The exploit can be accessed on GitHub and makes it easier for the flaw to be exploited by threat actors.
Follow Dark Reading:
 August 29, 2024
LATEST SECURITY NEWS & COMMENTARY
PoC Exploit for Zero-Click Vulnerability Made Available to the Masses
The exploit can be accessed on GitHub and makes it easier for the flaw to be exploited by threat actors.
Hitachi Energy Vulnerabilities Plague SCADA Power Systems
The company has assessed four of the five disclosed vulnerabilities as being of high to critical severity.
CCTV Zero-Day Exposes Critical Infrastructure to Mirai Botnet
CISA warned about the RCE zero-day vulnerability in AVTECH IP cameras in early August, and now vulnerable systems are being used to spread malware.
NFC Traffic Stealer Targets Android Users & Their Banking Info
The malware builds on a near-field communication tool in combination with phishing and social engineering to steal cash.
Hackers Use Rare Stealth Techniques to Down Asian Military, Gov't Orgs
A threat actor resembling APT41 performed "AppDomainManager Injection," which is like DLL sideloading, but arguably easier and stealthier.
Attackers Exploit Critical Atlassian Confluence Flaw for Cryptojacking
Novel attack vectors leverage the CVE-2023-22527 RCE flaw discovered in January, which is still under active attack, to turn targeted cloud environments into cryptomining networks.
Slack Patches AI Bug That Let Attackers Steal Data From Private Channels
A prompt injection flaw in the AI feature of the workforce collaboration suite makes malicious queries of data sources appear legitimate.
NSA Issues Tips for Better Logging, Threat Detection in LotL Incidents
The guidance is part of a coordinated, global effort to eradicate living-off-the-land techniques used against critical infrastructure.
C-Suite Involvement in Cybersecurity Is Little More Than Lip Service
Collaboration with security teams, making cybersecurity a core principle of business strategy, and investing in defenses better position organizations to thwart threats and ensure business continuity.
Why End of Life for Applications Is the Beginning of Life for Hackers
In the next year, more than 35,000 applications will move to end-of-life status. To manage risk effectively, we need to plan ahead.
Aggressively Monitoring for Changes Is a Key Aspect of Cybersecurity
Employees and management must fully support change detection and file integrity monitoring, allowing a proactive approach with definitive security controls to be implemented against threat actors.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Why LLMs Are Just the Tip of the AI Security Iceberg
With the right processes and tools, organizations can implement advanced AI security frameworks that make hidden risks visible, enabling security teams to track and address them before impact.

Name That Toon: Security Games
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Why Every Business Should Prioritize Confidential Computing
Confidential computing safeguards data in use, making it a crucial component of cloud security.

Critical Thinking AI in Cybersecurity: A Stretch or a Possibility?
It might still sound far-fetched to say AI can develop critical thinking skills and help us make decisions in the cybersecurity industry. But we're not far off.

MORE
PRODUCTS & RELEASES
Pluralsight Releases Courses to Help Cyber Pros Defend Against Volt Typhoon Hacker Group
77% of Educational Institutions Spotted a Cyberattack Within the Last 12 Months
Malicious Links, AI-Enabled Tools, and Attacks on SMBs Among Top Cybersecurity Threats in H1 Mimecast Global Threat Intelligence Report
MORE PRODUCTS & RELEASES
EDITORS' CHOICE
Patch Now: Second SolarWinds Critical Bug in Web Help Desk
The disclosure of CVE-2024-28987 means that, in two weeks, there have been two critical bugs and corresponding patches for SolarWinds' less-often-discussed IT help desk software.
LATEST FROM THE EDGE

News Desk 2024: Hacking Microsoft Copilot Is Scary Easy
As enterprises in the world embrace Microsoft's AI assistant, researcher Michael Bargury warns its security is lacking. Check out his News Desk interview during Black Hat USA.
LATEST FROM DR TECHNOLOGY

Dragos Expands Asset Visibility in Latest Platform Update
The latest release of the Dragos Platform provide industrial and critical infrastructure organizations with complete and enriched view of their OT environment.
LATEST FROM DR GLOBAL

South Korean APT Exploits 1-Click WPS Office Bug, Nabs Chinese Intel
The most popular office software suite in China actually has two critical vulnerabilities, which allowed hackers the opportunity for remote code execution. Time to patch.
WEBINARS
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2024  |   Informa Tech  |   Privacy Statement   |   Terms & Conditions  |  Contact Us