Leak Site BreachForums Springs Back to Life | Exploit for Fortinet Critical RCE Bug Allows SIEM Root Access

It's unclear whether a dataset for sale on the site allegedly containing data from more than 500 million Ticketmaster users is real or just law enforcement bait. [TechWeb]( Follow Dark Reading: [RSS]( May 30, 2024 LATEST SECURITY NEWS & COMMENTARY [Leak Site BreachForums Springs Back to Life Weeks After FBI Takedown]( It's unclear whether a dataset for sale on the site allegedly containing data from more than 500 million Ticketmaster users is real or just law enforcement bait. [Exploit for Fortinet Critical RCE Bug Allows SIEM Root Access]( Corporate admins should patch the max-severity CVE-2024-23108 immediately, which allows unauthenticated command injection. [Microsoft: 'Moonstone Sleet' APT Melds Espionage, Financial Goals]( North Korea's newest threat actor uses every trick in the nation-state APT playbook, and most of cybercrime's tricks, too. It also developed a whole video game company to hide malware. [Attackers Target Check Point VPNs to Access Corporate Networks]( Using VPNs as an initial access vector is ironic, given that security is the very reason enterprises employ them in the first place. [Google Discovers Fourth Zero-Day in Less Than a Month]( The tech company has rolled out fixes for a type confusion vulnerability that has already been exploited by malicious actors. [CatDDOS Threat Groups Sharply Ramp Up DDoS Attacks]( In attacks over the past three months, threat actors have exploited more than 80 vulnerabilities to accelerate distribution of the Mirai variant. [Critical Flaw in Replicate AI Platform Exposes Proprietary Data]( The finding underscores the challenges of protecting data from multiple customers across AI-as-a-service solutions, especially in environments that run AI models from untrusted sources. [The SEC's New Take on Cybersecurity Risk Management]( Insights from three companies that recently reported breaches under the new disclosure regulations. [When 'No' & 'Good Enough' Challenge Cybersecurity]( As the digital landscape evolves, these words must become an impetus for innovation and dialogue, not insurmountable barriers. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Why CVEs Are an Incentives Problem]( It's time to rethink the pivotal role incentives play in shaping behavior to find and disclose software vulnerabilities. More accurate guidance to reflect real-world risks and a tiered verification process to establish potential impact could slow misleading submissions. [Preparing Your Organization for Upcoming Cybersecurity Deadlines]( Federal and state regulators have introduced new rules and mandates aimed at holding organizations accountable when it comes to cybersecurity. Here's how to get ready. [Name That Toon: Buzz Kill]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. [New Mindset Needed for Large Language Models]( With the right mix of caution, creativity, and commitment, we can build a future where LLMs are not just powerful, but also fundamentally trustworthy. [MORE]( PRODUCTS & RELEASES [VicOne Partners With 42Crunch to Deliver Comprehensive Security Across SDV and Connected-Vehicle Ecosystem]( [BforeAI Launches PreCrime™ Guarantee Program for Seamless Cyber Risk Coverage]( [NRECA Signs MOU With Electricity Information Sharing and Analysis Center]( [Digital Twin Technology Can Improve Water Utility Management, Says Info-Tech Research Group]( [Concentric AI to Unveil Data Security Remediation and Compliance Reporting Capabilities at Infosecurity Europe 2024]( [SOCRadar Secures $25.2M in Funding to Combat Multibillion-Dollar Cybersecurity Threats]( [Bugcrowd Acquires Informer to Enhance Attack Surface Management, Penetration Testing]( [Research From Claroty's Team82 Highlights Remote Access Risks Facing Mission-Critical OT Assets]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Microsoft's 'Recall' Feature Draws Criticism From Privacy Advocates]( Despite Microsoft's reassurances, multiple security researchers describe the technology as problematic for users and their organizations. LATEST FROM THE EDGE [9 Tips to Avoid Burnout in Cybersecurity]( When security professionals are at the end of their rope — feeling both mentally and physically exhausted — it's often because of burnout. Here are ways to combat it. LATEST FROM DR TECHNOLOGY [Snowflake's Anvilogic Investment Signals Changes in SIEM Market]( Coming on the heels of Cisco buying Splunk, Palo Alto Networks acquiring IBM's QRadar, and LogRhythm merging with Exabeam, Snowflake's investment highlights the ongoing market pressure to improve SOC tools. LATEST FROM DR GLOBAL [Pakistani 'Transparent Tribe' APT Aims for Cross-Platform Impact]( Targeting India's government, defense, and aerospace sectors, the cyber-threat group now attacks Linux as well as Windows in its quest to compromise the Indian military's homegrown MayaOS Linux systems. WEBINARS - [Preventing Attackers From Wandering Through Your Enterprise Infrastructure]( - [Assessing Software Supply Chain Risk]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Elastic named a Leader in The Forrester Wave™: Security Analytics Platforms, Q4 2022]( - [Shining a light in the dark: observability and security, a SANS profile]( - [2023 Global Threat Report]( - [EMA: AI at your fingertips: How Elastic AI Assistant simplifies cybersecurity]( - [Cisco Panoptica for Simplified Cloud-Native Application Security]( - [Cisco Panoptica for Simplified Cloud-Native Application Security]( - [ESG E-Book: Taking a Holistic Approach to Securing Cloud-Native Application Development]( [View More White Papers >>]( FEATURED REPORTS - [2023 Global Threat Report]( - [EMA: AI at your fingertips: How Elastic AI Assistant simplifies cybersecurity]( - [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=123754&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly_05.30.24&sp_cid=53714&utm_content=DR_NL_Dark%20Reading%20Weekly_05.30.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#3b If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)