R Programming Bug Exposes Orgs to Vast Supply Chain Risk

The CVE-2024-27322 security vulnerability in R's deserialization process gives attackers a way to execute arbitrary code in target environments via specially crafted files. [TechWeb]( Follow Dark Reading: [RSS]( April 30, 2024 LATEST SECURITY NEWS & COMMENTARY [R Programming Bug Exposes Orgs to Vast Supply Chain Risk]( The CVE-2024-27322 security vulnerability in R's deserialization process gives attackers a way to execute arbitrary code in target environments via specially crafted files. [Okta: Credential-Stuffing Attacks Spike via Proxy Networks]( Okta warns users that the attack requests are made through an anonymizing service like Tor or various commercial proxy networks. [13.4M Kaiser Insurance Members Affected by Data Leak to Online Advertisers]( Tracking code used for keeping tabs on how members navigated through the healthcare giant's online and mobile sites was oversharing a concerning amount of information. ['Muddling Meerkat' Poses Nation-State DNS Mystery]( Likely China-linked adversary has blanketed the Internet with DNS mail requests over the past five years via open resolvers, furthering Great Firewall of China ambitions. But the exact nature of its activity is unclear. [Cybersecurity Is Becoming More Diverse … Except by Gender]( While other professions are making up ground, cybersecurity still lags behind in female representation, thanks to a lack of respect and inclusion. [Addressing Risk Caused by Innovation]( By embracing a proactive approach to cyber-risk management, companies can better detect, prevent, and mitigate cyber threats while integrating the latest state-of-the-art technology. [(Sponsored Article) A Cyber-Resiliency Plan Focused on Offensive Security]( The convergence of cyber resiliency and business planning is gaining strategic importance and enabling more successful and sustainable outcomes. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [CISO Corner: Evil SBOMs; Zero-Trust Pioneer Slams Cloud Security; MITRE's Ivanti Issue]( Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: security license mandates; a move to four-day remediation requirements; lessons on OWASP for LLMs. [Licensed to Bill? Nations Mandate Certification & Licensure of Cybersecurity Pros]( Malaysia, Singapore, and Ghana are among the first countries to pass laws that require cybersecurity firms — and in some cases, individual consultants — to obtain licenses to do business, but concerns remain. [Minimum Viable Compliance: What You Should Care About and Why]( Understand what security measures you have in place, what you need to keep secure, and what rules you have to show compliance with. [Siemens Working on Fix for Device Affected by Palo Alto Firewall Bug]( Growing attacks targeting the flaw prompted CISA to include it in the known exploited vulnerabilities catalog earlier this month. [MORE]( PRODUCTS & RELEASES [ESET PROTECT Portfolio Now Includes New MDR Tiers and Features]( [New Research Suggests Africa Is Being Used As a 'Testing Ground' for Nation State Cyber Warfare]( [MITRE's Cyber Resiliency Engineering Framework Aligns With DoD Cyber Maturity Model Cert]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Cyberattack Gold: SBOMs Offer an Easy Census of Vulnerable Software]( Attackers will likely use software bills-of-material (SBOMs) for searching for software potentially vulnerable to specific software flaws. LATEST FROM THE EDGE [Intel Harnesses Hackathons to Tackle Hardware Vulnerabilities]( The semiconductor manufacturing giant's security team describes how hardware hackathons, such as Hack@DAC, have helped chip security by finding and sharing hardware vulnerabilities. LATEST FROM DR TECHNOLOGY [Chip Giants Finalize Specs Baking Security Into Silicon]( Caliptra 1.0 offers a blueprint for integrating security features directly into microprocessors. LATEST FROM DR GLOBAL [Philippines Pummeled by Assortment of Cyberattacks & Misinformation Tied to China]( The volume of malicious cyber activity against the Philippines quadrupled in the first quarter of 2024 compared to the same period in 2023. WEBINARS - [Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks]( - [Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [A Short Primer on Container Scanning]( - [The Future of Cloud Security: Attack Paths & Graph-based Technology]( - [Application Security's New Mandate in a DevOps World]( - [How Enterprises Secure Their Applications]( - [Making Sense of Your Security Data: The 6 Hardest Problems]( - [The State of Incident Response]( - [Use the 2023 MITRE ATT&CK Evaluation Results for Turla to Inform EDR Buying Decisions]( [View More White Papers >>]( FEATURED REPORTS - [Industrial Networks in the Age of Digitalization]( - [Zero-Trust Adoption Driven by Data Protection]( - [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=123149&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_04.30.24&sp_cid=53255&utm_content=DR_NL_Dark%20Reading%20Daily_04.30.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#5f If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)