Apache Commons Vulnerability: Patch but Don't Panic

Experts say CVE-2022-42899 is a serious vulnerability, but widespread exploitation is unlikely because of the specific conditions that need to exist for it to happen. [TechWeb]( Follow Dark Reading: [RSS]( October 20, 2022 LATEST SECURITY NEWS & COMMENTARY [Apache Commons Vulnerability: Patch but Don't Panic]( Experts say CVE-2022-42899 is a serious vulnerability, but widespread exploitation is unlikely because of the specific conditions that need to exist for it to happen. [China-Linked Cyber-Espionage Team Homes In on Hong Kong Government Orgs]( The Winnti APT was spotted dropping several variants of Spyder Loader and other malware as part of the so-called Operation Cuckoobees. [Microsoft Customer Data Exposed by Misconfigured Server]( The data exposure was the result of an "unintentional misconfiguration on an endpoint" and not a security vulnerability, Microsoft said. [A New Solution to the Cybersecurity Skills Gap: Building Security into Operational Teams]( Why — and how — companies should consider shifting day-to-day security responsibilities out to operations teams. The move would elevate the team's level of decision-making and help address the challenge of finding professionals with security-specific credentials. [SBOMs: An Overhyped Concept That Won't Secure Your Software Supply Chain]( We need more than the incomplete snapshot SBOMs provide to have real impact. [Emotional Toll From Cyberattacks Can Linger Among Staff for Years]( Research shows 1 in 7 employees involved in a cyberattack exhibits clinical trauma symptoms months after the incident. [Scammers Targeting Those Seeking Student Loan Forgiveness]( FBI warns that cybercriminals are stealing personal information by posing as administrators of the Student Loan Debt Relief Plan. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [CISA Offers Free RedEye Analytics Tool for Red Teams]( The tool helps red teams manage their activities, analyze the data from their campaigns, create reports, and better present results to organizations. [Shared Responsibility or Shared Fate? Decentralized IT Means We Are All Cyber Defenders]( With the IT universe expanding, collaboration, thoughtfulness, and discipline can ensure a more secure future. [4 Stakeholders Critical to Addressing the Cybersecurity Workforce Gap]( A cross-disciplinary effort of change is needed to attract new professionals in the coming decade. [MORE]( EDITORS' CHOICE [Phishing Mitigation Can Cost Businesses More Than $1M Annually]( One of the oldest tactics in cybercrime is still one of the most widely feared — and with good reason, as campaigns are expected to increase and become more sophisticated over the next 12 months. LATEST FROM THE EDGE [What Fast-Talkers Can Teach Us About Vetting Vendors]( Here's how to differentiate vendors that can back up their words with solutions and those that cannot. LATEST FROM DR TECHNOLOGY [Security Awareness Urged to Grow Beyond Compliance]( Increasingly vendors are looking for ways to take security awareness beyond checkbox compliance courses to more context-dependent interactions — a "shift left" to the average worker. WEBINARS - [Next-Gen Security Operations: Building the SOC of the Future]( What does a security operations center (SOCs) require in 2022? The practice of monitoring and responding to threats looks very different today than it did just a few years ago. Which tools and skills do you need know to outfit a ... - [Understanding Cyber Attackers & Their Methods]( Every day, your enterprise is at risk of being hacked. But just who are the cyber attackers, and what are their motivations? What methods might they use to crack enterprise data, and how do they stage their attacks? Do you ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( - [State of Email Security]( - [Ransomware Is On The Rise]( - [State of Ransomware Readiness: Facing the Reality Gap]( - [Why Legacy Point Tools Are Failing in Today's Environment]( - [BotGuard for Streaming Service Case Study]( - [The Ultimate Buyer's Guide: SASE Security]( [View More White Papers >>]( FEATURED REPORTS - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( - [Breaches Prompt Changes to Enterprise IR Plans and Processes]( - [6 Elements of a Solid IoT Security Strategy]( [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Zscaler Advances Enterprise Data Security With Zero-Configuration Data Protection]( [Kaspersky Launches New VPN to Amplify Speed and Convenience]( [RCS Secure Catches Its Next Big Wave]( [GroupSense Delivers New Ransomware Negotiation Training Service]( [DigiCert Appoints Industry Veteran Amit Sinha as Chief Executive Officer]( [GitGuardian Extends Code Security Platform, Adding Infrastructure-as-Code Scanning for Security Misconfigurations]( [Revelstoke Teams Up With BreachRx, Offering Users Automated Incident Response and Compliance Solutions]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Building the SOC of the Future]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)