Dark Reading Daily -- October 26, 2023

Virtual Alarm: VMware Issues Major Security Advisory

VMware vCenter Servers need immediate patch against critical RCE bug as race against threat actors begins.

As Citrix Urges Its Clients to Patch, Researchers Release an Exploit

In the race over Citrix's latest vulnerability, the bad guys have a huge head start, with broad implications for businesses and critical infrastructure providers worldwide.

Kazakh Attackers, Disguised as Azerbaijanis, Hit Former Soviet States

The YoroTrooper group claims to be from Azerbaijan and even routes its phishing traffic through the former Soviet republic.

Winter Vivern APT Blasts Webmail Zero-Day Bug With One-Click Exploit

A campaign targeting European governmental organizations and a think tank shows consistency from the low-profile threat group, which has ties to Belarus and Russia.

Cybersecurity Awareness Doesn't Cut It; It's Time to Focus on Behavior

We have too much cybersecurity awareness. It's time to implement repeatable, real-world practice that ingrains positive habits and security behaviors.

A Cybersecurity Framework for Mitigating Risks to Satellite Systems

Cyber threats on satellite technology will persist and evolve. We need a comprehensive cybersecurity framework to protect them from attackers.

BHI Energy Releases Details of Akira Ransomware Attack

The threat actor exfiltrated 690GB of uncompressed data, or 767,035 files.

(Sponsored Article) FedRAMP Rev. 5: How Cloud Service Providers Can Prepare

What cloud service providers need to know to prepare for FedRAMP Baselines Rev. 5, as documented in the new Transition Guide.

'Log in with...' Feature Allows Full Online Account Takeover for Millions

Hundreds of millions of users of Grammarly, Vidio, and the Indonesian e-commerce giant Bukalapak are at risk for financial fraud and credential theft due to OAuth misfires — and other online services likely have the same problems.

Cyberattackers Alter Implant on 30K Compromised Cisco IOS XE Devices

A seemingly sharp drop in the number of compromised Cisco IOS XE devices visible on the Internet led to a flurry of speculation over the weekend — but it turns out the malicious implants were just hiding.

Change From Within: 3 Cybersecurity Transformation Traps for CISOs to Avoid

To make cybersecurity an organizationwide priority, CISOs must avoid these common input, empathy, and alignment obstacles.

It's Time to Establish the NATO of Cybersecurity

Cybercriminals already operate across borders. Nations must do the same to protect their critical infrastructure, people, and technology from threats foreign and domestic.

1Password Becomes Latest Victim of Okta Customer Service Breach

Okta's IAM platform finds itself in cyberattackers' sights once again, as threat actors mount a supply chain attack targeting Okta customer support engagements.

LATEST FROM THE EDGE

Why Do We Need Real-World Context to Prioritize CVEs?

Without the proper context, organizations waste time mitigating software flaws that won't likely affect their systems.

LATEST FROM DR TECHNOLOGY

Data Security and Collaboration in the Modern Enterprise

The "CISO Survival Guide" explores the complex and shifting challenges, perceptions, and innovations that will shape how organizations securely expand in the future.

LATEST FROM DR GLOBAL

Israeli-Hamas Conflict Spells Opportunity for Online Scammers

As the conflict in the Middle East rages, malicious actors look to exploit the situation with bogus charity sites encouraging donations.

Tips for a Streamlined Transition to Zero Trust