Dark Reading Daily -- December 06, 2024

LATEST SECURITY NEWS & COMMENTARY

Bypass Bug Revives Critical N-Day in Mitel MiCollab

A single barrier prevented attackers from exploiting a critical vulnerability in an enterprise collaboration platform. Now there's a workaround.

Library of Congress Offers AI Legal Guidance to Researchers

Researchers testing generative AI systems can use prompt injection, re-register after being banned, and bypass rate limits without running afoul of copyright law.

Russia's 'BlueAlpha' APT Hides in Cloudflare Tunnels

Cloudflare Tunnels is just the latest legitimate cloud service that cybercriminals and state-sponsored threat actors are abusing to hide their tracks.

'Earth Minotaur' Exploits WeChat Bugs, Sends Spyware to Uyghurs

The emerging threat actor, potentially a Chinese state-sponsored APT, is using the known exploit kit Moonshine in cross-platform attacks that deliver a previously undisclosed backdoor called "DarkNimbus" to ethnic minorities, including Tibetans.

Vulnerability Management Challenges in IoT & OT Environments

By understanding the unique challenges of protecting IoT and OT devices, organizations can safeguard these critical assets against evolving cyber threats.

(Sponsored Article) Navigating the Future With Shorter TLS Lifespans

Reducing TLS certificate validity to 45 days will boost cybersecurity, but it also introduces operational challenges in managing digital certificates.

MORE NEWS / MORE COMMENTARY


HOT TOPICS
Pegasus Spyware Infections Proliferate Across iOS, Android Devices The notorious spyware from Israel's NSO Group has been found targeting journalists, government officials, and corporate executives in multiple variants discovered in a threat scan of 2,500 mobile phones. Navigating the Changing Landscape of Cybersecurity Regulations The evolving regulatory environment presents both challenges and opportunities for businesses. Misconfigured WAFs Heighten DoS, Breach Risks Organizations that rely on their content delivery network provider for Web application firewall services may be inadvertently leaving themselves open to attack. MORE

PRODUCTS & RELEASES

Onapsis Expands Code Security Capabilities to Accelerate and De-Risk SAP BTP Development Projects

Wyden and Schmitt Call for Investigation of Pentagon's Phone Systems

KnowBe4 Releases the Latest Phishing Trends in Q3 2024 Phishing Report

MORE PRODUCTS & RELEASES

EDITORS' CHOICE

Russian FSB Hackers Breach Pakistani APT Storm-0156

Parasitic advanced persistent threat (APT) Secret Blizzard accessed another APT's infrastructure, and stole the same kinds of info it targets in South Asian government and military victims.

LATEST FROM THE EDGE

Name That Edge Toon: Shackled!

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card.

LATEST FROM DR TECHNOLOGY

LLMs Raise Efficiency, Productivity of Cybersecurity Teams

AI-powered tools are making cybersecurity tasks easier to solve, as well as easier for the team to handle.

LATEST FROM DR GLOBAL

African Law Enforcement Nabs 1,000+ Cybercrime Suspects

Authorities across 19 African countries also dismantled their infrastructure and networks, thanks to cooperation between global law enforcement and private firms.

WEBINARS

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

View More Dark Reading Reports >>