Dark Reading Daily.

"Google Chrome Zero-Day Bug under attack, allows code injection."

Views expressed in this cybersecurity, cybercrime update are those of the reporters and correspondents.  Accessed on 18 January 2024, 1440 UTC.

Content and Source:  https://mail.google.com/mail/u/0/#inbox/FMfcgzGwJmHpfZwCbBqGdwRrmMFMmsNx ("Dark Reading Daily").

Please scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Google Chrome Zero-Day Bug Under Attack, Allows Code Injection
The first Chrome zero-day bug of 2024 adds to a growing list of actively exploited vulnerabilities found in Chromium and other browser technologies.
CISA: AWS, Microsoft 365 Accounts Under Active 'Androxgh0st' Attack
Cyberattackers are targeting Apache webservers and websites using the popular Laravel Web application framework in order to steal credentials for the apps.
$80M in Crypto Disappears Into Drainer-as-a-Service Malware Hell
"Infernal Drainer" campaign represents a dangerous evolution in crypto-drainers, credibly spoofing Coinbase and maintaining a vast infrastructure-for-rent biz.
Nearly 7K WordPress Sites Compromised by Balada Injector
Nearly 200K WordPress sites could be vulnerable to the attack thanks to CVE-2023-6000, lurking in the PopUp Builder plug-in.
Sophisticated macOS Infostealers Get Past Apple's Built-In Detection
Emerging malware variants can evade various static-signature detection engines, including XProtect, as attackers rapidly evolve to challenge defense systems.
Strength in Numbers: The Case for Whole-of-State Cybersecurity
WoS cybersecurity creates a united front for governments to defend against threat actors, harden security postures, and protect constituents who depend on services.
Experts Ponder Effectiveness of Official Warnings of Cyber Scams
Dubai Police and Ghana's Cyber Security Authority issue public warnings, but they're battling human nature and users' inattention.
'Punchmade Dev' Cybercrime Rapper Launches Cash-Scamming Web Shop
For a small sum, users can reportedly buy Cash App credentials already loaded with thousands of dollars.
Patch ASAP: Max-Critical Atlassian Bug Allows Unauthenticated RCE
Rated at a CVSS score of 10, the bug is as bad as it gets, allowing remote cyberattackers unfettered access to corporate environments.

178K+ SonicWall Firewalls Vulnerable to DoS, RCE Attacks
Two flaws discovered a year apart are ostensibly the same with slightly different exploit paths, exposing corporate networks to risk and potential intrusion.

Anti-Ransomware Coalition Bound to Fail Without Key Adjustments
International pledge to reject ransomware demands misses the most important way to combat cybercrime: prevention.

Name That Toon: Cast Adrift
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Ivanti Zero-Day Exploits Skyrocket Worldwide; No Patches Yet
Anyone who hasn't mitigated two zero-day security bugs in Ivanti VPNs may already be compromised by a Chinese nation-state actor.

Lock Down the Software Supply Chain With 'Secure by Design'
As zero days and complex networks create gaps for cyberattacks, software developers and agencies such as CISA look to secure by design for building in defenses.

InfoSec 101: Why Data Loss Prevention is Important to Enterprise Defense
Data is the most valuable asset for any organization, and protecting it is crucial to maintaining business continuity.

Q&A: How One Company Gauges Its Employees' Cybersecurity 'Fluency'
Cybersecurity compliance training is commonplace, but one Jordan-based company has taken an extra step in testing.
View More Dark Reading Webinars >>
View More White Papers >>
View More Dark Reading Reports >>
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2024  |   Informa Tech  |   Privacy Statement   |   Terms & Conditions  |  Contact Us


Popular posts from this blog

SecurityWeek Briefing.

Cyber War Newswire

SecurityWeek Briefing.