Cyberattackers are targeting Apache webservers and websites using the popular Laravel Web application framework in order to steal credentials for the apps
 | | LATEST SECURITY NEWS & COMMENTARY |  CISA: AWS, Microsoft 365 Accounts Under Active 'Androxgh0st' Attack Cyberattackers are targeting Apache webservers and websites using the popular Laravel Web application framework in order to steal credentials for the apps.  Patch ASAP: Max-Critical Atlassian Bug Allows Unauthenticated RCE Rated at a CVSS score of 10, the bug is as bad as it gets, allowing remote cyberattackers unfettered access to corporate environments.  Ivanti Zero-Day Exploits Skyrocket Worldwide; No Patches Yet Anyone who hasn't mitigated two zero-day security bugs in Ivanti VPNs may already be compromised by a Chinese nation-state actor.  Ivanti Researchers Report Two Critical Zero-Day Vulnerabilities Patches will be available in late January and February, but until then, customers must take mitigation measures. SEC X Account Hack Draws Senate Outrage Senators from both parties called the Securities and Exchange Commission's lack of MFA "inexcusable" and demand investigation into the regulator's cybersecurity lapse.  Volt Typhoon Ramps Up Malicious Activity Against Critical Infrastructure The Chinese state-sponsored APT has compromised as many as 30% of Cisco legacy routers on a SOHO botnet that multiple threat groups use. CISA Adds 9.8 'Critical' Microsoft SharePoint Bug to its KEV Catalog It's a tale as old as time: an old, long-since patched vulnerability that remains actively exploited.  War or Cost of Doing Business? Cyber Insurers Hashing Out Exclusions Following a settlement over Merck's $700 million claims over NotPetya damages, questions remain about what constitutes an act of war for cyber-insurance policies. Africa, Middle East Lead Peers in Cybersecurity, but Lag Globally Both regions score above average compared to similar sized economies, but investing in updated technologies and patching processes would help cyber resilience globally.  Name That Toon: Cast Adrift Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.  Your Cybersecurity Budget Is a Horse's Rear End Are historical budget constraints limiting your cybersecurity program? Don't let old saws hold you back. It's time to revisit your budget with revolutionary future needs front of mind. MORE NEWS / MORE COMMENTARY | | | | | | PRODUCTS & RELEASES | | |
| | | EDITORS' CHOICE | | |
| | | | WEBINARS | | |
| | | | WHITE PAPERS | | |
| | | | | | FEATURED REPORTS | - Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
- What Ransomware Groups Look for in Enterprise Victims
Ransomware attackers cast a wide net -- they just care about causing damage, making money, and gaining new victims. That means no organization is automatically immune to attack just because of its size or industry. Organizations need to take steps ... - How to Use Threat Intelligence to Mitigate Third-Party Risk
The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ...
| | View More Dark Reading Reports >> |
|
|
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
