In the latest incarnation of the TLStorm vulnerability, switches from Avaya and Aruba — and perhaps others — are susceptible to compromise from an internal attacker.
Follow Dark Reading:
 May 05, 2022
LATEST SECURITY NEWS & COMMENTARY
China-Backed Winnti APT Siphons Reams of US Trade Secrets in Sprawling Cyber-Espionage Attack
Operation CuckooBees uncovered the state-sponsored group's sophisticated new tactics in a years-long campaign that hit more than 30 tech and manufacturing companies.
Google Offers $1.5M Bug Bounty for Android 13 Beta
The security vulnerability payout set bug hunters rejoicing, but claiming the reward is much, much easier said than done.
TLS Flaws Leave Avaya, Aruba Switches Open to Complete Takeover
In the latest incarnation of the TLStorm vulnerability, switches from Avaya and Aruba — and perhaps others — are susceptible to compromise from an internal attacker.
Critical Vulnerabilities Leave Some Network-Attached Storage Devices Open to Attack
QNAP and Synology say flaws in the Netatalk fileserver allow remote code execution and information disclosure.
Microsoft Patches Pair of Dangerous Vulnerabilities in Azure PostgreSQL
Flaws gave attackers a way to access other cloud accounts and databases, security vendor says.
What Star Wars Teaches Us About Threats
The venerable film franchise shows us how to take threats in STRIDE.
Security Stuff Happens: What Do You Do When It Hits the Fan?
Breaches can happen to anyone, but a well-oiled machine can internally manage and externally remediate in a way that won't lead to extensive damage to a company's bottom line. (Part 1 of a series.)
Security Stuff Happens: What Will the Public Hear When You Say You've Been Breached?
A company's response to a breach is more important than almost anything else. But what constitutes a "good" response following a security incident? (Part 2 of a series.)
Take a Diversified Approach to Encryption
Encryption will break, so it's important to mix and layer different encryption methods.
New Ransomware Variant Linked to North Korean Cyber Army
Researchers use code, Bitcoin transactions to link ransomware attacks on banks to DPRK-sponsored actors.
Unpatched DNS-Poisoning Bug Affects Millions of Devices, Stumps Researchers
The security vulnerability puts wide swaths of industrial networks and IoT devices at risk of compromise, researchers warn.
Cloudflare Flags Largest HTTPS DDoS Attack It's Ever Recorded
This scale of this month's encrypted DDoS attack over HTTPS suggests a well-resourced operation, analysts say.
Coca-Cola Investigates Data-Theft Claims After Ransomware Attack
The Stormous ransomware group is offering purportedly stolen Coca-Cola data for sale on its leak site, but the soda giant hasn't confirmed that the heist happened.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Explainable AI for Fraud Prevention
As the use of AI- and ML-driven decision-making draws transparency concerns, the need increases for explainability, especially when machine learning models appear in high-risk environments.

Developing Software? Get Accountability Right First
Software accountability offers a fresh perspective for creating and managing digital products, mainly by making processes more reliable and transparent for every stakeholder.

Third-Party App Access Is the New Executable File
By providing these apps and other add-ons for SaaS platforms and associated permissions, businesses present bad actors with more opportunities to gain access to company data.

MORE
EDITORS' CHOICE

How to Create a Cybersecurity Mentorship Program
As the talent shortage rages on, companies have found mentorship programs to be one of the best ways to obtain the security skills they need to develop their existing teams.
LATEST FROM THE EDGE

Name That Edge Toon: Flower Power
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.
LATEST FROM DR TECHNOLOGY

Ambient.ai Expands Computer Vision Capabilities for Better Building Security
The AI startup releases new threat signatures to expand the computer vision platform’s ability to identify potential physical security incidents from camera feeds.
Tech Resources
ACCESS TECH LIBRARY NOW

  • The Value Drivers of Attack Surface Management, Revealed

    The value of modern ASM extends beyond the security benefits. It can save money as well through prevention, lower cyber insurance costs, lower human effort, and higher operational efficiency. Join to find out how modern attack surfaces have changed, why ...

  • Implementing and Using XDR to Improve Enterprise Cybersecurity

    Security operations teams are taking a hard look at extended detection and response tools - XDR - as a means of collecting and analyzing threat data and identifying cyber attacks faster and more efficiently. But exactly how does XDR technology ...
MORE WEBINARS
FEATURED REPORTS
MORE REPORTS
CURRENT ISSUE

Practical Network Security Approaches for a Multicloud, Hybrid IT World
DOWNLOAD THIS ISSUE SUBSCRIBE NOW
BACK ISSUES | MUST READS | TECH DIGEST
PRODUCTS & RELEASES
AutoRABIT Secures $26M in Series B Investment from Full In Partners to Expand DevSecOps Platform
Uptycs Announces New Cloud Identity and Entitlement Management (CIEM) Capabilities
SAC Health System Impacted By Security Incident
API Security Company Traceable AI Lands $60 Million Series B
Syxsense Launches Unified Endpoint Security and Management Platform
Radware Launches SkyHawk Security, a Spinoff of Its Cloud Native Protector Business
MORE PRODUCTS & RELEASES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To update your profile, change your e-mail address, or unsubscribe, click here.
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2022  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us