Google has disclosed a nasty set of six bugs affecting Zoom chat that can be chained together for MitM and RCE attacks, no user interaction required.
| LATEST SECURITY NEWS & COMMENTARY | Zero-Click Zoom Bug Allows Code Execution Just by Sending a Message Google has disclosed a nasty set of six bugs affecting Zoom chat that can be chained together for MitM and RCE attacks, no user interaction required. VMware, Airline Targeted as Ransomware Chaos Reigns Global ransomware incidents target everything from enterprise servers to grounding an airline, with one India-based group even taking a Robin Hood approach to extortion with the "GoodWill" strain. 'There's No Ceiling': Ransomware's Alarming Growth Signals a New Era, Verizon DBIR Finds Ransomware has become so efficient, and the underground economy so professional, that traditional monetization of stolen data may be on its way out. Partial Patching Still Provides Strong Protection Against APTs Organizations that deploy updates only after a vulnerability is disclosed apply far fewer updates and do so at a lower cost than those that stay up to date on all of their software, university researchers say. Majority of Kubernetes API Servers Exposed to the Public Internet Shadowserver Foundation researchers find 380,000 open Kubernetes API servers. Microsoft Elevation-of-Privilege Vulnerabilities Spiked Again in 2021 But there was a substantial drop in the overall number of critical vulnerabilities that the company disclosed last year, new analysis shows. DDoS Extortion Attack Flagged as Possible REvil Resurgence A DDoS campaign observed by Akamai from actors claiming to be REvil would represent a major pivot in tactics for the gang. Interpol's Massive 'Operation Delilah' Nabs BEC Bigwig A sprawling, multiyear operation nabs a suspected SilverTerrier BEC group ringleader, exposing a massive attack infrastructure and sapping the group of a bit of its strength. After the Okta Breach, Diversify Your Sources of Truth What subsequent protections do you have in place when your first line of defense goes down? 6 Scary Tactics Used in Mobile App Attacks Mobile attacks have been going on for many years, but the threat is rapidly evolving as more sophisticated malware families with novel features enter the scene. Spring Cleaning Checklist for Keeping Your Devices Safe at Work Implement zero-trust policies for greater control, use BYOD management tools, and take proactive steps such as keeping apps current and training staff to keep sensitive company data safe and employees' devices secure. Industry 4.0 Points Up Need for Improved Security for Manufacturers With manufacturing ranking as the fourth most targeted sector, manufacturers that understand their exposure will be able to build the necessary security maturity. Crypto Hacks Aren't a Niche Concern; They Impact Wider Society Million-dollar crypto heists are becoming more common as the currency starts to go mainstream; prevention and enforcement haven't kept pace. Authentication Is Static, Yet Attackers Are Dynamic: Filling the Critical Gap To succeed against dynamic cybercriminals, organizations must go multiple steps further and build a learning system that evolves over time to keep up with attacker tactics. MORE NEWS / MORE COMMENTARY | | |
|
Dark Reading Weekly -- Published By Dark Reading Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| To update your profile, change your e-mail address, or unsubscribe, click here. | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | We take your privacy very seriously. Please review our Privacy Statement. |
|
|