Two security holes — one particularly gnarly — could allow hackers the freedom to do as they wish with the popular edge equipment.
| | | LATEST SECURITY NEWS & COMMENTARY | | Command-Injection Bug in Cisco Industrial Gear Opens Devices to Complete Takeover Two security holes — one particularly gnarly — could allow hackers the freedom to do as they wish with the popular edge equipment. Phishers Trick Microsoft Into Granting Them 'Verified' Cloud Partner Status Everyone on Twitter wants a blue check mark. But Microsoft Azure's blue badges are even more valuable to a threat actor stealing your data via malicious OAuth apps. Lazarus Group Rises Again, to Gather Intelligence on Energy, Healthcare Firms An OpSec slip from the North Korean threat group helps researchers attribute what was first suspected as a ransomware attack to nation-state espionage. Discrepancies Discovered in Vulnerability Severity Ratings Differences in how the National Vulnerability Database (NVD) and vendors score bugs can make patch prioritization harder, study says. Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine The incidents are the latest indication of the growing popularity of dangerous disk wipers, created to disrupt and degrade critical infrastructure and other organizations. Companies Struggle With Zero Trust as Attackers Adapt to Get Around It Only one in 10 enterprises will create a robust zero-trust foundation in the next three years, while more than half of attacks won't even be prevented by it, according to Gartner. Hive Ransomware Gang Loses Its Honeycomb, Thanks to DoJ The US Department of Justice hacked into Hive's infrastructure, made off with hundreds of decryptors, and seized the gang's operations. Federal Agencies Infested by Cyberattackers via Legit Remote Management Systems Hackers don't need a key to get past your defenses if they can essentially teleport using RMMs, warns CISA and the NSA. Inside Killnet: Pro-Russia Hacktivist Group's Support and Influence Grows Killnet is building its profile, inspiring jewelry sales and rap anthems. But the impact of its DDoS attacks, like the ones that targeted 14 major US hospitals this week, remain largely questionable. Critical RCE Lexmark Printer Bug Has Public Exploit A nasty SSRF bug in Web Services plagues a laundry list of enterprise printers. 3 Ways ChatGPT Will Change Infosec in 2023 OpenAI's chatbot has the promise to revolutionize how security practitioners work. Will Cybersecurity Remain Recession-Proof in 2023? Demand for skilled professionals will remain high, but cyber budgets will be eaten away. Organizations Must Brace for Privacy Impacts This Year Expect more regulatory and enforcement action in the US and around the world. Application Security Must Be Nonnegotiable Companies need to keep security priorities top of mind during economic downturns so all-important revenue generation doesn't come with a heaping side order of security problems. MORE NEWS / MORE COMMENTARY | | | | | HOT TOPICS | Beating the Odds: 3 Challenges Women Face in the Cybersecurity Industry
Companies need to be aware of the work culture they foster. Diversity and inclusion aren't just buzzwords. Increasing female visibility and improving female mentoring to help women enter and advance within the cybersecurity industry are key steps forward.
Spotlight on 2023 DevSecOps Trends
Solutions that provide more actionable results — remediation that frees up engineers, processes which integrate security into software development from its design, along with automation, IAC, and tool consolidation — are among the DevSecOps strategies that will prevail this year.
MORE |
|
| | | | | WEBINARS | | Deciphering the Hype Around XDR Security teams are increasingly being asked about the organization's Extended Detection and Response capabilities. There is still a lot of confusion and misunderstanding about XDR and what it can accomplish. XDR goes beyond endpoint monitoring and detection, while extending visibility ... A Roadmap to Zero Trust: Steps for Meaningful Progress Amongst the Hype Join this webinar as our Zero Trust experts discuss "quick wins" like: --Enforcing strong multifactor authentication and Zero Trust policies for critical applications. --Closing inbound ports open to the Internet. --Areas not always included in the Zero Trust conversation, like ... | | View More Dark Reading Webinars >> |
|
| | | | |
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
