Dark Reading Daily.

"10K Cisco IOS XE Systems now compromised."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 18 October 2023, 1437 UTC.  Content provided by email subscription to "Dark Reading Daily."

Source:   https://mail.google.com/mail/u/0/#inbox/FMfcgzGwHLfMmTgTltwqWbqfbNdRLfst ("Dark Reading Daily").

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Zero-Day Alert: 10K Cisco IOS XE Systems Now Compromised
Just a day after Cisco disclosed CVE-2023-20198, it remains unpatched, and one vendor says a Shodan scan shows at least 10,000 Cisco devices with an implant for arbitrary code execution on them. The vendor meanwhile has updated the advisory with more mitigation steps.
Watch Out: Attackers Are Hiding Malware in 'Browser Updates'
Updating your browser when prompted is a good practice, just make sure the notification comes from the vendor themselves.
Amazon Quietly Wades Into the Passkey Waters
The move by the e-commerce kahuna to offer advanced authentication to its 300+ million users has the potential to move the needle on the technology's adoption, security experts say.
UAE, US Partner to Bolster Financial Services Cybersecurity
The two countries agree to share financial services information and provide cross-border training and best practices.
Chatbot Offers Roadmap for How to Conduct a Bio Weapons Attack
Once ethics guardrails are breached, generative AI and LLMs could become nearly unlimited in its capacity to enable evil acts, researchers warn.
'Etherhiding' Blockchain Technique Masks Malicious Code in WordPress Sites
The ClearFake campaign uses fake browser updates to lure victims and spread RedLine, Amadey, and Lumma stealers.
Top 6 Mistakes in Incident Response Tabletop Exercises
Avoid these errors to get the greatest value from your incident response training sessions.
(Sponsored Article) 3 Essential Steps to Strengthen SaaS Security
SaaS security is broad, possibly confusing, but undeniably crucial. Make sure you have the basics in place: discovery, risk assessment, and user access management.
Critical, Unpatched Cisco Zero-Day Bug Is Under Active Exploit
No patch or workaround is currently available for the maximum severity flaw, which allows attackers to gain complete administrator privilege on affected devices remotely and without authentication.

ShellBot Cracks Linux SSH Servers, Debuts New Evasion Tactic
The botnet — built for DDoS, backdooring, and dropping malware — is evading standard URL signature detections with a novel approach involving Hex IP addresses.

'RomCom' Cyber Campaign Targets Women Political Leaders
A threat group known as "Void Rabisu" used a spoofed Women Political Leaders Summit website to target attendees to the actual conference with espionage malware.

How MOVEit Is Likely to Shift Cyber Insurance Calculus
Progress Software plans to collect millions in cyber insurance policy payouts after the MOVEit breaches, which will make getting coverage more expensive and harder to get for everyone else, experts say.

Name That Edge Toon: Office Artifacts
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

Data Security and Collaboration in the Modern Enterprise
The CISO Survival Guide explores the complex and shifting challenges, perceptions, and innovations that will shape how organizations securely expand in the future.

Malicious 'Airstrike Alert' App Targets Israelis
A spoofed version of the popular RedAlert app collects sensitive user data on Israeli citizens, including contacts, call logs, SMS account details, and more.
  • Building an Effective Active Directory Security Strategy

    For many organizations, Microsoft's Active Directory is the source of truth for user identity and system access. For criminals, Active Directory is a gold mine of information for moving laterally through the corporate infrastructure. Despite its importance, many security teams ...

  • When Tech Converges, Orgs Consolidate: Navigating Change Across your Security Platforms

    Convergence trends across both Web Application and API Protection (WAAP) and Secure Access Service Edge (SASE) are no coincidence. Modern organizations need the multiplicative value these security platform approaches provide, with underlying capabilities that were designed to work together. And ...

View More Dark Reading Webinars >>
View More White Papers >>
View More Dark Reading Reports >>

Passwords Are Passe: Next Gen Authentication Addresses Today's Threats

Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2023  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us


Popular posts from this blog

SecurityWeek Briefing.

Cyber War Newswire

SecurityWeek Briefing.