78 new CVEs patched in this month's batch — nearly half of which are remotely executable and three of which attackers already are exploiting.
| | | LATEST SECURITY NEWS & COMMENTARY | | 9 New Microsoft Bugs to Patch Now 78 new CVEs patched in this month's batch — nearly half of which are remotely executable and three of which attackers already are exploiting. OT Network Security Myths Busted in a Pair of Hacks How newly exposed security weaknesses in industrial wireless, cloud-based interfaces, and nested PLCs serve as a wake-up call for hardening the physical process control layer of the OT network. ChatGPT Subs In as Security Analyst, Hallucinates Only Occasionally Incident response triage and software vulnerability discovery are two areas where the large language model has demonstrated success, although false positives are common. Embattled VMware ESXi Hypervisor Flaw Exploitable in Myriad Ways It's not just Internet-accessible hosts that are vulnerable, researchers say. Reddit Hack Shows Limits of MFA, Strengths of Security Training A tailored spear-phishing attack successfully convinced a Reddit employee to hand over their credentials and their one-time password, but soon after, the same worker notified security. NIST's New Crypto Standard a Step Forward in IoT Security The National Institute of Standards and Technology has settled on a standard for encrypting Internet of Things (IoT) communications, but many devices remain vulnerable and unpatched. Dark Web Revenue Down Dramatically After Hydra's Demise Competitor markets working to replace Hydra's money-laundering services for cybercriminals. NewsPenguin Goes Phishing for Maritime & Military Secrets A sophisticated cyber-espionage attack against high-value targets attending a maritime technology conference in Pakistan this weekend has been in the works since last year. Russian Hackers Disrupt NATO Earthquake Relief Operations Killnet claims DDoS attack against NATO Special Operations Headquarters, Strategic Airlift Capability, and more. Addressing the Elephant in the Room: Getting Developers & Security Teams to Work Together Bridging the divide between developers and security can create a culture change organically. How Security Teams Can Protect Employees Beyond Corporate Walls De-shaming security mistakes and taking the blame and punishment out of incident reporting can strengthen security efforts both inside and outside of the workplace. Lessons From the Cold War: How Quality Trumps Quantity in Cybersecurity High-quality tools and standards remain critical components in cybersecurity efforts even as budgets decline. It's important that staff knows response procedures and their roles, and also communicates well. MORE NEWS / MORE COMMENTARY | | |
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
