Critical Netflix Genie Bug Opens Big Data Orchestration to RCE

The severe security vulnerability (CVE-2024-4701, CVSS 9.9) gives remote attackers a way to burrow into Netflix's Genie open source platform, which is a treasure trove of information and connections to other internal services. [TechWeb]( Follow Dark Reading: [RSS]( May 23, 2024 LATEST SECURITY NEWS & COMMENTARY [Critical Netflix Genie Bug Opens Big Data Orchestration to RCE]( The severe security vulnerability (CVE-2024-4701, CVSS 9.9) gives remote attackers a way to burrow into Netflix's Genie open source platform, which is a treasure trove of information and connections to other internal services. [China APT Stole Geopolitical Secrets From Middle East, Africa & Asia]( One of China's biggest espionage operations owes its success to longstanding Microsoft Exchange bugs, open source tools, and old malware. [Novel EDR-Killing 'GhostEngine' Malware Is Built for Stealth]( The previously unknown malware (aka Hidden Shovel) is a ghost in the machine: It silently attacks kernel drivers to shut down security defense systems and thus evade detection. [GitHub Authentication Bypass Opens Enterprise Server to Attackers]( The max-severity bug affects versions using the SAML single sign-on mechanism. [US Pumps $50M Into Better Healthcare Cyber Resilience]( Upgrade, an ARPA-H program, will focus on automating cybersecurity for healthcare institutions so that providers can focus on patient care. [Trends at the 2024 RSA Startup Competition]( Startups at Innovation Sandbox 2024 brought clarity to artificial intelligence, protecting data from AI, and accomplishing novel security solutions with new models. [Preparing Your Organization for Upcoming Cybersecurity Deadlines]( Federal and state regulators have introduced new rules and mandates aimed at holding organizations accountable when it comes to cybersecurity. Here's how to get ready. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [YouTube Becomes Latest Battlefront for Phishing, Deepfakes]( Personalized phishing emails with fake collaboration opportunities and compromised video descriptions linking to malware are just some of the new tricks. [Critical Bug Allows DoS, RCE, Data Leaks in All Major Cloud Platforms]( An on-by-default endpoint in ubiquitous logging service Fluent Bit contains an oversight that hackers can toy with to rattle most any cloud environment. [Name That Toon: Buzz Kill]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. [MORE]( PRODUCTS & RELEASES [Data Breach Response Provider, CyEx, Acquires Settlement Administrator, Simpluris Inc.]( [HP Catches Cybercriminals 'Cat-Phishing' Users]( [Deepfakes Rank as the Second Most Common Cybersecurity Incident for US Businesses]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Iran APTs Tag Team Espionage, Wiper Attacks Against Israel & Albania]( Scarred Manticore is the smart, sophisticated one. But when Iran needs something destroyed, it hands the keys over to Void Manticore. LATEST FROM THE EDGE [Persistent Burnout Is Still a Crisis in Cybersecurity]( Burnout has been an oft-reported problem among security professionals for years. Are there any new ideas for supporting mental health in the industry? LATEST FROM DR TECHNOLOGY [Snowflake's Anvilogic Investment Signals Changes in SIEM Market]( Coming on the heels of Cisco buying Splunk, Palo Alto Networks acquiring IBM's QRadar, and LogRhythm merging with Exabeam, Snowflake's investment highlights the ongoing market pressure to improve SOC tools. LATEST FROM DR GLOBAL [Chinese 'ORB' Networks Conceal APTs, Render Static IoCs Irrelevant]( Mandiant warns that defenders must rethink how to thwart Chinese cyber-espionage groups now using professional "infrastructure-as-a-service" operational relay box networks of virtual private servers as well as hijacked smart devices and routers. WEBINARS - [Preventing Attackers From Wandering Through Your Enterprise Infrastructure]( - [Securing Code in the Age of AI]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Leveling Up Cyber-Threat Intelligence Maturity for More Value and Better Insights]( - [5 Essential Insights into Generative AI for Security Leaders]( - [Cisco Panoptica for Simplified Cloud-Native Application Security]( - [A Short Primer on Container Scanning]( - [The Cloud Threat Landscape: Security learnings from analyzing 500+ cloud environments]( - [ESG E-Book: Taking a Holistic Approach to Securing Cloud-Native Application Development]( - [The State of Incident Response]( [View More White Papers >>]( FEATURED REPORTS - [2023 Global Threat Report]( - [EMA: AI at your fingertips: How Elastic AI Assistant simplifies cybersecurity]( - [Industrial Networks in the Age of Digitalization]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=123638&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_05.23.24&sp_cid=53612&utm_content=DR_NL_Dark%20Reading%20Daily_05.23.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#30 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)