Thanks to a 24-year-old security vulnerability tracked as CVE-2023-50387, attackers could stall DNS servers with just a single malicious packet, effectively taking out wide swaths of the Internet.
| | | LATEST SECURITY NEWS & COMMENTARY | | 'KeyTrap' DNS Bug Threatens Widespread Internet Outages Thanks to a 24-year-old security vulnerability tracked as CVE-2023-50387, attackers could stall DNS servers with just a single malicious packet, effectively taking out wide swaths of the Internet. Misconfigured Custom Salesforce Apps Expose Corporate Data Enterprises typically use the Java-like programming language to customize their Salesforce instances, but attackers are hunting for vulnerabilities in the apps. Meta Disrupts 8 Spyware Firms, 3 Fake News Networks While furiously trying to put out one fire — fake news — the social media giant is dealing with another growing threat: spies for hire. Global Law Enforcement Disrupts LockBit Ransomware Gang Operation Cronos, a collab between authorities in the US, Canada, UK, Europe, Japan, and Australia — seizes data and website associated with the prolific cybercriminal organization and its affiliates. New Wave of 'Anatsa' Banking Trojans Targets Android Users in Europe Users have already downloaded droppers for the malware from Google's official Play store more than 100,000 times since last November. Google's Cloud Run Service Spreads Several Bank Trojans A surging bank malware campaign abuses Google Cloud Run and targets Latin America, with indications that it's hitting other regions as well, researchers warn. Joomla XSS Bugs Open Millions of Websites to RCE Improper content filtering in a core function allows multiple paths to exploitation for CVE-2024-21726. Wyze Cameras Allow Accidental User Spying About 13,000 users received camera images and feeds that weren't theirs. This cyber incident takes place only five months after the company experienced a similar issue and failed to be transparent with users about the issues it was facing. Cyber Insurance Needs to Evolve to Ensure Greater Benefit A catastrophic cyber event hasn't yet come to pass, but vast amounts of personal data have been compromised. We need to be prepared for worst-case scenarios. Iranian APTs Dress Up as Hacktivists for Disruption, Influence Ops Iran has taken a page from the Russian playbook: Passing off military groups as civilians for the sake of PR and plausible deniability. Median Ransomware Demands Grow to $600K a Pop The now-disrupted LockBit gang outpaced its competitors in volume in 2023, as ransom amounts spiked 20% year-over-year. (Sponsored Article) Security Via Consensus: Developing the CIS Benchmarks™ Understand the CIS Benchmarks'™ community-consensus development process that helps ensure they provide comprehensive guidance on Internet security. MORE NEWS / MORE COMMENTARY | | | | | | PRODUCTS & RELEASES | | Critical Software Vulnerabilities Impacting Credit Unions Discovered by LMG Security Researcher Surge in 'Hunter-Killer' Malware Uncovered by Picus Security JumpCloud's Q1 2024 SME IT Trends Report Reveals AI Optimism Tempered by Security Concerns Vectra AI Launches Global, 24x7 Open MXDR Service Built to Defend Against Hybrid Attacks Somos, Inc. Protects Businesses' IoT Assets With the Availability of SomosID MORE PRODUCTS & RELEASES |
|
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Daily Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
