The latest platform update from SolarWinds includes patches for three vulnerabilities, including two high-severity bugs. [TechWeb]( Follow Dark Reading:
[RSS](
June 10, 2024 LATEST SECURITY NEWS & COMMENTARY [SolarWinds Flaw Flagged by NATO Pen Tester](
The latest platform update from SolarWinds includes patches for three vulnerabilities, including two high-severity bugs.
[GitHub Repos Targeted in Cyber-Extortion Attacks](
Since at least February, a threat actor has been attempting to extort victims by stealing or wiping data in their GitHub repositories.
[Hotel Check-in Kiosks Expose Guest Data, Room Keys](
CVE-2024-37364 affects hospitality kiosks from Ariane Systems, which are used for self-check-in at more than 3,000 hotels worldwide.
[CISO Corner: Red Sox CloudSec; Deepfake Biz Risk; Ticketmaster Takeaways](
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: Proactive playbooks, a US-Kenya partnership, and the trouble with shadow engineering.
['Sticky Werewolf' APT Stalks Aviation Sector](
The pro-Ukranian group has upgraded its infection chain, with credentials, strategic info on commercial pilots, or billion-dollar designs as the possible prizes.
[Developing a Plan to Respond to Critical CVEs in Open Source Software](
Establishing a clear process for developers to respond to critical CVEs is essential for having a rapid and coordinated response.
[(Sponsored Article) Yes, You Can Manage AppSec at Scale â Here's How](
Managing AppSec risk at scale is difficult but not impossible. You just need the right priorities, the right tools, and the right people. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Understanding Security's New Blind Spot: Shadow Engineering]( In the rush to digital transformation, many organizations are exposed to security risks associated with citizen developer applications without even knowing it.
[Attacks Surge on Check Point's Recent VPN Zero-Day Flaw]( One monitoring firm has detected exploitation attempts targeting CVE-2024-24919 from more than 780 unique IP addresses in the past week.
['Commando Cat' Digs Its Claws Into Exposed Docker Containers]( Attackers are taking advantage of misconfigured containers to deploy cryptocurrency mining software.
[Mallox Ransomware Variant Targets Privileged VMWare ESXi Environments]( Novel attack vector uses a custom shell for payload delivery and execution â and only goes after systems with administrative privileges. [MORE]( PRODUCTS & RELEASES [Cloud Security Alliance Survey Finds 70% of Organizations Have Established Dedicated SaaS Security Teams]( [EV Manufacturer BYD Selects Karamba Security to Meet Global Automotive Cybersecurity Regulations]( [ISC2 Provides Opportunity for Employers to Connect With Cybersecurity Job Seekers]( [Notable Capital Launches Rising in Cyber to Spotlight Promising Cybersecurity Startups](
[MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Technology, Regulations Can't Save Orgs From Deepfake Harm](
Monetary losses, reputational damage, share price declines â it's hard to counter, much less try to stay ahead of, AI-based attacks. LATEST FROM THE EDGE [Cybersecurity Job Hunting May Come Down to Certifications](
If current cybersecurity workers only fill 85% of the need in the US, why are so many people still looking for positions? The data from the private-public NIST partnership CyberSeek offers some insight. LATEST FROM DR TECHNOLOGY [NIST Commits to Plan to Resume NVD Work](
The agency aims to burn down the backlog of vulnerabilities waiting to be added to the National Vulnerabilities Database via additional funding, third-party contract, and a partnership with CISA. LATEST FROM DR GLOBAL [Governments, Businesses Tighten Cybersecurity Around Hajj Season](
While cyberattacks drop slightly during the week of the Islamic pilgrimage, organizations in Saudi Arabia and other countries with large Muslim populations see attacks on the rise. WEBINARS - [Empowering Developers, Automating Security: The Future of AppSec](
- [Preventing Attackers From Wandering Through Your Enterprise Infrastructure]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Leveling Up Cyber-Threat Intelligence Maturity for More Value and Better Insights](
- [5 Essential Insights into Generative AI for Security Leaders](
- [SecOps Checklist](
- [Shining a light in the dark: observability and security, a SANS profile](
- [Shining a light in the dark: observability and security, a SANS profile](
- [Elastic named a Leader in The Forrester Waveâ¢: Security Analytics Platforms, Q4 2022](
- [A Short Primer on Container Scanning]( [View More White Papers >>]( FEATURED REPORTS - [2023 Global Threat Report](
- [EMA: AI at your fingertips: How Elastic AI Assistant simplifies cybersecurity](
- [Zero-Trust Adoption Driven by Data Protection]( [View More Dark Reading Reports >>]( Dark Reading Daily
-- Published By [Dark Reading](
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.](
Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com)
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=123975&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_06.10.24&sp_cid=53902&utm_content=DR_NL_Dark%20Reading%20Daily_06.10.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#1e
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)