Experts say CVE-2022-42899 is a serious vulnerability, but widespread exploitation is unlikely because of the specific conditions that need to exist for it to happen.
| | | LATEST SECURITY NEWS & COMMENTARY | | Apache Commons Vulnerability: Patch but Don't Panic Experts say CVE-2022-42899 is a serious vulnerability, but widespread exploitation is unlikely because of the specific conditions that need to exist for it to happen. Researchers Keep a Wary Eye on Critical New Vulnerability in Apache Commons Text There's nothing yet to suggest CVE-2022-42889 is the next Log4j. But proof-of-concept code is available, and interest appears to be ticking up. Phishing Mitigation Can Cost Businesses More Than $1M Annually One of the oldest tactics in cybercrime is still one of the most widely feared — and with good reason, as campaigns are expected to increase and become more sophisticated over the next 12 months. Concerns Over Fortinet Flaw Mount; PoC Released, Exploit Activity Grows The authentication bypass flaw in FortiOS, FortiProxy and FortiSwitchManager is easy to find and exploit, security experts say. Feature-Rich 'Alchimist' Cyberattack Framework Targets Windows, Mac, Linux Environments The comprehensive, multiplatform framework comes loaded with weapons, and it is likely another effort by a China-based threat group to develop an alternative to Cobalt Strike and Sliver. CISA Offers Free RedEye Analytics Tool for Red Teams The tool helps red teams manage their activities, analyze the data from their campaigns, create reports, and better present results to organizations. Cybersecurity's Hiring Spree Requires a Recruiting Rethink Just 65 cybersecurity professionals are in the workforce for every 100 available jobs, new study shows. Cyberattackers Spoof Google Translate in Unique Phishing Tactic The campaign uses a combination of tactics and a common JavaScript obfuscation technique to fool both end users and email security scanners to steal credentials. Microsoft 365 Message Encryption Can Leak Sensitive Info The default email encryption used in Microsoft Office's cloud version is leaky, which the company acknowledged but said it wouldn't fix. Signal to Ditch SMS/MMS Messaging on Android Main driver for the change: "Plaintext SMS messages are inherently insecure." What the Uber Breach Verdict Means for CISOs in the US Can already beleaguered CISOs now add possible legal charges to their smorgasbord of job considerations? Disclose a breach to comply and face dismissal, or cover it up and face personal punishment. Care and Feeding of the SOC's Most Powerful Tool: Your Brain Once overloaded, our brains can't process information effectively, performance decreases, and even the simplest of tasks seem foreign. What You Need for a Strong Security Posture From the basics to advanced techniques, here's what you should know. A New Solution to the Cybersecurity Skills Gap: Building Security into Operational Teams Why — and how — companies should consider shifting day-to-day security responsibilities out to operations teams. The move would elevate the team's level of decision-making and help address the challenge of finding professionals with security-specific credentials. 4 Stakeholders Critical to Addressing the Cybersecurity Workforce Gap A cross-disciplinary effort of change is needed to attract new professionals in the coming decade. Shared Responsibility or Shared Fate? Decentralized IT Means We Are All Cyber Defenders With the IT universe expanding, collaboration, thoughtfulness, and discipline can ensure a more secure future. MORE NEWS / MORE COMMENTARY | | |
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
