Log4Shell Exploit Threatens Enterprise Data Lakes, AI Poisoning

A brand-new attack vector lays open enterprise data lakes, threatening grave consequences for AI use cases like telesurgery or autonomous cars. [TechWeb]( Follow Dark Reading: [RSS]( May 16, 2022 LATEST SECURITY NEWS & COMMENTARY [Log4Shell Exploit Threatens Enterprise Data Lakes, AI Poisoning]( A brand-new attack vector lays open enterprise data lakes, threatening grave consequences for AI use cases like telesurgery or autonomous cars. [How to Turn a Coke Can Into an Eavesdropping Device]( Cyber-researchers are testing the bounds of optical attacks with a technique that allows attackers to recover voice audio from meetings if there are shiny, lightweight objects nearby. [Black Hat Asia: Democracy's Survival Depends on Taming Technology]( The conference opens with stark outlook on the future of global democracy — currently squeezed between Silicon Valley and China. [CISO Shares Top Strategies to Communicate Security's Value to the Biz]( In a keynote address at Black Hat Asia in Singapore this week, CISO and former NASA security engineer George Do discussed his go-to model for measuring security effectiveness – and getting others in the organization to listen. [Data Transformation: 3 Sessions to Attend at RSA 2022]( Three RSA 2022 sessions take deep dives into the security considerations around data cloud transformation. [US Agrees to International Electronic Cybercrime Evidence Swap]( The Budapest Convention is a multinational coalition that agrees to share electronic evidence across international jurisdictions to track down cybercriminals. [Linux, OpenSSF Champion Plan to Improve Open Source Security]( The White House and tech industry pledge $150 million over two years to boost open source resiliency and supply chain security. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [On the Air With Dark Reading News Desk at Black Hat Asia 2022]( This year's Black Hat Asia is hybrid, with some sessions broadcast on the virtual platform and others live on stage in Singapore. News Desk is available on-demand with prerecorded interviews. [Transforming SQL Queries Bypasses WAF Security]( A team of university researchers finds a machine learning-based approach to generating HTTP requests that slip past Web application firewalls. [Needs Improvement: Scoring Biden's Cyber Executive Order]( One year after it was issued, has President Biden's Cyber Executive Order had an impact? [MORE]( EDITORS' CHOICE [5 Years That Altered the Ransomware Landscape]( WannaCry continues to be a reminder of the challenges that organizations face dealing with the ransomware threat. LATEST FROM THE EDGE [Passwords: Do Actions Speak Louder Than Words?]( For most of us, passwords are the most visible security control we deal with on a regular basis, but we are not very good at it. LATEST FROM DR TECHNOLOGY [Google Will Use Mobile Devices to Thwart Phishing Attacks]( In an effort to combat phishing, Google will allow Android phones and iPhones to be used as security keys. Tech Resources - [Maximize the Human Potential of Your SOC]( - [Modernize your Security Operations with Human-Machine Intelligence]( - [AI in Cybersecurity: Using artificial intelligence to mitigate emerging security risks]( - [Quantifying the Gap Between Perceived Security and Comprehensive MITRE ATT&CK Coverage]( - [The Cyber Threat Impact of COVID-19 to Global Business]( - [Endpoint Strategies to Address Ransomware]( - [6 Emerging Cyber Threats That Enterprises Face in 2020]( [ACCESS TECH LIBRARY NOW]( - [Harnessing the Power of Security Automation]( With many organizations pinched for both dollars and manpower, security and IT teams are turning to a new class of technology and practices designed to automate repetitive and time-consuming tasks in security operations. How can companies truly unleash the potential ... - [Implementing Zero Trust in Your Enterprise]( Attackers have shown time and again that perimeter security is no longer enough to keep them out. The concept of internal users and outsiders doesn't work in network defense when attackers use credential theft and lateral movement to pretend they ... [MORE WEBINARS]( FEATURED REPORTS - [Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal]( With attacks and breaches on the rise, enterprise security teams need full visibility over what they have in their network. DNS is a key tool for visibility and asset discovery. Proactive DNS-layer security - such as using DNS data to ... - [How Enterprises Plan to Address Endpoint Security Threats in a Post-Pandemic World]( Dark Reading's 2022 Endpoint Security Report examines how IT and cybersecurity professionals are grappling with the impact of pandemic-related changes on endpoint security strategies. The report explores how they are building their endpoint security defenses, and provides insight on what organizations ... [MORE REPORTS]( CURRENT ISSUE [Incorporating a Prevention Mindset into Threat Detection and Response]( [DOWNLOAD THIS ISSUE]( [SUBSCRIBE NOW]( [BACK ISSUES]( | [MUST READS]( | [TECH DIGEST]( PRODUCTS & RELEASES [Egnyte Enhances Program for Managed Service Providers]( [StackHawk Raises $20.7 Million in Series B Funding for Developer-First Application and API Security Testing]( [PlainID Debuts Authorization-as-a-Service Platform]( [MORE PRODUCTS & RELEASES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To update your profile, change your e-mail address, or unsubscribe, [click here.]( To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:customerservice_informationhub@techweb.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:customerservice_informationhub@techweb.com)