SolarWinds Flaw Flagged by NATO Pen Tester

The latest platform update from SolarWinds includes patches for three vulnerabilities, including two high-severity bugs. [TechWeb]( Follow Dark Reading: [RSS]( June 10, 2024 LATEST SECURITY NEWS & COMMENTARY [SolarWinds Flaw Flagged by NATO Pen Tester]( The latest platform update from SolarWinds includes patches for three vulnerabilities, including two high-severity bugs. [GitHub Repos Targeted in Cyber-Extortion Attacks]( Since at least February, a threat actor has been attempting to extort victims by stealing or wiping data in their GitHub repositories. [Hotel Check-in Kiosks Expose Guest Data, Room Keys]( CVE-2024-37364 affects hospitality kiosks from Ariane Systems, which are used for self-check-in at more than 3,000 hotels worldwide. [CISO Corner: Red Sox CloudSec; Deepfake Biz Risk; Ticketmaster Takeaways]( Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: Proactive playbooks, a US-Kenya partnership, and the trouble with shadow engineering. ['Sticky Werewolf' APT Stalks Aviation Sector]( The pro-Ukranian group has upgraded its infection chain, with credentials, strategic info on commercial pilots, or billion-dollar designs as the possible prizes. [Developing a Plan to Respond to Critical CVEs in Open Source Software]( Establishing a clear process for developers to respond to critical CVEs is essential for having a rapid and coordinated response. [(Sponsored Article) Yes, You Can Manage AppSec at Scale — Here's How]( Managing AppSec risk at scale is difficult but not impossible. You just need the right priorities, the right tools, and the right people. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Understanding Security's New Blind Spot: Shadow Engineering]( In the rush to digital transformation, many organizations are exposed to security risks associated with citizen developer applications without even knowing it. [Attacks Surge on Check Point's Recent VPN Zero-Day Flaw]( One monitoring firm has detected exploitation attempts targeting CVE-2024-24919 from more than 780 unique IP addresses in the past week. ['Commando Cat' Digs Its Claws Into Exposed Docker Containers]( Attackers are taking advantage of misconfigured containers to deploy cryptocurrency mining software. [Mallox Ransomware Variant Targets Privileged VMWare ESXi Environments]( Novel attack vector uses a custom shell for payload delivery and execution — and only goes after systems with administrative privileges. [MORE]( PRODUCTS & RELEASES [Cloud Security Alliance Survey Finds 70% of Organizations Have Established Dedicated SaaS Security Teams]( [EV Manufacturer BYD Selects Karamba Security to Meet Global Automotive Cybersecurity Regulations]( [ISC2 Provides Opportunity for Employers to Connect With Cybersecurity Job Seekers]( [Notable Capital Launches Rising in Cyber to Spotlight Promising Cybersecurity Startups]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Technology, Regulations Can't Save Orgs From Deepfake Harm]( Monetary losses, reputational damage, share price declines — it's hard to counter, much less try to stay ahead of, AI-based attacks. LATEST FROM THE EDGE [Cybersecurity Job Hunting May Come Down to Certifications]( If current cybersecurity workers only fill 85% of the need in the US, why are so many people still looking for positions? The data from the private-public NIST partnership CyberSeek offers some insight. LATEST FROM DR TECHNOLOGY [NIST Commits to Plan to Resume NVD Work]( The agency aims to burn down the backlog of vulnerabilities waiting to be added to the National Vulnerabilities Database via additional funding, third-party contract, and a partnership with CISA. LATEST FROM DR GLOBAL [Governments, Businesses Tighten Cybersecurity Around Hajj Season]( While cyberattacks drop slightly during the week of the Islamic pilgrimage, organizations in Saudi Arabia and other countries with large Muslim populations see attacks on the rise. WEBINARS - [Empowering Developers, Automating Security: The Future of AppSec]( - [Preventing Attackers From Wandering Through Your Enterprise Infrastructure]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Leveling Up Cyber-Threat Intelligence Maturity for More Value and Better Insights]( - [5 Essential Insights into Generative AI for Security Leaders]( - [SecOps Checklist]( - [Shining a light in the dark: observability and security, a SANS profile]( - [Shining a light in the dark: observability and security, a SANS profile]( - [Elastic named a Leader in The Forrester Wave™: Security Analytics Platforms, Q4 2022]( - [A Short Primer on Container Scanning]( [View More White Papers >>]( FEATURED REPORTS - [2023 Global Threat Report]( - [EMA: AI at your fingertips: How Elastic AI Assistant simplifies cybersecurity]( - [Zero-Trust Adoption Driven by Data Protection]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=123975&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_06.10.24&sp_cid=53902&utm_content=DR_NL_Dark%20Reading%20Daily_06.10.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#1e If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)