Dark Reading Daily -- October 25, 2024

An attacker compromised one of Fortinet's most sensitive products and mopped up all kinds of reconnaissance data helpful for future mass device attacks.

LATEST SECURITY NEWS & COMMENTARY

Critical Bug Exploited in Fortinet's Management Console

An attacker compromised one of Fortinet's most sensitive products and mopped up all kinds of reconnaissance data helpful for future mass device attacks.

AWS's Predictable Bucket Names Make Accounts Easier to Crack

Amazon's open source Cloud Development Kit generates dangerously predictable naming patterns that could lead to an account takeover.

AI Chatbots Ditch Guardrails After 'Deceptive Delight' Cocktail

The latest GenAI jailbreak technique tricks chatbots into returning restricted content by blending different prompt topics together.

Cisco ASA, FTD Software Under Active VPN Exploitation

Unauthenticated threat actors can remotely cause a denial-of-service (DoS) cyberattack within the Remote Access VPN software in Cisco's ASA and Firepower software.

Why Cybersecurity Acumen Matters in the C-Suite

Until CEOs and boards prioritize learning more about mitigating threats, organizations are leaving themselves and their businesses open to the potential for disaster.

Microsoft: Healthcare Sees 300% Surge in Ransomware Attacks

Even after the ransom is paid, such attacks lead to spikes in strokes and heart attacks and increased wait times for patients.

MORE NEWS / MORE COMMENTARY


HOT TOPICS
The US Needs a Better Energy Grid to Win the AI Arms Race The longer we avoid reform, the further behind we'll fall in AI innovation — and the more vulnerable we'll be. Mobile Apps With Millions of Downloads Expose Cloud Credentials Popular titles on both Google Play and Apple's App Store include hardcoded and unencrypted AWS and Azure credentials in their codebases or binaries, making them vulnerable to misuse by threat actors. Lazarus Group Exploits Chrome Zero-Day in Latest Campaign The North Korean actor is going after cryptocurrency investors worldwide leveraging a genuine-looking game site and AI-generated content and images. Name That Toon: The Big Jump Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. MORE

PRODUCTS & RELEASES

Grip Security Releases 2025 SaaS Security Risks Report

Jake Williams Joins Hunter Strategy As VP of RND & Managing Director of Hunter Labs

American Water Under Investigation for Cyberattack Potentially Affecting 14M Customers

MORE PRODUCTS & RELEASES

EDITORS' CHOICE

Microsoft SharePoint Vuln Is Under Active Exploit

The risk of exploitation is heightened, thanks to a proof-of-concept that's been made publicly available.

LATEST FROM THE EDGE

'Shift Left' Gets Pushback, Triggers Security Soul Searching

A government report's criticism of the 100x metric often used to justify fixing software earlier in development fuels a growing debate over pushing responsibility for secure code onto developers.

LATEST FROM DR TECHNOLOGY

Open Source LLM Tool Sniffs Out Python Zero-Days

Vulnhuntr is a Python static code analyzer using Claude AI to find and explain complex, multistep vulnerabilities.

LATEST FROM DR GLOBAL

'Prometei' Botnet Spreads Its Cryptojacker Worldwide

The Russian-language malware primarily enlists computers to mine Monero, but theoretically it can do worse.

WEBINARS

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

View More Dark Reading Reports >>