In the latest incarnation of the TLStorm vulnerability, switches from Avaya and Aruba — and perhaps others — are susceptible to compromise from an internal attacker.
| | | LATEST SECURITY NEWS & COMMENTARY | | China-Backed Winnti APT Siphons Reams of US Trade Secrets in Sprawling Cyber-Espionage Attack Operation CuckooBees uncovered the state-sponsored group's sophisticated new tactics in a years-long campaign that hit more than 30 tech and manufacturing companies. Google Offers $1.5M Bug Bounty for Android 13 Beta The security vulnerability payout set bug hunters rejoicing, but claiming the reward is much, much easier said than done. TLS Flaws Leave Avaya, Aruba Switches Open to Complete Takeover In the latest incarnation of the TLStorm vulnerability, switches from Avaya and Aruba — and perhaps others — are susceptible to compromise from an internal attacker. Critical Vulnerabilities Leave Some Network-Attached Storage Devices Open to Attack QNAP and Synology say flaws in the Netatalk fileserver allow remote code execution and information disclosure. Microsoft Patches Pair of Dangerous Vulnerabilities in Azure PostgreSQL Flaws gave attackers a way to access other cloud accounts and databases, security vendor says. What Star Wars Teaches Us About Threats The venerable film franchise shows us how to take threats in STRIDE. Security Stuff Happens: What Do You Do When It Hits the Fan? Breaches can happen to anyone, but a well-oiled machine can internally manage and externally remediate in a way that won't lead to extensive damage to a company's bottom line. (Part 1 of a series.) Security Stuff Happens: What Will the Public Hear When You Say You've Been Breached? A company's response to a breach is more important than almost anything else. But what constitutes a "good" response following a security incident? (Part 2 of a series.) Take a Diversified Approach to Encryption Encryption will break, so it's important to mix and layer different encryption methods. New Ransomware Variant Linked to North Korean Cyber Army Researchers use code, Bitcoin transactions to link ransomware attacks on banks to DPRK-sponsored actors. Unpatched DNS-Poisoning Bug Affects Millions of Devices, Stumps Researchers The security vulnerability puts wide swaths of industrial networks and IoT devices at risk of compromise, researchers warn. Cloudflare Flags Largest HTTPS DDoS Attack It's Ever Recorded This scale of this month's encrypted DDoS attack over HTTPS suggests a well-resourced operation, analysts say. Coca-Cola Investigates Data-Theft Claims After Ransomware Attack The Stormous ransomware group is offering purportedly stolen Coca-Cola data for sale on its leak site, but the soda giant hasn't confirmed that the heist happened. MORE NEWS / MORE COMMENTARY | | | | |
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To update your profile, change your e-mail address, or unsubscribe, click here. | | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
