The November 2024 Patch Tuesday update contains a substantially high percentage of remote code execution (RCE) vulnerabilities (including a critical issue in Windows Kerberos), and two other zero-day bugs.
Follow Dark Reading:
 November 14, 2024
LATEST SECURITY NEWS & COMMENTARY
2 Zero-Day Bugs in Microsoft's Nov. Update Under Active Exploit
The November 2024 Patch Tuesday update contains a substantially high percentage of remote code execution (RCE) vulnerabilities (including a critical issue in Windows Kerberos), and two other zero-day bugs that have been previously disclosed and could soon come under attack.
Google AI Platform Bugs Leak Proprietary Enterprise LLMs
The tech giant fixed privilege-escalation and model-exfiltration vulnerabilities in Vertex AI that could have allowed attackers to steal or poison custom-built AI models.
6 Infotainment Bugs Allow Mazdas to Be Hacked With USBs
Direct cyberattacks on vehicles are all but unheard of. In theory, though, the opportunity is there to cause real damage — data extraction, full system compromise, even gaining access to safety-critical systems.
Max-Critical Cisco Bug Enables Command-Injection Attacks
Though Cisco reports of no known malicious exploitation attempts, but thanks to a CVSS 10 out of 10 security vulnerability (CVE-2024-20418) three of its wireless access points are vulnerable to remote, unauthenticated cyberattacks.
Canada Closes TikTok Offices, Citing National Security
Questions remain over what a corporate ban will achieve, since Canadians will still be able to use the app.
Has the Cybersecurity Workforce Peaked?
While training and credentialing organizations continue to talk about a "gap" in skilled cybersecurity workers, demand — especially for entry-level workers — has plateaued, spurring criticism of the latest rosy stats that seem to support a hot market for qualified cyber pros.
How CISOs Can Lead the Responsible AI Charge
CISOs understand the risk scenarios that can help create safeguards so everyone can use AI safely and focus on the technology's promises and opportunities.
Open Source Security Incidents Aren't Going Away
Companies and organizations need to recognize the importance of investing in engineers who possess both the soft and hard skills required to secure open source software effectively.
How Developers Drive Security Professionals Crazy
The journey toward a successful DevSecOps implementation is complex, requiring a strategic approach to overcome the myriad challenges it presents.
The Power of the Purse: How to Ensure Security by Design
CISA should make its recommended goals mandatory and perform audits to ensure compliance.
MORE NEWS / MORE COMMENTARY
DON'T MISS TODAY'S VIRTUAL EVENT
Know Your Enemy: Understanding Cybercriminals and Nation-State Actors
Nov. 14, 11:00 a.m. – 5:00 p.m. ET. Who are the cyberattackers behind current attack campaigns, and what is their endgame? How could their tactics and techniques be used against your organization? In this free virtual event, learn about the latest, most prolific threat actors and their methods, and how to protect your enterprise. Register now!
LISTEN TO OUR LATEST PODCAST
Dark Reading Confidential: Quantum Has Landed, So Now What?
NIST's new post-quantum cryptography standards are here, so what comes next? This episode of Dark Reading Confidential digs into the world of quantum computing from a cybersecurity practitioner's point of view — with guests Matthew McFadden, vice president, Cyber, General Dynamics Information Technology (GDIT) and Thomas Scanlon, professor, Heinz College, Carnegie Mellon University.
MORE
PRODUCTS & RELEASES
OpenText Cybersecurity Unveils 2024's Nastiest Malware
Lacoste First to Use AI-Powered Anti-counterfeiting Solution
20% of Industrial Manufacturers Are Using Network Security as a First Line of Defense
CISA Releases Its First Ever International Strategic Plan
MORE PRODUCTS & RELEASES
EDITORS' CHOICE
Revamped Remcos RAT Deployed Against Microsoft Windows Users
Windows users are at risk for full device takeover by an emerging malicious version of the Remcos remote admin tool, which is being used in an ongoing campaign exploiting a known remote code execution (RCE) vulnerability in Microsoft Office and WordPad.
LATEST FROM THE EDGE

5 Ways to Save Your Organization From Cloud Security Threats
The shift to cloud means securing your organization's digital assets requires a proactive, multilayered approach.
LATEST FROM DR TECHNOLOGY

CrowdStrike Spends to Boost Identity Threat Detection
Adaptive Shield is the third security posture management provider the company has acquired in the past 14 months as identity-based attacks continue to rise.
LATEST FROM DR GLOBAL

Iranian Cybercriminals Target Aerospace Workers via LinkedIn
The group seeks out aerospace professionals by impersonating job recruiters — a demographic it has targeted in the past as well — then deploys the SlugResin backdoor malware.
WEBINARS
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2024  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us