Critical RCE Bug in DrayTek Routers Opens SMBs to Zero-Click Attacks

SMBs should patch CVE-2022-32548 now to avoid a host of horrors, including complete network compromise, ransomware, state-sponsored attacks, and more. [TechWeb]( Follow Dark Reading: [RSS]( August 04, 2022 LATEST SECURITY NEWS & COMMENTARY [Critical RCE Bug in DrayTek Routers Opens SMBs to Zero-Click Attacks]( SMBs should patch CVE-2022-32548 now to avoid a host of horrors, including complete network compromise, ransomware, state-sponsored attacks, and more. [How IT Teams Can Use 'Harm Reduction' for Better Cybersecurity Outcomes]( Copado's Kyle Tobener will discuss a three-pronged plan at Black Hat USA for addressing human weaknesses in cybersecurity with this medical concept — from phishing to shadow IT. [American Express, Snapchat Open-Redirect Vulnerabilities Exploited in Phishing Scheme]( Phishing operators are taking advantage of security bugs in the Amex and Snapchat websites (the latter is unpatched) to steer victims to phishing pages looking to harvest Google and Microsoft logins. [School Kid Uploads Ransomware Scripts to PyPI Repository as 'Fun' Project]( The malware packages had names that were common typosquats of a legitimate widely used Python library. One was downloaded hundreds of times. [5 Ways Chess Can Inspire Strategic Cybersecurity Thinking]( Rising interest in chess may feed the next generation of cybersecurity experts. [Zero-Day Defense: Tips for Defusing the Threat]( Because they leave so little time to patch and defuse, zero-day threats require a proactive, multilayered approach based on zero trust. [Cyberattackers Drain Nearly $6M From Solana Crypto Wallets]( So far, the ongoing attack has impacted nearly 8,000 Solana hot wallets. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Capital One Breach Conviction Exposes Scale of Cloud Entitlement Risk]( To protect against similar attacks, organizations should focus on bringing cloud entitlements and configurations under control. [For Big Tech, Neutrality Is Not an Option — and Never Really Was]( Tech companies play a vital role in global communication, which has profound effects on how politics, policies, and human rights issues play out. [8 Hot Summer Fiction Reads for Cybersecurity Pros]( A reading list of recommended novels curated by cybersecurity experts for cybersecurity experts. [MORE]( EDITORS' CHOICE [Thousands of Mobile Apps Leaking Twitter API Keys]( New finding comes amid report of overall surge in threats targeting mobile and IoT devices over the past year. LATEST FROM THE EDGE [What Do All of Those Cloud Cybersecurity Acronyms Mean?]( Acronyms serve as a gatekeeper — if you don't sling the lingo, you don't belong. So here's a quick guide to the letter salad of cloud cybersecurity. LATEST FROM DR TECHNOLOGY [Startup Footprint Tackles Identity Verification]( Early-stage startup Footprint's goal is to provide tools that change how enterprises verify, authentication, authorize, and secure identity. WEBINARS - [Malicious Bots: What Enterprises Need to Know]( Bots are launching more complex and targeted attacks such as price scraping, credential stuffing, scalping, and credit card fraud, but many security defenders are still focused on only the most obvious attacks. Automated bot attacks are on the rise, but ... - [How Supply Chain Attacks Work - And What You Can Do to Stop Them]( The headline-making attack against Solarwinds sent a shockwave through the world and had many security and business leaders reexamining the security of their own supply chains. In a supply chain - or third party - attack, criminals infiltrate and disrupt ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Breaches Prompt Changes to Enterprise IR Plans and Processes]( - [6 Elements of a Solid IoT Security Strategy]( - [Eight Best Practices for a Data-Driven Approach to Cloud Migration]( - [Sumo Logic for Continuous Intelligence]( - [Gartner, Quick Answer: How Can Organizations Use DNS to Improve Their Security Posture?]( - [Endpoint Detection Net Suite Use Cases]( - [Optimizing Endpoint Protection]( [View More White Papers >>]( FEATURED REPORTS - [Breaches Prompt Changes to Enterprise IR Plans and Processes]( - [Implementing Zero Trust In Your Enterprise: How to Get Started]( - [Incorporating a Prevention Mindset into Threat Detection and Response]( [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Druva Introduces the Data Resiliency Guarantee of up to $10 Million]( [ShiftLeft Appoints Prevention-First, Cybersecurity Visionary and AI/ML Pioneer Stuart McClure as CEO]( [Netskope Acquires Infiot, Will Deliver Fully Integrated, Single-Vendor SASE Platform]( [Manufacturing Sector in 2022 Is More Vulnerable to Account Compromise and Supply Chain Attacks in the Cloud than Other Verticals]( [CompTIA CEO Outlines Initiative to Create the Pre-eminent Destination to Start, Build and ‘Supercharge’ a Tech Career]( [From Babuk Source Code to Darkside Custom Listings — Exposing a Thriving Ransomware Marketplace on the Dark Web]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Implementing Zero Trust In Your Enterprise: How to Get Started]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)