Dark Reading Daily -- December 19, 2023

Iranian officials blame a software issue for the "disruption" to gasoline pumps.

LATEST SECURITY NEWS & COMMENTARY

Pro-Israeli Hacktivists Attack Iranian Gas Stations

Iranian officials blame a software issue for the "disruption" to gasoline pumps.

Millions of Microsoft Accounts Power Lattice of Automated Cyberattacks

Crimeware-as-a-service (CaaS) gang flies past CAPTCHAs, creating fraudulent accounts to sell to the likes of Scattered Spider; Microsoft mounts a counterattack.

Years-Old, Unpatched GWT Vuln Leaves Apps Open to Server-Side RCE

Although the unauthenticated Java deserialization flaw has been known since 2015, GWT apps remain vulnerable to malicious server-side code execution, new research says.

Will Putting a Dollar Value on Vulnerabilities Help Prioritize Them?

Zoom's Vulnerability Impact Scoring System calculates the impact of a vulnerability to assign a cash payout for bugs, leading hackers to prioritize more severe flaws. Can it do the same for companies?

Novel SMTP Smuggling Technique Slips Past DMARC, Email Protections

Attackers can spoof millions of email addresses to create targeted phishing attacks using flaws in Microsoft, GTX, and Cisco Secure Email Gateway servers.

Adapting to the Post-SolarWinds Era: Supply Chain Security in 2024

Three years after the SolarWinds attack, new revelations show more must be done to help prevent such a drastic security breach from happening again.

Name That Toon: Just for Kicks

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

(Sponsored Article) The Imperative of Context in an Era of Expanding API Risks

Only 38% of organizations understand API context, a huge security gap underscoring the need for deeper, context-aware security strategies.

MORE NEWS / MORE COMMENTARY


HOT TOPICS
Meta's AI-Powered Ray-Bans Portend Privacy Issues AI will make Meta's smart glasses more attractive for consumers. But can the company straddle cutting-edge functionality and responsible data stewardship? Soft Skills Every CISO Needs to Inspire Better Boardroom Relationships Now more than ever, CISOs have an opportunity to impact business strategy and change the culture of their organization. Iran-Linked 'OilRig' Cyberattackers Target Israel's Critical Infrastructure, Over & Over The prolific APT repeatedly compromised targets in healthcare, manufacturing, and government with new lightweight downloaders that blend into network traffic for evasion. Omdia: Standalone Security Products Outsell Cybersecurity Platforms Cybersecurity platform vendors say enterprises want to buy fewer solutions from fewer vendors. Omdia research, however, tells a different, more nuanced story. MORE

PRODUCTS & RELEASES

ONCD Welcomes Mr. Harry Coker, Jr. as Next National Cyber Director

Zero Networks Raises $20M in Series B to Prevent Attackers from Spreading in Corporate Networks

Cybersecurity Startup, Xeol, Raises $3.2M in Seed Round

MORE PRODUCTS & RELEASES

EDITORS' CHOICE

Patch Now: Exploit Activity Mounts for Dangerous Apache Struts 2 Bug

CVE-2023-50164 is harder to exploit than the 2017 Struts bug behind the massive breach at Equifax, but don't underestimate the potential for attackers to use it in targeted attacks.

LATEST FROM THE EDGE

API Security: The Big Picture

Hype won't solve operational security problems. Here are 10 important points to consider when evaluating API security solutions.

LATEST FROM DR TECHNOLOGY

Confidential AI Protects Data and Models Across Clouds

Confidential AI integrates zero trust and confidential computing to guard data and models during inferencing, training, learning, and fine-tuning.

LATEST FROM DR GLOBAL

Pro-Hamas Cyberattackers Aim 'Pierogi' Malware at Multiple Mideast Targets

Gaza Cybergang has created a new backdoor version stuffed with tools to spy on and attack targets.

WEBINARS

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

How to Deploy Zero Trust for Remote Workforce Security
Everything You Need to Know About DNS Attacks
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks
The most profound change to enterprise security with the rise of remote work is the way endpoint security has moved from last line of defense to being on the frontline. The user's endpoint is the first device attackers encounter, making ...

View More Dark Reading Reports >>