Dark Reading Daily -- December 10, 2024

The second zero-day vulnerability found in Windows NTLM in the past two months paves the way for relay attacks and credential theft. Microsoft has no patch, but released updated NTLM cyberattack mitigation advice.

LATEST SECURITY NEWS & COMMENTARY

Microsoft NTLM Zero-Day to Remain Unpatched Until April

Sprawling 'Operation Digital Eye' Attack Targets European IT Orgs

A Chinese threat actor infiltrated several IT and security companies in a bring-your-own VS code, with an eye to carrying out a supply-chain-based espionage attack.

Millionaire Airbnb Phishing Ring Busted Up by Police

Scammers set up call centers in luxury rentals to run bank help-desk fraud, as well as large-scale phishing campaigns, across at least 10 European countries, according to law enforcement.

Attackers Can Use QR Codes to Bypass Browser Isolation

Researchers demonstrate a proof-of-concept cyberattack vector that gets around remote, on-premises, and local versions of browser isolation security technology to send malicious communications from an attacker-controlled server.

Large-Scale Incidents & the Art of Vulnerability Prioritization

We can anticipate a growing number of emerging vulnerabilities in the near future, emphasizing the need for an effective prioritization strategy.

MORE NEWS / MORE COMMENTARY


HOT TOPICS
Microsoft Expands Access to Windows Recall AI Feature The activity-recording capability has drawn concerns from the security community and privacy experts, but the tech giant is being measured in its gradual rollout, which is still in preview mode. Why SOC Roles Need to Evolve to Attract a New Generation The cybersecurity industry faces a growing crisis in attracting and retaining SOC analysts. My Car Knows My Secrets, and I'm (Mostly) OK With That Imagine your car gossiping to insurance companies about your lead foot, or data brokers peddling your daily coffee run. Welcome to the world of connected cars, where convenience and privacy are locked in a head-on collision. Library of Congress Offers AI Legal Guidance to Researchers Researchers testing generative AI systems can use prompt injection, re-register after being banned, and bypass rate limits without running afoul of copyright law. MORE

PRODUCTS & RELEASES

Genetec Physical Security Report Shows Accelerating Hybrid Cloud Adoption

Compromised Software Code Poses New Systemic Risk to U.S. Critical Infrastructure

Wyden and Schmitt Call for Investigation of Pentagon's Phone Systems

MORE PRODUCTS & RELEASES

EDITORS' CHOICE

Texas Teen Arrested for Scattered Spider Telecom Hacks

An FBI operation nabbed a member of the infamous cybercrime group, who is spilling the tea on "key Scattered Spider members" and their tactics.

LATEST FROM THE EDGE

Does Your Company Need a Virtual CISO?

With cybersecurity talent hard to come by and companies increasingly looking for guidance and best practices, virtual and fractional chief information security officers can make a lot of sense.

LATEST FROM DR TECHNOLOGY

Google Launches Open Source Patch Validation Tool

Vanir automates the process of scanning source code to identify missing security patches.

LATEST FROM DR GLOBAL

Russian FSB Hackers Breach Pakistani APT Storm-0156

Parasitic advanced persistent threat (APT) Secret Blizzard accessed another APT's infrastructure, and stole the same kinds of info it targets in South Asian government and military victims.

WEBINARS

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

View More Dark Reading Reports >>