Experts say CVE-2022-42899 is a serious vulnerability, but widespread exploitation is unlikely because of the specific conditions that need to exist for it to happen.
Follow Dark Reading:
 October 20, 2022
LATEST SECURITY NEWS & COMMENTARY
Apache Commons Vulnerability: Patch but Don't Panic
Experts say CVE-2022-42899 is a serious vulnerability, but widespread exploitation is unlikely because of the specific conditions that need to exist for it to happen.
Researchers Keep a Wary Eye on Critical New Vulnerability in Apache Commons Text
There's nothing yet to suggest CVE-2022-42889 is the next Log4j. But proof-of-concept code is available, and interest appears to be ticking up.
Phishing Mitigation Can Cost Businesses More Than $1M Annually
One of the oldest tactics in cybercrime is still one of the most widely feared — and with good reason, as campaigns are expected to increase and become more sophisticated over the next 12 months.
Concerns Over Fortinet Flaw Mount; PoC Released, Exploit Activity Grows
The authentication bypass flaw in FortiOS, FortiProxy and FortiSwitchManager is easy to find and exploit, security experts say.
Feature-Rich 'Alchimist' Cyberattack Framework Targets Windows, Mac, Linux Environments
The comprehensive, multiplatform framework comes loaded with weapons, and it is likely another effort by a China-based threat group to develop an alternative to Cobalt Strike and Sliver.
CISA Offers Free RedEye Analytics Tool for Red Teams
The tool helps red teams manage their activities, analyze the data from their campaigns, create reports, and better present results to organizations.
Cybersecurity's Hiring Spree Requires a Recruiting Rethink
Just 65 cybersecurity professionals are in the workforce for every 100 available jobs, new study shows.
Cyberattackers Spoof Google Translate in Unique Phishing Tactic
The campaign uses a combination of tactics and a common JavaScript obfuscation technique to fool both end users and email security scanners to steal credentials.
Microsoft 365 Message Encryption Can Leak Sensitive Info
The default email encryption used in Microsoft Office's cloud version is leaky, which the company acknowledged but said it wouldn't fix.
Signal to Ditch SMS/MMS Messaging on Android
Main driver for the change: "Plaintext SMS messages are inherently insecure."
What the Uber Breach Verdict Means for CISOs in the US
Can already beleaguered CISOs now add possible legal charges to their smorgasbord of job considerations? Disclose a breach to comply and face dismissal, or cover it up and face personal punishment.
Care and Feeding of the SOC's Most Powerful Tool: Your Brain
Once overloaded, our brains can't process information effectively, performance decreases, and even the simplest of tasks seem foreign.
What You Need for a Strong Security Posture
From the basics to advanced techniques, here's what you should know.
A New Solution to the Cybersecurity Skills Gap: Building Security into Operational Teams
Why — and how — companies should consider shifting day-to-day security responsibilities out to operations teams. The move would elevate the team's level of decision-making and help address the challenge of finding professionals with security-specific credentials.
4 Stakeholders Critical to Addressing the Cybersecurity Workforce Gap
A cross-disciplinary effort of change is needed to attract new professionals in the coming decade.
Shared Responsibility or Shared Fate? Decentralized IT Means We Are All Cyber Defenders
With the IT universe expanding, collaboration, thoughtfulness, and discipline can ensure a more secure future.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
SBOMs: An Overhyped Concept That Won't Secure Your Software Supply Chain
We need more than the incomplete snapshot SBOMs provide to have real impact.

Treat Essential Security Certificates as Valuable Assets
Manage the company's often-overlooked security certificates as the valuable assets they are, essential for security hygiene and to prevent issues.

MORE
EDITORS' CHOICE
8 Trends Driving Cybersecurity in the Public Sector
CISOs and security leaders in state and local governments are dealing with increasing threats like ransomware — with varying degrees of cyber maturity.
LATEST FROM THE EDGE

Apple's Constant Battles Against Zero-Day Exploits
Such exploits sell for up to $10 million, making them the single most valuable commodity in the cybercrime underworld.
LATEST FROM DR TECHNOLOGY

Microsoft Secures Azure Enclaves With Hardware Guards
Microsoft highlighted emerging confidential computing offerings for Azure during its Ignite conference.
WEBINARS
  • Next-Gen Security Operations: Building the SOC of the Future

    What does a security operations center (SOCs) require in 2022? The practice of monitoring and responding to threats looks very different today than it did just a few years ago. Which tools and skills do you need know to outfit a ...

  • Understanding Cyber Attackers & Their Methods

    Every day, your enterprise is at risk of being hacked. But just who are the cyber attackers, and what are their motivations? What methods might they use to crack enterprise data, and how do they stage their attacks? Do you ...
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
PRODUCTS & RELEASES
GroupSense Delivers New Ransomware Negotiation Training Service
ControlMap Announces the Launch of the Trust Portal, Creating Transparency in Cybersecurity Compliance
Resistant AI and ComplyAdvantage Launch AI Transaction Monitoring Solution To Combat Fraud and Money Laundering
Newly Introduced HackerOne Assets Goes Beyond Attack Surface Management To Close Security Gaps
Armis Now Available on Google Cloud Marketplace
Nexusguard Research Shows Total Number of DDoS Attacks Increased during First Half of 2022 While Maximum Attack Size Decreased Compared to Second Half of 2021
HSBC and Silent Eight Expand Machine Learning Partnership
Google Cloud Advances Partnerships with 20-Plus Software Companies Focused on Digital Sovereignty and Cybersecurity
GitGuardian Extends Code Security Platform, Adding Infrastructure-as-Code Scanning for Security Misconfigurations
Quarter of Healthcare Ransomware Victims Forced to Halt Operations
Imprivata Expands Its Integrated Digital Identity Platform to Defragment Identities Across Disparate Applications
New Research Report Predicts Blockchain and Quantum Threat Will Quickly Spread Beyond Cybercurrencies; Surge in New Product and Services Opportunities to Come
Revelstoke Teams Up With BreachRx, Offering Users Automated Incident Response and Compliance Solutions
MORE PRODUCTS & RELEASES
CURRENT ISSUE

Building the SOC of the Future
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2022  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us