The November 2024 Patch Tuesday update contains a substantially high percentage of remote code execution (RCE) vulnerabilities (including a critical issue in Windows Kerberos), and two other zero-day bugs.
| | | LATEST SECURITY NEWS & COMMENTARY | | 2 Zero-Day Bugs in Microsoft's Nov. Update Under Active Exploit The November 2024 Patch Tuesday update contains a substantially high percentage of remote code execution (RCE) vulnerabilities (including a critical issue in Windows Kerberos), and two other zero-day bugs that have been previously disclosed and could soon come under attack. Google AI Platform Bugs Leak Proprietary Enterprise LLMs The tech giant fixed privilege-escalation and model-exfiltration vulnerabilities in Vertex AI that could have allowed attackers to steal or poison custom-built AI models. 6 Infotainment Bugs Allow Mazdas to Be Hacked With USBs Direct cyberattacks on vehicles are all but unheard of. In theory, though, the opportunity is there to cause real damage — data extraction, full system compromise, even gaining access to safety-critical systems. Max-Critical Cisco Bug Enables Command-Injection Attacks Though Cisco reports of no known malicious exploitation attempts, but thanks to a CVSS 10 out of 10 security vulnerability (CVE-2024-20418) three of its wireless access points are vulnerable to remote, unauthenticated cyberattacks. Canada Closes TikTok Offices, Citing National Security Questions remain over what a corporate ban will achieve, since Canadians will still be able to use the app. Has the Cybersecurity Workforce Peaked? While training and credentialing organizations continue to talk about a "gap" in skilled cybersecurity workers, demand — especially for entry-level workers — has plateaued, spurring criticism of the latest rosy stats that seem to support a hot market for qualified cyber pros. How CISOs Can Lead the Responsible AI Charge CISOs understand the risk scenarios that can help create safeguards so everyone can use AI safely and focus on the technology's promises and opportunities. Open Source Security Incidents Aren't Going Away Companies and organizations need to recognize the importance of investing in engineers who possess both the soft and hard skills required to secure open source software effectively. How Developers Drive Security Professionals Crazy The journey toward a successful DevSecOps implementation is complex, requiring a strategic approach to overcome the myriad challenges it presents. The Power of the Purse: How to Ensure Security by Design CISA should make its recommended goals mandatory and perform audits to ensure compliance. MORE NEWS / MORE COMMENTARY | | | | | DON'T MISS TODAY'S VIRTUAL EVENT | | Know Your Enemy: Understanding Cybercriminals and Nation-State ActorsNov. 14, 11:00 a.m. – 5:00 p.m. ET. Who are the cyberattackers behind current attack campaigns, and what is their endgame? How could their tactics and techniques be used against your organization? In this free virtual event, learn about the latest, most prolific threat actors and their methods, and how to protect your enterprise. Register now!LISTEN TO OUR LATEST PODCASTDark Reading Confidential: Quantum Has Landed, So Now What?NIST's new post-quantum cryptography standards are here, so what comes next? This episode of Dark Reading Confidential digs into the world of quantum computing from a cybersecurity practitioner's point of view — with guests Matthew McFadden, vice president, Cyber, General Dynamics Information Technology (GDIT) and Thomas Scanlon, professor, Heinz College, Carnegie Mellon University. MORE |
| | | | PRODUCTS & RELEASES | | OpenText Cybersecurity Unveils 2024's Nastiest Malware Lacoste First to Use AI-Powered Anti-counterfeiting Solution 20% of Industrial Manufacturers Are Using Network Security as a First Line of Defense CISA Releases Its First Ever International Strategic Plan MORE PRODUCTS & RELEASES |
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
