Akira Ransomware Actors Exploit SonicWall Bug for RCE

CISA has added CE-2024-40766 to its Known Exploited Vulnerabilities catalog. [TechWeb]( Follow Dark Reading: [RSS]( September 10, 2024 LATEST SECURITY NEWS & COMMENTARY [Akira Ransomware Actors Exploit SonicWall Bug for RCE]( CISA has added CE-2024-40766 to its Known Exploited Vulnerabilities catalog. [Gallup Poll Bugs Open Door to Election Misinformation]( Researchers flagged a pair of Gallup polling site XSS vulnerabilities that could have allowed malicious actors to execute arbitrary code, access sensitive data, or take over a victim account. [300K Victims' Data Compromised in Avis Car Rental Breach]( Though the company reports that data was exfiltrated in the breach, it has been remained tightlipped regarding the kind of data that was exposed. [Chinese Tag Team APTs Keep Stealing Asian Gov't Secrets]( A PRC threat cluster known as "Crimson Palace" is demonstrating the benefits of having specialized units carry out distinct stages of a wider attack chain. [How to Establish & Enhance Endpoint Security]( Endpoint security has been around for decades, but changes in device use and the quick evolution of new attacks have triggered the development of new security techniques. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Feds Warn on Russian Actors Targeting Critical Infrastructure]( In the past, Putin's Unit 29155 has utilized malware like WhisperGate to target organizations, particularly those in Ukraine. [Using Transparency & Sharing to Defend Critical Infrastructure]( No organization can single-handedly defend against sophisticated attacks. Governments and private sector entities need to collaborate, share information, and develop defenses against cyber threats [Commercial Spyware Use Roars Back Despite Sanctions]( Vendors of mercenary spyware tools used by nation-states to track citizens and enemies have gotten savvy about evading efforts to limit their use. [Malvertising Campaign Builds a Phish for Lowe's Employees]( Retail employees are being duped into divulging their credentials by typosquatting malvertisements. [The Role of Trust Anchors in Modern IT Security]( To fully realize the benefits trust anchors provide, organizations need to implement processes and technologies that maintain the privacy and security of trust anchors and the personal data they contain. [MORE]( PRODUCTS & RELEASES [HackerOne Appoints Kara Sprague As CEO]( [Kiteworks Bolsters Its Secure Data Collection Capabilities With 123FormBuilder Acquisition]( [Palo Alto Networks® Closes Acquisition of IBM's QRadar SaaS Assets]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Cybersecurity Talent Shortage Prompts White House Action]( The Biden administration launches an initiative to encourage careers in cybersecurity, as businesses try new tactics to get unfilled IT security roles staffed. LATEST FROM THE EDGE [10 Writing Tips for Cybersecurity Professionals]( It takes more than technical knowledge to write about cybersecurity in a way people want to read. It takes creativity, discipline, and other key skills. LATEST FROM DR TECHNOLOGY [Open Source Tool Allows Voters to Verify Election Results]( The ElectionGuard project allows anyone — voters, campaign staffers, and election officials — to cryptographically verify ballots, a promise that may bolster faith in election integrity. LATEST FROM DR GLOBAL ['TIDrone' Cyberattackers Target Taiwan's Drone Manufacturers]( The Chinese-speaking group is launching sophisticated malware towards military and satellite targets globally. WEBINARS - [DORA and PCI DSS 4.0: Scale Your Mainframe Security Strategy Among Evolving Regulations]( - [Harnessing the Power of Automation to Boost Enterprise Cybersecurity]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [RevealX Catches Ransomware Within Days of Deployment at WCH]( - [Purple AI Datasheet]( - [SANS Security Awareness Maturity Model]( - [The Future of Passwords and the Passwordless Evolution]( - [Ten Elements of Insider Risk in Highly Regulated Industries]( - [OT Threat Intelligence Report: Fuxnet ICS Malware]( - [Tracking the Untrackable: Taking a Proactive Approach to Emerging Risks]( [View More White Papers >>]( FEATURED REPORTS - [Managing Third-Party Risk Through Situational Awareness]( - [2024 InformationWeek US IT Salary Report]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=125590&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_09.10.24&sp_cid=55007&utm_content=DR_NL_Dark%20Reading%20Daily_09.10.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#08 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)