Google has disclosed a nasty set of six bugs affecting Zoom chat that can be chained together for MitM and RCE attacks, no user interaction required.
Follow Dark Reading:
 May 26, 2022
LATEST SECURITY NEWS & COMMENTARY
Zero-Click Zoom Bug Allows Code Execution Just by Sending a Message
Google has disclosed a nasty set of six bugs affecting Zoom chat that can be chained together for MitM and RCE attacks, no user interaction required.
VMware, Airline Targeted as Ransomware Chaos Reigns
Global ransomware incidents target everything from enterprise servers to grounding an airline, with one India-based group even taking a Robin Hood approach to extortion with the "GoodWill" strain.
'There's No Ceiling': Ransomware's Alarming Growth Signals a New Era, Verizon DBIR Finds
Ransomware has become so efficient, and the underground economy so professional, that traditional monetization of stolen data may be on its way out.
Partial Patching Still Provides Strong Protection Against APTs
Organizations that deploy updates only after a vulnerability is disclosed apply far fewer updates and do so at a lower cost than those that stay up to date on all of their software, university researchers say.
Majority of Kubernetes API Servers Exposed to the Public Internet
Shadowserver Foundation researchers find 380,000 open Kubernetes API servers.
Microsoft Elevation-of-Privilege Vulnerabilities Spiked Again in 2021
But there was a substantial drop in the overall number of critical vulnerabilities that the company disclosed last year, new analysis shows.
DDoS Extortion Attack Flagged as Possible REvil Resurgence
A DDoS campaign observed by Akamai from actors claiming to be REvil would represent a major pivot in tactics for the gang.
Interpol's Massive 'Operation Delilah' Nabs BEC Bigwig
A sprawling, multiyear operation nabs a suspected SilverTerrier BEC group ringleader, exposing a massive attack infrastructure and sapping the group of a bit of its strength.
After the Okta Breach, Diversify Your Sources of Truth
What subsequent protections do you have in place when your first line of defense goes down?
6 Scary Tactics Used in Mobile App Attacks
Mobile attacks have been going on for many years, but the threat is rapidly evolving as more sophisticated malware families with novel features enter the scene.
Spring Cleaning Checklist for Keeping Your Devices Safe at Work
Implement zero-trust policies for greater control, use BYOD management tools, and take proactive steps such as keeping apps current and training staff to keep sensitive company data safe and employees' devices secure.
Industry 4.0 Points Up Need for Improved Security for Manufacturers
With manufacturing ranking as the fourth most targeted sector, manufacturers that understand their exposure will be able to build the necessary security maturity.
Crypto Hacks Aren't a Niche Concern; They Impact Wider Society
Million-dollar crypto heists are becoming more common as the currency starts to go mainstream; prevention and enforcement haven't kept pace.
Authentication Is Static, Yet Attackers Are Dynamic: Filling the Critical Gap
To succeed against dynamic cybercriminals, organizations must go multiple steps further and build a learning system that evolves over time to keep up with attacker tactics.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
DeFi Is Getting Pummeled by Cybercriminals
Decentralized finance lost $1.8 billion to cyberattacks last year — and 80% of those events were the result of vulnerable code, analysts say.

Pro-Russian Information Operations Escalate in Ukraine War
In the three months since the war started, Russian operatives and those allied with the nation's interests have unleashed a deluge of disinformation and fake news to try and sow fear and confusion in Ukraine, security vendor says.

Why the Employee Experience Is Cyber Resilience
A culture of trust, combined with tools designed around employee experience, can work in tandem to help organizations become more resilient and secure.

MORE
EDITORS' CHOICE

Malicious Python Repository Package Drops Cobalt Strike on Windows, macOS & Linux Systems
The PyPI "pymafka" package is the latest example of growing attacker interest in abusing widely used open source software repositories.
LATEST FROM THE EDGE

New Connecticut Privacy Law Makes Path to Compliance More Complex
As states address privacy with ad-hoc laws, corporate compliance teams try to balance yet another set of similar but diverging requirements.
LATEST FROM DR TECHNOLOGY

DBIR Makes a Case for Passwordless
Verizon's "2022 Data Breach Investigations Report" repeatedly makes the point that criminals are stealing credentials to carry out their attacks.
Tech Resources
ACCESS TECH LIBRARY NOW

  • Outsourcing Cybersecurity: A Decision Maker's Guide

    When it comes to cybersecurity, very few enterprises have all the skills and resources they need on staff. On today's market, your enterprise can outsource a wide variety of cyber tasks, from penetration testing to security monitoring to incident response. ...

  • The Value Drivers of Attack Surface Management, Revealed

    The value of modern ASM extends beyond the security benefits. It can save money as well through prevention, lower cyber insurance costs, lower human effort, and higher operational efficiency. Join to find out how modern attack surfaces have changed, why ...
MORE WEBINARS
FEATURED REPORTS
MORE REPORTS
CURRENT ISSUE

Incorporating a Prevention Mindset into Threat Detection and Response
DOWNLOAD THIS ISSUE SUBSCRIBE NOW
BACK ISSUES | MUST READS | TECH DIGEST
PRODUCTS & RELEASES
Forescout Launches Forescout Frontline to Help Organizations Tackle Ransomware and Real Time Threats
JFrog Launches Project Pyrsia to Help Prevent Software Supply Chain Attacks
Mastercard Launches Cybersecurity “Experience Centre”
Qualys to Unveil VMDR 2.0 at Qualys Security Conference in San Francisco
Corelight Announces New SaaS Platform for Threat Hunting
Cybersecurity-Focused SYN Ventures Closes $300 Million Fund II
Vishing Attacks Reach All Time High, According to Latest Agari and PhishLabs Report
XM Cyber Adds New Security Capability for Microsoft Active Directory
Netskope Expands Data Protection Capabilities to Endpoint Devices and Private Apps
Nisos Announces $15 Million in Series B Funding Round
MORE PRODUCTS & RELEASES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To update your profile, change your e-mail address, or unsubscribe, click here.
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2022  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us