attack just because of its size or industry. Organizations need to take steps ...

  • How to Use Threat Intelligence to Mitigate Third-Party Risk

    The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ...

  • Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks

    The most profound change to enterprise security with the rise of remote work is the way endpoint security has moved from last line of defense to being on the frontline. The user's endpoint is the first device attackers encounter, making ...
View More Dark Reading Reports >>
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2023  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us