PoC Exploit for Zero-Click Vulnerability Made Available to the Masses | Hitachi Energy Vulns Plague SCADA Power Systems

The exploit can be accessed on GitHub and makes it easier for the flaw to be exploited by threat actors. [TechWeb]( Follow Dark Reading: [RSS]( August 29, 2024 LATEST SECURITY NEWS & COMMENTARY [PoC Exploit for Zero-Click Vulnerability Made Available to the Masses]( The exploit can be accessed on GitHub and makes it easier for the flaw to be exploited by threat actors. [Hitachi Energy Vulnerabilities Plague SCADA Power Systems]( The company has assessed four of the five disclosed vulnerabilities as being of high to critical severity. [CCTV Zero-Day Exposes Critical Infrastructure to Mirai Botnet]( CISA warned about the RCE zero-day vulnerability in AVTECH IP cameras in early August, and now vulnerable systems are being used to spread malware. [NFC Traffic Stealer Targets Android Users & Their Banking Info]( The malware builds on a near-field communication tool in combination with phishing and social engineering to steal cash. [Hackers Use Rare Stealth Techniques to Down Asian Military, Gov't Orgs]( A threat actor resembling APT41 performed "AppDomainManager Injection," which is like DLL sideloading, but arguably easier and stealthier. [Attackers Exploit Critical Atlassian Confluence Flaw for Cryptojacking]( Novel attack vectors leverage the CVE-2023-22527 RCE flaw discovered in January, which is still under active attack, to turn targeted cloud environments into cryptomining networks. [Slack Patches AI Bug That Let Attackers Steal Data From Private Channels]( A prompt injection flaw in the AI feature of the workforce collaboration suite makes malicious queries of data sources appear legitimate. [NSA Issues Tips for Better Logging, Threat Detection in LotL Incidents]( The guidance is part of a coordinated, global effort to eradicate living-off-the-land techniques used against critical infrastructure. [C-Suite Involvement in Cybersecurity Is Little More Than Lip Service]( Collaboration with security teams, making cybersecurity a core principle of business strategy, and investing in defenses better position organizations to thwart threats and ensure business continuity. [Why End of Life for Applications Is the Beginning of Life for Hackers]( In the next year, more than 35,000 applications will move to end-of-life status. To manage risk effectively, we need to plan ahead. [Aggressively Monitoring for Changes Is a Key Aspect of Cybersecurity]( Employees and management must fully support change detection and file integrity monitoring, allowing a proactive approach with definitive security controls to be implemented against threat actors. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Why LLMs Are Just the Tip of the AI Security Iceberg]( With the right processes and tools, organizations can implement advanced AI security frameworks that make hidden risks visible, enabling security teams to track and address them before impact. [Name That Toon: Security Games]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. [Why Every Business Should Prioritize Confidential Computing]( Confidential computing safeguards data in use, making it a crucial component of cloud security. [Critical Thinking AI in Cybersecurity: A Stretch or a Possibility?]( It might still sound far-fetched to say AI can develop critical thinking skills and help us make decisions in the cybersecurity industry. But we're not far off. [MORE]( PRODUCTS & RELEASES [Pluralsight Releases Courses to Help Cyber Pros Defend Against Volt Typhoon Hacker Group]( [77% of Educational Institutions Spotted a Cyberattack Within the Last 12 Months]( [Malicious Links, AI-Enabled Tools, and Attacks on SMBs Among Top Cybersecurity Threats in H1 Mimecast Global Threat Intelligence Report]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Patch Now: Second SolarWinds Critical Bug in Web Help Desk]( The disclosure of CVE-2024-28987 means that, in two weeks, there have been two critical bugs and corresponding patches for SolarWinds' less-often-discussed IT help desk software. LATEST FROM THE EDGE [News Desk 2024: Hacking Microsoft Copilot Is Scary Easy]( As enterprises in the world embrace Microsoft's AI assistant, researcher Michael Bargury warns its security is lacking. Check out his News Desk interview during Black Hat USA. LATEST FROM DR TECHNOLOGY [Dragos Expands Asset Visibility in Latest Platform Update]( The latest release of the Dragos Platform provide industrial and critical infrastructure organizations with complete and enriched view of their OT environment. LATEST FROM DR GLOBAL [South Korean APT Exploits 1-Click WPS Office Bug, Nabs Chinese Intel]( The most popular office software suite in China actually has two critical vulnerabilities, which allowed hackers the opportunity for remote code execution. Time to patch. WEBINARS - [Harnessing the Power of Automation to Boost Enterprise Cybersecurity]( - [The Rise of AI-Powered Malware and Application Security Best Practices]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [5 Essential Insights into Generative AI for Security Leaders]( - [How to Use Threat Intelligence to Mitigate Third-Party Risk]( - [OT Threat Intelligence Report: Fuxnet ICS Malware]( - [Tracking the Untrackable: Taking a Proactive Approach to Emerging Risks]( - [IT Risk & Compliance Platforms: A Buyer's Guide]( - [Threat Hunting in the Cloud: Adapting to the New Landscape]( - [Leveling Up Cyber-Threat Intelligence Maturity for More Value and Better Insights]( [View More White Papers >>]( FEATURED REPORTS - [Threat Hunting's Evolution:From On-Premises to the Cloud]( - [State of Enterprise Cloud Security]( - [2024 InformationWeek US IT Salary Report]( [View More Dark Reading Reports >>]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=125421&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly_08.29.24&sp_cid=54883&utm_content=DR_NL_Dark%20Reading%20Weekly_08.29.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#af If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)