Ongoing Rapid Reset DDoS flood attacks exposed organizations need to patch CVE-2023-44487 immediately to head off crippling outages and business disruption.
| | | LATEST SECURITY NEWS & COMMENTARY | | Internet-Wide Zero-Day Bug Fuels Largest-Ever DDoS Event Ongoing Rapid Reset DDoS flood attacks exposed organizations need to patch CVE-2023-44487 immediately to head off crippling outages and business disruption. Microsoft: Chinese APT Behind Atlassian Confluence Attacks; PoCs Appear Organizations should brace for mass exploitation of CVE-2023-22515, an uber-critical security bug that opens the door to crippling supply chain attacks on downstream victims. Curl Bug Hype Fizzles After Patching Reveal Touted for days as potentially catastrophic, the curl flaws only impact a narrow set of deployments. 'Looney Tunables' Linux Flaw Sees Snowballing Proof-of-Concept Exploits Following the publication of the critical Linux security vulnerability, security specialists released PoC exploits to test the implications of CVE-2023-4911. Critical Zero-Day Bug in Atlassian Confluence Under Active Exploit Patch now: The Atlassian security vulnerability appears to be a remotely exploitable privilege-escalation bug that cyberattackers could use to crack collaboration environments wide open. Too Rich to Ransomware? MGM Brushes Off $100M in Losses MGM wins big bet that choosing days of operations outages is a better business decision than paying a ransom, following last month's data breach. Operation Behind Predator Mobile Spyware Is 'Industrial Scale' The Intellexa alliance has been using a range of tools for intercepting and subverting mobile and Wi-Fi technologies to deploy its surveillance tools, according to an investigation by Amnesty International and others. Legions of Critical Infrastructure Devices Subject to Cyber Targeting Nearly 100,000 ICS devices have been found open to the public Internet, potentially threatening physical safety globally. Here's how to quantify the risk. 23andMe Cyberbreach Exposes DNA Data, Potential Family Ties The information leaked in the breach involves personally identifiable information as well as genetic ancestry data, potential relatives, and geolocations. Suspected Crime Gang Hacks Israeli President's Telegram Account The encrypted messaging app was hacked in the wake of an online scam before access was "swiftly restored." Could Cybersecurity Breaches Become Harmless in the Future? With these five steps, organizations can develop stronger security practices and make the inevitable breaches inconsequential. Cybersecurity Talent in America: Bridging the Gap It's past time to reimagine how to best nurture talent and expand recruiting and training to alleviate the shortage of trained cybersecurity staff. We need a diverse talent pool trained for tomorrow's challenges. Preparing for the Unexpected: A Proactive Approach to Operational Resilience Try these steps to create an operational resilience action plan that will satisfy financial regulators and help sustain business without disruption. Reassessing the Impacts of Risk Management With NIST Framework 2.0 The latest NIST Cybersecurity Framework draft highlights four major themes that organizations should pay attention to for managing risk. MORE NEWS / MORE COMMENTARY | | |
| | | | | WEBINARS | | The Enterprise View to Cloud Security Today's enterprises may have dozens and dozens of cloud applications and services running in their environment. Enterprises need to coordinate security, manage privileges and access, and handle incident response - the service provider will do only so much. In this ... Fundamentals of a Cyber Risk Assessment Executives are increasingly thinking about cyberattacks and security threats in terms of risk to their organization. It can be difficult for organizations to quantitatively measure risk, or to assess how an attack or breach would impact the business. In this ... | | View More Dark Reading Webinars >> |
|
| | | | |
|
| | | FEATURED REPORTS | | The State of Supply Chain Threats How to Use Threat Intelligence to Mitigate Third-Party Risk The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ... Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware | | View More Dark Reading Reports >> |
|
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
