A second, easy-to-exploit critical security vulnerability in Microsoft's first 2024 Patch Tuesday allows RCE within Hyper-Virtualization.
Follow Dark Reading:
 January 11, 2024
LATEST SECURITY NEWS & COMMENTARY
Patch Now: Critical Windows Kerberos Bug Bypasses Microsoft Security
A second, easy-to-exploit critical security vulnerability in Microsoft's first 2024 Patch Tuesday allows RCE within Hyper-Virtualization.
Beware Weaponized YouTube Channels Spreading Lumma Stealer
Videos promoting how to crack popular software circumvent Web filters by using GitHub and MediaFire to propagate the malware.
CES 2024: Will the Coolest New AI Gadgets Protect Your Privacy?
Consumer electronics manufacturers are innovating fast. Regulators are slow to keep up. Data privacy is in the balance.
War or Cost of Doing Business? Cyber Insurers Hashing Out Exclusions
Following a settlement over Merck's $700 million claims over NotPetya damages, questions remain about what constitutes an act of war for cyber-insurance policies.
Hospitality Hackers Target Hotels' Booking.com Logins
Cyberattackers are checking into the accounts of Booking.com's hotel partners, hoping to steal their visitor data.
Ransomware Gang Gives Toronto Zoo the Monkey Business
As the investigation continues, the zoo reports that it does not store the credit card information of its guests.
'Swatting' Becomes Latest Extortion Tactic in Ransomware Attacks
Threat actors leave medical centers with the difficult choice of paying the ransom or witnessing patients suffer the consequences.
Apache ERP Zero-Day Underscores Dangers of Incomplete Patches
Apache fixed a vulnerability in its OfBiz enterprise resource planning (ERP) framework last month, but attackers and researchers found a way around the patch.
Mandiant's X (Twitter) Account Hacked to Promote Crypto Scam
The hours-long breach — since resolved — directed users to a suspicious website as attackers posing as crypto-wallet service Phantom took over the feed of the Google subsidiary.
Administrator Account for Middle East Internet Registry Hacked
The compromise reportedly led to corruption in the routing of a Spanish telecom provider's network.
Why Red Teams Can't Answer Defenders' Most Important Questions
Red-team assessments aren't very good at validating that defenses are working, so defenders don't have a realistic sense of how strong their defenses are.
Who Is Behind Pro-Ukrainian Cyberattacks on Iran?
Are Ukrainian cyberattacks against Iranian targets a blip or the beginning of a new trend?
Navigating the New Age of Cybersecurity Enforcement
The SolarWinds SEC lawsuit illuminates the potential risks faced by CISOs and other cybersecurity executives.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Protecting Critical Infrastructure Means Getting Back to Basics
Critical infrastructure organizations need to recognize that the technology and cybersecurity landscapes have changed.

It's Time to Close the Curtain on Security Theater
A shift of focus to cyberattack prevention strategies will more effectively mitigate risk.

Navigating the New Age of Cybersecurity Enforcement
The SolarWinds SEC lawsuit illuminates the potential risks faced by CISOs and other cybersecurity executives.

MORE
PRODUCTS & RELEASES
Delinea Acquires Authomize to Strengthen Extended PAM
TitanHQ Launches PhishTitan to Combat Advanced Phishing Attacks
Driven Technologies Expands Expertise With Acquisition of ieMentor
Industrial Defender Risk Signal, a Risk-Based Vulnerability Management Solution for OT Security
C3 Complete Acquires Information Security Business Unit of Compliance Solutions Inc.
MORE PRODUCTS & RELEASES
EDITORS' CHOICE
23andMe: 'Negligent' Users at Fault for Breach of 6.9M Records
When it comes to bad passwords, how much responsibility should a service provider share with its customers?
LATEST FROM THE EDGE

7 Lessons Learned From Designing a DEF CON CTF
Practical advice for anyone interested in elevating their cyber capture-the-flag events.
LATEST FROM DR TECHNOLOGY

New Developer Tools Necessary to Boost Passkey Adoption
There is a lot of interest for password-less technology to simplify online access and identity, but they need to be built first. Developer tools to help build passkeys into web applications pave the way.
LATEST FROM DR GLOBAL

Syrian Threat Group Peddles Destructive SilverRAT
The Middle Eastern developers claim to be building a new version of the antivirus-bypassing remote access Trojan (RAT) attack tool.
WEBINARS
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2024  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us