Dark Reading Daily -- May 23, 2024

The severe security vulnerability (CVE-2024-4701, CVSS 9.9) gives remote attackers a way to burrow into Netflix's Genie open source platform, which is a treasure trove of information and connections to other internal services.

LATEST SECURITY NEWS & COMMENTARY

Critical Netflix Genie Bug Opens Big Data Orchestration to RCE

China APT Stole Geopolitical Secrets From Middle East, Africa & Asia

One of China's biggest espionage operations owes its success to longstanding Microsoft Exchange bugs, open source tools, and old malware.

Novel EDR-Killing 'GhostEngine' Malware Is Built for Stealth

The previously unknown malware (aka Hidden Shovel) is a ghost in the machine: It silently attacks kernel drivers to shut down security defense systems and thus evade detection.

GitHub Authentication Bypass Opens Enterprise Server to Attackers

The max-severity bug affects versions using the SAML single sign-on mechanism.

US Pumps $50M Into Better Healthcare Cyber Resilience

Upgrade, an ARPA-H program, will focus on automating cybersecurity for healthcare institutions so that providers can focus on patient care.

Trends at the 2024 RSA Startup Competition

Startups at Innovation Sandbox 2024 brought clarity to artificial intelligence, protecting data from AI, and accomplishing novel security solutions with new models.

Preparing Your Organization for Upcoming Cybersecurity Deadlines

Federal and state regulators have introduced new rules and mandates aimed at holding organizations accountable when it comes to cybersecurity. Here's how to get ready.

MORE NEWS / MORE COMMENTARY


HOT TOPICS
YouTube Becomes Latest Battlefront for Phishing, Deepfakes Personalized phishing emails with fake collaboration opportunities and compromised video descriptions linking to malware are just some of the new tricks. Critical Bug Allows DoS, RCE, Data Leaks in All Major Cloud Platforms An on-by-default endpoint in ubiquitous logging service Fluent Bit contains an oversight that hackers can toy with to rattle most any cloud environment. Name That Toon: Buzz Kill Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. MORE

PRODUCTS & RELEASES

Data Breach Response Provider, CyEx, Acquires Settlement Administrator, Simpluris Inc.

HP Catches Cybercriminals 'Cat-Phishing' Users

Deepfakes Rank as the Second Most Common Cybersecurity Incident for US Businesses

MORE PRODUCTS & RELEASES

EDITORS' CHOICE

Iran APTs Tag Team Espionage, Wiper Attacks Against Israel & Albania

Scarred Manticore is the smart, sophisticated one. But when Iran needs something destroyed, it hands the keys over to Void Manticore.

LATEST FROM THE EDGE

Persistent Burnout Is Still a Crisis in Cybersecurity

Burnout has been an oft-reported problem among security professionals for years. Are there any new ideas for supporting mental health in the industry?

LATEST FROM DR TECHNOLOGY

Snowflake's Anvilogic Investment Signals Changes in SIEM Market

Coming on the heels of Cisco buying Splunk, Palo Alto Networks acquiring IBM's QRadar, and LogRhythm merging with Exabeam, Snowflake's investment highlights the ongoing market pressure to improve SOC tools.

LATEST FROM DR GLOBAL

Chinese 'ORB' Networks Conceal APTs, Render Static IoCs Irrelevant

Mandiant warns that defenders must rethink how to thwart Chinese cyber-espionage groups now using professional "infrastructure-as-a-service" operational relay box networks of virtual private servers as well as hijacked smart devices and routers.

WEBINARS

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

View More Dark Reading Reports >>