The CVE-2024-27322 security vulnerability in R's deserialization process gives attackers a way to execute arbitrary code in target environments via specially crafted files.
Follow Dark Reading:
 April 30, 2024
LATEST SECURITY NEWS & COMMENTARY
R Programming Bug Exposes Orgs to Vast Supply Chain Risk
The CVE-2024-27322 security vulnerability in R's deserialization process gives attackers a way to execute arbitrary code in target environments via specially crafted files.
Okta: Credential-Stuffing Attacks Spike via Proxy Networks
Okta warns users that the attack requests are made through an anonymizing service like Tor or various commercial proxy networks.
13.4M Kaiser Insurance Members Affected by Data Leak to Online Advertisers
Tracking code used for keeping tabs on how members navigated through the healthcare giant's online and mobile sites was oversharing a concerning amount of information.
'Muddling Meerkat' Poses Nation-State DNS Mystery
Likely China-linked adversary has blanketed the Internet with DNS mail requests over the past five years via open resolvers, furthering Great Firewall of China ambitions. But the exact nature of its activity is unclear.
Cybersecurity Is Becoming More Diverse … Except by Gender
While other professions are making up ground, cybersecurity still lags behind in female representation, thanks to a lack of respect and inclusion.
Addressing Risk Caused by Innovation
By embracing a proactive approach to cyber-risk management, companies can better detect, prevent, and mitigate cyber threats while integrating the latest state-of-the-art technology.
(Sponsored Article) A Cyber-Resiliency Plan Focused on Offensive Security
The convergence of cyber resiliency and business planning is gaining strategic importance and enabling more successful and sustainable outcomes.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
CISO Corner: Evil SBOMs; Zero-Trust Pioneer Slams Cloud Security; MITRE's Ivanti Issue
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: security license mandates; a move to four-day remediation requirements; lessons on OWASP for LLMs.

Licensed to Bill? Nations Mandate Certification & Licensure of Cybersecurity Pros
Malaysia, Singapore, and Ghana are among the first countries to pass laws that require cybersecurity firms — and in some cases, individual consultants — to obtain licenses to do business, but concerns remain.

Minimum Viable Compliance: What You Should Care About and Why
Understand what security measures you have in place, what you need to keep secure, and what rules you have to show compliance with.

Siemens Working on Fix for Device Affected by Palo Alto Firewall Bug
Growing attacks targeting the flaw prompted CISA to include it in the known exploited vulnerabilities catalog earlier this month.

MORE
PRODUCTS & RELEASES
ESET PROTECT Portfolio Now Includes New MDR Tiers and Features
New Research Suggests Africa Is Being Used As a 'Testing Ground' for Nation State Cyber Warfare
MITRE's Cyber Resiliency Engineering Framework Aligns With DoD Cyber Maturity Model Cert
MORE PRODUCTS & RELEASES
EDITORS' CHOICE
Cyberattack Gold: SBOMs Offer an Easy Census of Vulnerable Software
Attackers will likely use software bills-of-material (SBOMs) for searching for software potentially vulnerable to specific software flaws.
LATEST FROM THE EDGE

Intel Harnesses Hackathons to Tackle Hardware Vulnerabilities
The semiconductor manufacturing giant's security team describes how hardware hackathons, such as Hack@DAC, have helped chip security by finding and sharing hardware vulnerabilities.
LATEST FROM DR TECHNOLOGY

Chip Giants Finalize Specs Baking Security Into Silicon
Caliptra 1.0 offers a blueprint for integrating security features directly into microprocessors.
LATEST FROM DR GLOBAL

Philippines Pummeled by Assortment of Cyberattacks & Misinformation Tied to China
The volume of malicious cyber activity against the Philippines quadrupled in the first quarter of 2024 compared to the same period in 2023.
WEBINARS
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2024  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us