The November 2024 Patch Tuesday update contains a substantially high percentage of remote code execution (RCE) vulnerabilities (including a critical issue in Windows Kerberos), and two other zero-day bugs.
| | | LATEST SECURITY NEWS & COMMENTARY | | 2 Zero-Day Bugs in Microsoft's Nov. Update Under Active Exploit The November 2024 Patch Tuesday update contains a substantially high percentage of remote code execution (RCE) vulnerabilities (including a critical issue in Windows Kerberos), and two other zero-day bugs that have been previously disclosed and could soon come under attack. Citrix Issues Patches for Zero-Day Recording Manager Bugs There is some disagreement over whether the remote code execution (RCE) security flaws allow for unauthenticated exploitation or not. Citrix says no, but researchers say the company is downplaying a "good old unauthenticated RCE." Citrix 'Recording Manager' Zero-Day Bug Allows Unauthenticated RCE The security vulnerability is due to an exposed Microsoft Message Queuing (MSMQ) instance and the use of the insecure BinaryFormatter. 'GoIssue' Cybercrime Tool Targets GitHub Developers En Masse Marketed on a cybercriminal forum, the $700 tool harvests email addresses from public GitHub profiles, priming cyberattackers for further credential theft, malware delivery, OAuth subversion, supply chain attacks, and other corporate breaches. Amazon Employee Data Compromised in MOVEit Breach The data leak was not actually due to a breach in Amazon's systems but rather that of a third-party vendor; the supply chain incident affected several other clients as well. The Power of the Purse: How to Ensure Security by Design CISA should make its recommended goals mandatory and perform audits to ensure compliance. (Sponsored Article) Data Is the Foundation of Identity Security It's impossible to make cybersecurity decisions without putting data-informed context into every identity that spans your enterprise. MORE NEWS / MORE COMMENTARY | | | | | DON'T MISS OUR VIRTUAL EVENT ON THURSDAY | | Know Your Enemy: Understanding Cybercriminals and Nation-State ActorsNov. 14, 11:00 a.m. – 5:00 p.m. ET. Who are the cyberattackers behind current attack campaigns, and what is their endgame? How could their tactics and techniques be used against your organization? In this free virtual event, learn about the latest, most prolific threat actors and their methods, and how to protect your enterprise. Register now!LISTEN TO OUR LATEST PODCAST Dark Reading Confidential: Quantum Has Landed, So Now What? NIST's new post-quantum cryptography standards are here, so what comes next? This episode of Dark Reading Confidential digs into the world of quantum computing from a cybersecurity practitioner's point of view — with guests Matthew McFadden, vice president, Cyber, General Dynamics Information Technology (GDIT) and Thomas Scanlon, professor, Heinz College, Carnegie Mellon University MORE |
| | | | PRODUCTS & RELEASES | | Business Leaders Shift to Tangible AI Results, Finds New TeamViewer Study Xiphera & Crypto Quantique Announce Partnership Canadians Expected to Lose More Than $569M to Scams in 2024 MORE PRODUCTS & RELEASES |
|
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Daily Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
