A pair of Microsoft bugs allow cyberattackers to bypass native Windows Internet download security, says former CERT CC researcher who discovered the flaws.
Follow Dark Reading:
 October 27, 2022
LATEST SECURITY NEWS & COMMENTARY
Windows Mark of the Web Zero-Days Remain Patchless, Under Exploit
A pair of Microsoft bugs allow cyberattackers to bypass native Windows Internet download security, says former CERT CC researcher who discovered the flaws.
Atlassian Vulnerabilities Highlight Criticality of Cloud Services
Two flaws in the popular developer cloud platform show how weaknesses in authorization functions and SaaS flaws can put cloud apps at risk.
List of Common Passwords Accounts for Nearly All Cyberattacks
Half of a million passwords from the RockYou2021 list account for 99.997% of all credential attacks against a variety of honeypots, suggesting attackers are just taking the easy road.
Google's GUAC Aims to Democratize Software Supply Chain Security Metadata
Software makers and customers will be able to query graph database for information about the security and provenance of components in applications and codebases.
Threat Groups Repurpose Banking Trojans into Backdoors
Ursnif, a one-time banking Trojan also known as Gozi, becomes the latest codebase to be repurposed as a more general backdoor, as malware developers trend toward modularity.
Ransomware Gangs Ramp Up Industrial Attacks in US
The manufacturing segment was especially hard hit by cyberattacks in the third quarter of 2022.
Microsoft Data-Exposure Incident Highlights Risk of Cloud Storage Misconfiguration
Many enterprises continue to leave cloud storage buckets exposed despite widely available documentation on how to properly secure them.
Cisco Warns AnyConnect VPNs Under Active Cyberattack
Older bugs in the AnyConnect Secure Mobility Client are being targeted in the wild, showcasing patch-management failures.
Stress Is Driving Cybersecurity Professionals to Rethink Roles
Burnout has led one-third of cybersecurity staffers to consider changing jobs over the next two years, potentially further deepening the talent shortage, research shows.
FBI: Iranian Threat Group Likely to Target US Midterms
Similar to what happened around the 2020 election, FBI warns that the Emennet Pasargad group is poised to target officials and companies with embarrassing hack-and-leak campaigns.
Exploit Attempts Underway for Apache Commons Text4Shell Vulnerability
The good news: The Apache Commons Text library bug is far less likely to lead to exploitation than last year's Log4j library flaw.
Dark Reading Launches New Section Dedicated to ICS/OT Security
ICS/OT Security joins the lineup of 14 cybersecurity topic sections on the media site.
Cybersecurity Risks & Stats This Spooky Season
From ransomware to remote workers to cyber-extortion gangs to Fred in shipping who clicks on the wrong link, cybersecurity concerns can keep you awake this season and all seasons.
Cybersecurity's Role in Combating Midterm Election Disinformation
A multilayered attack technique that took center stage in 2020 and has only grown more endemic.
Name That Toon: Witching Hour
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Iron Man Started His Journey From Scratch & Your Security Awareness Program Can Too
Build your company's security awareness program a suit of high-tech cybersecurity armor along with a collaborative atmosphere.

Open Source Is Just the Tip of the Iceberg in Software Supply Chain Security
As more of the software stack consists of third-party code, it's time for a more-advanced open source vetting system.

Are You a CISO Building Your Risk Register for 2023? Read This First
Achieving basic IT hygiene is 99% of the game.

MORE
EDITORS' CHOICE
7 Hidden Social Media Cyber-Risks for Enterprises
Leaning on social media to amplify your company's brand? Here's a look at the emerging cybersecurity risks that can arise from TikTok, LinkedIn, Twitter, and other platforms.
LATEST FROM THE EDGE

Equifax's Lessons Are Still Relevant, 5 Years Later
Cybersecurity pros discuss a trio of lessons from the Equifax hack and how to prevent similar attacks in the enterprise.
LATEST FROM DR TECHNOLOGY

Hardware Makers Standardize Server Chip Security With Caliptra
The new open source specification from Open Compute Project is backed by Google, Nvidia, Microsoft, and AMD.
WEBINARS
  • State of Bot Attacks: What to Expect in 2023

    Malicious bots have moved past distributed denial-of-service and credential-stuffing attacks and are now capable of launching sophisticated attacks such as performing reconnaissance for future attacks, committing shopping cart and ticketing fraud, and engaging in clickjacking. Bot attacks are highly profitable ...

  • Penetration Testing, Red Teaming, and More: Improving Your Defenses By Thinking Like an Attacker

    Enterprises are increasingly discovering that the best way to expose vulnerabilities in their defenses is to think like an attacker. Penetration testing, red teaming, threat hunting, and other offensive strategies are helping organizations quickly find the holes in their cyber ...
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
PRODUCTS & RELEASES
Content Security Market Worth $2.2 Million by 2027 - Exclusive Study by MarketsandMarkets(TM)
Google Enters Into Stipulated Agreement to Improve Legal Process Compliance Program
54% of Staff Would Reconsider Working for a Firm That Had Experienced a Cyber Breach, Research Finds
Rezilion Vulnerability Scanner Benchmark Report Finds Top Scanners Only 73% Accurate
Security Leaders are Calling for Industry to Take Action and Programmatically Improve Secure Coding Education
Study Finds Significant Correlation Between BitSight Analytics and Cybersecurity Incidents
Dealers Report Dramatic Increase in Identity Fraud: Most Lack Effective Protection
US Employees Feel Little Concern for Data Theft at Work, New Research Reveals
Hornetsecurity Launches Next-Generation Security Awareness Training to Help Organizations Strengthen Their Human Firewall
Only 4% of Security and IT Leaders Believe All of Their Cloud Data is Sufficiently Secured
New Torii Report Finds 60% of IT Leaders Don’t Know What Apps They Have
Valence Security Announces $25M Series A to Scale Delivery of Collaborative SaaS Security Remediation Solutions to Customers
MORE PRODUCTS & RELEASES
CURRENT ISSUE

Building the SOC of the Future
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2022  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us