The exploit can be accessed on GitHub and makes it easier for the flaw to be exploited by threat actors.
| | | LATEST SECURITY NEWS & COMMENTARY | | PoC Exploit for Zero-Click Vulnerability Made Available to the Masses The exploit can be accessed on GitHub and makes it easier for the flaw to be exploited by threat actors. Hitachi Energy Vulnerabilities Plague SCADA Power Systems The company has assessed four of the five disclosed vulnerabilities as being of high to critical severity. CCTV Zero-Day Exposes Critical Infrastructure to Mirai Botnet CISA warned about the RCE zero-day vulnerability in AVTECH IP cameras in early August, and now vulnerable systems are being used to spread malware. NFC Traffic Stealer Targets Android Users & Their Banking Info The malware builds on a near-field communication tool in combination with phishing and social engineering to steal cash. Hackers Use Rare Stealth Techniques to Down Asian Military, Gov't Orgs A threat actor resembling APT41 performed "AppDomainManager Injection," which is like DLL sideloading, but arguably easier and stealthier. Attackers Exploit Critical Atlassian Confluence Flaw for Cryptojacking Novel attack vectors leverage the CVE-2023-22527 RCE flaw discovered in January, which is still under active attack, to turn targeted cloud environments into cryptomining networks. Slack Patches AI Bug That Let Attackers Steal Data From Private Channels A prompt injection flaw in the AI feature of the workforce collaboration suite makes malicious queries of data sources appear legitimate. NSA Issues Tips for Better Logging, Threat Detection in LotL Incidents The guidance is part of a coordinated, global effort to eradicate living-off-the-land techniques used against critical infrastructure. C-Suite Involvement in Cybersecurity Is Little More Than Lip Service Collaboration with security teams, making cybersecurity a core principle of business strategy, and investing in defenses better position organizations to thwart threats and ensure business continuity. Why End of Life for Applications Is the Beginning of Life for Hackers In the next year, more than 35,000 applications will move to end-of-life status. To manage risk effectively, we need to plan ahead. Aggressively Monitoring for Changes Is a Key Aspect of Cybersecurity Employees and management must fully support change detection and file integrity monitoring, allowing a proactive approach with definitive security controls to be implemented against threat actors. MORE NEWS / MORE COMMENTARY | | | | | | PRODUCTS & RELEASES | | Pluralsight Releases Courses to Help Cyber Pros Defend Against Volt Typhoon Hacker Group 77% of Educational Institutions Spotted a Cyberattack Within the Last 12 Months Malicious Links, AI-Enabled Tools, and Attacks on SMBs Among Top Cybersecurity Threats in H1 Mimecast Global Threat Intelligence Report MORE PRODUCTS & RELEASES |
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
