Four RCE vulnerabilities in Confluence, Jira, and other platforms, allow instance takeover and environment infestation.
| | | LATEST SECURITY NEWS & COMMENTARY | | Patch Now: Critical Atlassian Bugs Endanger Enterprise Apps Four RCE vulnerabilities in Confluence, Jira, and other platforms, allow instance takeover and environment infestation. Critical Bluetooth Flaw Exposes Android, Apple & Linux Devices to Takeover Various devices remain vulnerable to the bug, which has existed without notice for years and allows an attacker to control devices as if from a Bluetooth keyboard. Microsoft Is Getting a New 'Outsider' CISO Igor Tsyganskiy inherits the high-profile CISO spot in Redmond, while his predecessor, Bret Arsenault, is named chief security adviser. Simple Hacking Technique Can Extract ChatGPT Training Data Apparently all it takes to get a chatbot to start spilling its secrets is prompting it to repeat certain words like "poem" forever. Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCs Hundreds of consumer and enterprise-grade x86 and ARM models from various vendors, including Intel, Acer, and Lenovo, are potentially vulnerable to bootkits and takeover. Meta AI Models Cracked Open With Exposed API Tokens Researchers at Lasso Security found 1,500+ tokens in total that gave them varying levels of access to LLM repositories at Google, Microsoft, VMware, and some 720 other organizations. Siemens PLCs Still Vulnerable to Stuxnet-like Cyberattacks Security updates are tedious and difficult, so users continue to use a weak version of a core protocol and remain exposed to major attacks on critical infrastructure. 'AeroBlade' Group Hacks US Aerospace Company Aeroblade flew under the radar, slicing through detection checks on a quest to steal sensitive commercial data. 23andMe: Data Breach Was a Credential-Stuffing Attack The DNA testing company believes that the attack has now been contained and is notifying impacted individuals. Japan's Space Program at Risk After Microsoft Active Directory Breach The agency, known as JAXA, has shut down parts of its network as it conducts an investigation to discover the scope and impact of the breach. Establishing New Rules for Cyber Warfare Why we should applaud the Red Cross's efforts, even if they likely won't work. MORE NEWS / MORE COMMENTARY | | | | | | PRODUCTS & RELEASES | | Cloudbrink Presents Firewall-As-Service for the Hybrid Workplace DTEX Systems Appoints Mandiant Global CTO Marshall Heilman As CEO Keeper Security Survey Finds 82% of IT Leaders Want to Move Their On-Premises Privileged Access Management (PAM) Solution to the Cloud Foresite Cybersecurity Partners With Crowdstrike Mine Secures $30M in Series B Funding Enveedo Closes $3.15M Seed Round to Help Businesses Build and Maintain Cyber Resiliency The Latest Delinea Secret Server Release Boosts Usability With New Features Flow Security Launches GenAI DLP Klarytee Raises $900k Pre-Seed Round to Make Data Secure by Default MORE PRODUCTS & RELEASES |
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
