A pair of Microsoft bugs allow cyberattackers to bypass native Windows Internet download security, says former CERT CC researcher who discovered the flaws.
| LATEST SECURITY NEWS & COMMENTARY | Windows Mark of the Web Zero-Days Remain Patchless, Under Exploit A pair of Microsoft bugs allow cyberattackers to bypass native Windows Internet download security, says former CERT CC researcher who discovered the flaws. Atlassian Vulnerabilities Highlight Criticality of Cloud Services Two flaws in the popular developer cloud platform show how weaknesses in authorization functions and SaaS flaws can put cloud apps at risk. List of Common Passwords Accounts for Nearly All Cyberattacks Half of a million passwords from the RockYou2021 list account for 99.997% of all credential attacks against a variety of honeypots, suggesting attackers are just taking the easy road. Google's GUAC Aims to Democratize Software Supply Chain Security Metadata Software makers and customers will be able to query graph database for information about the security and provenance of components in applications and codebases. Threat Groups Repurpose Banking Trojans into Backdoors Ursnif, a one-time banking Trojan also known as Gozi, becomes the latest codebase to be repurposed as a more general backdoor, as malware developers trend toward modularity. Ransomware Gangs Ramp Up Industrial Attacks in US The manufacturing segment was especially hard hit by cyberattacks in the third quarter of 2022. Microsoft Data-Exposure Incident Highlights Risk of Cloud Storage Misconfiguration Many enterprises continue to leave cloud storage buckets exposed despite widely available documentation on how to properly secure them. Cisco Warns AnyConnect VPNs Under Active Cyberattack Older bugs in the AnyConnect Secure Mobility Client are being targeted in the wild, showcasing patch-management failures. Stress Is Driving Cybersecurity Professionals to Rethink Roles Burnout has led one-third of cybersecurity staffers to consider changing jobs over the next two years, potentially further deepening the talent shortage, research shows. FBI: Iranian Threat Group Likely to Target US Midterms Similar to what happened around the 2020 election, FBI warns that the Emennet Pasargad group is poised to target officials and companies with embarrassing hack-and-leak campaigns. Exploit Attempts Underway for Apache Commons Text4Shell Vulnerability The good news: The Apache Commons Text library bug is far less likely to lead to exploitation than last year's Log4j library flaw. Dark Reading Launches New Section Dedicated to ICS/OT Security ICS/OT Security joins the lineup of 14 cybersecurity topic sections on the media site. Cybersecurity Risks & Stats This Spooky Season From ransomware to remote workers to cyber-extortion gangs to Fred in shipping who clicks on the wrong link, cybersecurity concerns can keep you awake this season and all seasons. Cybersecurity's Role in Combating Midterm Election Disinformation A multilayered attack technique that took center stage in 2020 and has only grown more endemic. Name That Toon: Witching Hour Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. MORE NEWS / MORE COMMENTARY | |
|
Dark Reading Weekly -- Published By Dark Reading Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | We take your privacy very seriously. Please review our Privacy Statement. |
|
|