Dark Reading Daily -- December 11, 2024

The zero-day (CVE-2024-49138), plus a worryingly critical unauthenticated RCE security vulnerability (CVE-2024-49112), are unwanted gifts for security admins this season.

LATEST SECURITY NEWS & COMMENTARY

Actively Exploited Zero-Day, Critical RCEs Lead Microsoft Patch Tuesday

The zero-day (CVE-2024-49138), plus a worryingly critical unauthenticated RCE security vulnerability (CVE-2024-49112), are unwanted gifts for security admins this season.

Cybercrime Gangs Abscond With Thousands of AWS Credentials

The Nemesis and ShinyHunters attackers scanned millions of IP addresses to find exploitable cloud-based flaws, though their operation ironically was discovered due to a cloud misconfiguration of their own doing.

Scottish Parliament TV at Risk From Deepfakes

Because the streaming service website offers no content restrictions, attackers are able to hijack and manipulate live streams.

'Termite' Ransomware Likely Behind Cleo Zero-Day Attacks

The threat actor group recently took credit for a similar attack on Blue Yonder that affected multiple organizations, including Starbucks.

Lessons From the Largest Software Supply Chain Incidents

The software supply chain is a growing target, and organizations need to take special care to safeguard it.

(Sponsored Article) Intentional Risk Management in Cybersecurity

Shift to exposure management for strategic cybersecurity and better protection.

MORE NEWS / MORE COMMENTARY


HOT TOPICS
Texas Teen Arrested for Scattered Spider Telecom Hacks An FBI operation nabbed a member of the infamous cybercrime group, who is spilling the tea on "key Scattered Spider members" and their tactics. Large-Scale Incidents & the Art of Vulnerability Prioritization We can anticipate a growing number of emerging vulnerabilities in the near future, emphasizing the need for an effective prioritization strategy. Sprawling 'Operation Digital Eye' Attack Targets European IT Orgs A Chinese threat actor infiltrated several IT and security companies in a bring-your-own VS code, with an eye to carrying out a supply-chain-based espionage attack. MORE

PRODUCTS & RELEASES

Genetec Physical Security Report Shows Accelerating Hybrid Cloud Adoption

Compromised Software Code Poses New Systemic Risk to U.S. Critical Infrastructure

Onapsis Expands Code Security Capabilities to Accelerate and De-Risk SAP BTP Development Projects

MORE PRODUCTS & RELEASES

EDITORS' CHOICE

Microsoft NTLM Zero-Day to Remain Unpatched Until April

The second zero-day vulnerability found in Windows NTLM in the past two months paves the way for relay attacks and credential theft. Microsoft has no patch, but released updated NTLM cyberattack mitigation advice.

LATEST FROM THE EDGE

FCC Proposes New Cybersecurity Rules for Telecoms

FCC Chairwoman Jessica Rosenworcel proposed "urgent action" to safeguard the nation's communications systems from real and present cybersecurity threats.

LATEST FROM DR TECHNOLOGY

Snowflake Rolls Out Mandatory MFA Plan

As part of the commitment to CISA's Secure by Design pledge, Snowflake will begin blocking sign-ins using single-factor authentication next year.

LATEST FROM DR GLOBAL

Governments, Telcos Ward Off China's Hacking Typhoons

Infiltrating other nations' telecom networks is a cornerstone of China's geopolitical strategy, and it's having the unintended consequence of driving the uptake of encrypted communications.

WEBINARS

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

View More Dark Reading Reports >>