TLS Flaws Leave Avaya, Aruba Switches Open to Complete Takeover

In the latest incarnation of the TLStorm vulnerability, switches from Avaya and Aruba — and perhaps others — are susceptible to compromise from an internal attacker. [TechWeb]( Follow Dark Reading: [RSS]( May 04, 2022 LATEST SECURITY NEWS & COMMENTARY [TLS Flaws Leave Avaya, Aruba Switches Open to Complete Takeover]( In the latest incarnation of the TLStorm vulnerability, switches from Avaya and Aruba — and perhaps others — are susceptible to compromise from an internal attacker. [REvil Revival: Are Ransomware Gangs Ever Really Gone?]( The infamous ransomware group appears to be back from the dead — maybe — and using the old brand, but experts question whether a reconstituted gang will have much success. [Unpatched DNS-Poisoning Bug Affects Millions of Devices, Stumps Researchers]( The security vulnerability puts wide swaths of industrial networks and IoT devices at risk of compromise, researchers warn. [SolarWinds Attackers Gear Up for Typosquatting Attacks]( The same infrastructure traced back to Russian-speaking threat group Nobelium is being used to set up misspelled domain names, presaging impersonation attacks bent on credential harvesting, analysts say. [Third-Party App Access Is the New Executable File]( By providing these apps and other add-ons for SaaS platforms and associated permissions, businesses present bad actors with more opportunities to gain access to company data. [Developing Software? Get Accountability Right First]( Software accountability offers a fresh perspective for creating and managing digital products, mainly by making processes more reliable and transparent for every stakeholder. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Google Offers $1.5M Bug Bounty for Android 13 Beta]( The security vulnerability payout set bug hunters rejoicing, but claiming the reward is much, much easier said than done. [Microsoft Patches Pair of Dangerous Vulnerabilities in Azure PostgreSQL]( Flaws gave attackers a way to access other cloud accounts and databases, security vendor says. [Security Stuff Happens: What Do You Do When It Hits the Fan?]( Breaches can happen to anyone, but a well-oiled machine can internally manage and externally remediate in a way that won't lead to extensive damage to a company's bottom line. (Part 1 of a series.) [MORE]( EDITORS' CHOICE [How to Create a Cybersecurity Mentorship Program]( As the talent shortage rages on, companies have found mentorship programs to be one of the best ways to obtain the security skills they need to develop their existing teams. LATEST FROM THE EDGE [What Should I Know About Defending IoT Attack Surfaces?]( The Internet of Things needs to be part of the overall corporate information security policy to prevent adversaries from using these devices as an entry point. LATEST FROM DR TECHNOLOGY [Aryaka, Carnegie Mellon’s CyLab to Research New Threat Mitigation Techniques]( The security research partnership will focus on developing new techniques and releasing them as open source. Tech Resources - [Improving Operations with AI-Assisted Cybersecurity]( - [Unlocking Human Potential in SOC Teams With AI-Assisted Cybersecurity]( - [Gone Phishing: How to Defend Against Persistent Phishing Attempts Targeting Your Organization]( - [Protecting Critical Infrastructure: The 2021 Energy, Utilities, and Industrials Cyber Threat Landscape Report]( - [Business Buyers Guide to Password Managers]( - [Build a Case for a Password Manager]( - [The Impact of XDR in the Modern SOC]( [ACCESS TECH LIBRARY NOW]( - [Implementing Zero Trust in Your Enterprise]( Attackers have shown time and again that perimeter security is no longer enough to keep them out. The concept of internal users and outsiders doesn't work in network defense when attackers use credential theft and lateral movement to pretend they ... - [Building and Maintaining an Effective IoT Cybersecurity Strategy]( The Internet of Things (IoT) is much bigger than appliances in business contexts, as tools and non-computer devices are increasingly connected to the Internet. And attackers are taking advantage of these Internet-enabled technologies to target corporate data and systems. How ... [MORE WEBINARS]( FEATURED REPORTS - [Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal]( With attacks and breaches on the rise, enterprise security teams need full visibility over what they have in their network. DNS is a key tool for visibility and asset discovery. Proactive DNS-layer security - such as using DNS data to ... - [How Enterprises Plan to Address Endpoint Security Threats in a Post-Pandemic World]( Dark Reading's 2022 Endpoint Security Report examines how IT and cybersecurity professionals are grappling with the impact of pandemic-related changes on endpoint security strategies. The report explores how they are building their endpoint security defenses, and provides insight on what organizations ... [MORE REPORTS]( CURRENT ISSUE [Practical Network Security Approaches for a Multicloud, Hybrid IT World]( [DOWNLOAD THIS ISSUE]( [SUBSCRIBE NOW]( [BACK ISSUES]( | [MUST READS]( | [TECH DIGEST]( PRODUCTS & RELEASES [Syxsense Launches Unified Endpoint Security and Management Platform]( [Radware Launches SkyHawk Security, a Spinoff of Its Cloud Native Protector Business]( [Teleport Raises $110 Million Series C at $1.1 Billion Valuation Led by Bessemer Venture Partners]( [OccamSec Unveils New Cybersecurity Platform]( [MORE PRODUCTS & RELEASES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To update your profile, change your e-mail address, or unsubscribe, [click here.]( To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:customerservice_informationhub@techweb.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:customerservice_informationhub@techweb.com)