Dark Reading Daily -- June 13, 2024

An RCE vulnerability that affects the Web scripting language on Windows systems is easy to exploit and can provide a broad attack surface.

LATEST SECURITY NEWS & COMMENTARY

TellYouThePass Ransomware Group Exploits Critical PHP Flaw

An RCE vulnerability that affects the Web scripting language on Windows systems is easy to exploit and can provide a broad attack surface.

Scores of Biometrics Bugs Emerge, Highlighting Authentication Risks

Face scans stored like passwords inevitably will be compromised, like passwords are. But there's a crucial difference between the two that organizations can rely on when their manufacturers fail.

Rockwell's ICS Directive Comes as Critical Infrastructure Risk Peaks

Critical infrastructure is facing increasingly disruptive threats to physical processes, while thousands of devices are online with weak authentication and riddled with exploitable bugs.

Cleveland City Hall Shuts Down After Cyber Incident

As city officials continue to investigate, it's unclear which systems were affected and whether it was a ransomware attack.

LockBit & Conti Ransomware Hacker Busted in Ukraine

Accused cybercriminal has special skills that helped Conti and LockBit ransomware evade detection, according to law enforcement.

Why CIO & CISO Collaboration Is Key to Organizational Resilience

Alignment between these domains is quickly becoming a strategic imperative.

(Sponsored Article) How to Avoid a SolarWinds-Style Malware Attack

The SEC says SolarWinds was impacted by a supply chain attack, but the evidence may not support that.

MORE NEWS / MORE COMMENTARY


HOT TOPICS
WarmCookie Gives Cyberattackers Tasty New Backdoor for Initial Access The fresh-baked malware is being widely distributed, but still specifically targets individuals with tailored lures. It's poised to evolve into a bigger threat, researchers warn. RansomHub Brings Scattered Spider Into Its RaaS Nest The threat group behind breaches at Caesars and MGM moves its business over to a different ransomware-as-a-service operation. The CEO Is Next If CEOs want to avoid being the target of government enforcement actions, they need to take a personal interest in ensuring that their corporation invests in cybersecurity. Developing a Plan to Respond to Critical CVEs in Open Source Software Establishing a clear process for developers to respond to critical CVEs is essential for having a rapid and coordinated response. MORE

PRODUCTS & RELEASES

Checkmarx Application Security Posture Management and Cloud Insights Offer Enterprises Code-to-Cloud Visibility

DNSFilter Welcomes Cisco Veteran TK Keanini As CTO

Darktrace Launches Managed Detection & Response Service to Bolster Security Operations

Backslash Unveils Enterprise-Grade Capabilities to its Reachability-Based AppSec Platform

MORE PRODUCTS & RELEASES

EDITORS' CHOICE

Critical MSMQ RCE Bug Opens Microsoft Servers to Complete Takeover

CVE-2024-30080 is the only critical issue in Microsoft's June 2024 Patch Tuesday update, but many others require prompt attention as well.

LATEST FROM THE EDGE

Asset Management Holds the Key to Enterprise Defense

Obtaining — and maintaining — a complete inventory of technology assets is essential to effective enterprise security. How do organizations get that inventory?

LATEST FROM DR TECHNOLOGY

Nvidia Patches High-Severity Flaws in GPU Drivers

Nvidia's latest GPUs are a hot commodity for AI, but security vulnerabilities could expose GPUs — which could be up to seven years old — to attacks from hackers.

LATEST FROM DR GLOBAL

Pakistani Hacking Team 'Celestial Force' Spies on Indian Gov't, Defense

Against a backdrop of political conflict, a years-long cyber-espionage campaign in South Asia is coming to light.

WEBINARS

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

View More Dark Reading Reports >>