Patch Now: Another Google Zero-Day Under Exploit in the Wild | Black Basta Reinvents With Novel Vishing Strategy

Google has rolled an emergency patch for CVE-2024-4947, the third Chrome zero-day it's addressed in the past week. [TechWeb]( Follow Dark Reading: [RSS]( May 16, 2024 LATEST SECURITY NEWS & COMMENTARY [Patch Now: Another Google Zero-Day Under Exploit in the Wild]( Google has rolled an emergency patch for CVE-2024-4947, the third Chrome zero-day it's addressed in the past week. [500 Victims In, Black Basta Reinvents With Novel Vishing Strategy]( Ransomware groups have always created problems for their victims that only they could solve. Black Basta is taking that core idea in a creative, new direction. [Microsoft Windows DWM Zero-Day Poised for Mass Exploit]( CVE-2024-30051, under active exploit, is the most concerning out of this month's Patch Tuesday offerings, and already being abused by several QakBot actors. [Ascension Healthcare Suffers Major Cyberattack]( The attack cut off access to electronic healthcare records (EHRs) and ordering systems, plunging the organization and its health services into chaos. [There Is No Cyber Labor Shortage]( There are plenty of valuable candidates on the market. Hiring managers are simply looking in the wrong places. [Dangerous Google Chrome Zero-Day Allows Sandbox Escape]( Exploit code is circulating for CVE-2024-4761, disclosed less than a week after a similar security vulnerability was disclosed as being used in the wild. [Cybersecurity in a Race to Unmask a New Wave of AI-Borne Deepfakes]( Kevin Mandia, CEO of Mandiant at Google Cloud, calls for content "watermarks" as the industry braces for a barrage of mind-bending AI-generated fake audio and video traffic. [Scammers Fake Docusign Templates to Blackmail & Steal From Companies]( Cybercriminals are trafficking Docusign assets that allow for easy extortion and business email compromise. [Millions of IoT Devices at Risk From Flaws in Integrated Cellular Modem]( Researchers discovered seven vulnerabilities — including an unauthenticated RCE issue — in widely deployed Telit Cinterion modems. [2 (or 5) Bugs in F5 Asset Manager Allow Full Takeover, Hidden Accounts]( F5 customers should patch immediately, though even that won't protect them from every problem with their networked devices. ['The Mask' Espionage Group Resurfaces After 10-Year Hiatus]( Researchers recently spotted the Spanish-speaking threat actor — with nearly 400 previous victims under its belt — in a new campaign in Latin America and Central Africa. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [3 Tips for Becoming the Champion of Your Organization's AI Committee]( CISOs are now considered part of the organizational executive leadership and have both the responsibility and the opportunity to drive not just security but business success. [How Government Agencies Can Leverage Grants to Shore Up Cybersecurity]( With the help of grant funding, agencies and organizations can better defend themselves and their constituents. [Why Tokens Are Like Gold for Opportunistic Threat Actors]( When setting authentication token expiry policies, always lean in to security over employee convenience. [You've Been Breached: What Now?]( Breaches are inevitable. Here are four steps to recovery and future-proofing your business. [MORE]( PRODUCTS & RELEASES [Palo Alto Networks and IBM to Jointly Provide AI-Powered Security Offerings]( [Notice of a Data Breach]( [Alkira Raises $100M in Series C Funding to Simplify, Secure and Scale Critical Network Infrastructure]( [CyberProof Announces Strategic Partnership With Google Cloud]( [87% of DDoS Attacks Targeted Windows OS Devices in 2023]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Dark Reading 'Drops' Its First Podcast]( Our brand-new podcast, Dark Reading Confidential, has officially launched. You don't want to miss our first episode with the CISO and chief legal officer from Reddit and a cybersecurity attorney, who share their thoughts and advice for CISOs on the new SEC breach disclosure rules. LATEST FROM THE EDGE [Top 5 Most Dangerous Cyber Threats in 2024]( SANS Institute experts weigh in on the top threat vectors faced by enterprises and the public at large. LATEST FROM DR TECHNOLOGY [A Cost-Effective Encryption Strategy Starts With Key Management]( Key management is more complex than ever. Your choices are to rely on your cloud provider or manage keys locally, encrypt only the most critical data, or encrypt everything. LATEST FROM DR GLOBAL [Nigeria Halts Cybersecurity Tax After Public Outrage]( In the midst of an economy struggling with soaring inflation, the Nigerian government paused plans to place a levy on domestic transactions that was aimed at enhancing cybersecurity. WEBINARS - [Why Effective Asset Management is Critical to Enterprise Cybersecurity]( - [Securing Code in the Age of AI]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Generative AI Gifts]( - [Elastic named a Leader in The Forrester Wave™: Security Analytics Platforms, Q4 2022]( - [Cisco Panoptica for Simplified Cloud-Native Application Security]( - [ESG E-Book: Taking a Holistic Approach to Securing Cloud-Native Application Development]( - [The Cloud Threat Landscape: Security learnings from analyzing 500+ cloud environments]( - [The Cloud Threat Landscape: Security learnings from analyzing 500+ cloud environments]( - [The State of Incident Response]( [View More White Papers >>]( FEATURED REPORTS - [Industrial Networks in the Age of Digitalization]( - [Zero-Trust Adoption Driven by Data Protection]( - [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=123517&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly_05.16.24&sp_cid=53519&utm_content=DR_NL_Dark%20Reading%20Weekly_05.16.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#37 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)