Apache Commons Vulnerability: Patch but Don't Panic | 8 Trends Driving Cybersecurity in the Public Sector

Experts say CVE-2022-42899 is a serious vulnerability, but widespread exploitation is unlikely because of the specific conditions that need to exist for it to happen. [TechWeb]( Follow Dark Reading: [RSS]( October 20, 2022 LATEST SECURITY NEWS & COMMENTARY [Apache Commons Vulnerability: Patch but Don't Panic]( Experts say CVE-2022-42899 is a serious vulnerability, but widespread exploitation is unlikely because of the specific conditions that need to exist for it to happen. [Researchers Keep a Wary Eye on Critical New Vulnerability in Apache Commons Text]( There's nothing yet to suggest CVE-2022-42889 is the next Log4j. But proof-of-concept code is available, and interest appears to be ticking up. [Phishing Mitigation Can Cost Businesses More Than $1M Annually]( One of the oldest tactics in cybercrime is still one of the most widely feared — and with good reason, as campaigns are expected to increase and become more sophisticated over the next 12 months. [Concerns Over Fortinet Flaw Mount; PoC Released, Exploit Activity Grows]( The authentication bypass flaw in FortiOS, FortiProxy and FortiSwitchManager is easy to find and exploit, security experts say. [Feature-Rich 'Alchimist' Cyberattack Framework Targets Windows, Mac, Linux Environments]( The comprehensive, multiplatform framework comes loaded with weapons, and it is likely another effort by a China-based threat group to develop an alternative to Cobalt Strike and Sliver. [CISA Offers Free RedEye Analytics Tool for Red Teams]( The tool helps red teams manage their activities, analyze the data from their campaigns, create reports, and better present results to organizations. [Cybersecurity's Hiring Spree Requires a Recruiting Rethink]( Just 65 cybersecurity professionals are in the workforce for every 100 available jobs, new study shows. [Cyberattackers Spoof Google Translate in Unique Phishing Tactic]( The campaign uses a combination of tactics and a common JavaScript obfuscation technique to fool both end users and email security scanners to steal credentials. [Microsoft 365 Message Encryption Can Leak Sensitive Info]( The default email encryption used in Microsoft Office's cloud version is leaky, which the company acknowledged but said it wouldn't fix. [Signal to Ditch SMS/MMS Messaging on Android]( Main driver for the change: "Plaintext SMS messages are inherently insecure." [What the Uber Breach Verdict Means for CISOs in the US]( Can already beleaguered CISOs now add possible legal charges to their smorgasbord of job considerations? Disclose a breach to comply and face dismissal, or cover it up and face personal punishment. [Care and Feeding of the SOC's Most Powerful Tool: Your Brain]( Once overloaded, our brains can't process information effectively, performance decreases, and even the simplest of tasks seem foreign. [What You Need for a Strong Security Posture]( From the basics to advanced techniques, here's what you should know. [A New Solution to the Cybersecurity Skills Gap: Building Security into Operational Teams]( Why — and how — companies should consider shifting day-to-day security responsibilities out to operations teams. The move would elevate the team's level of decision-making and help address the challenge of finding professionals with security-specific credentials. [4 Stakeholders Critical to Addressing the Cybersecurity Workforce Gap]( A cross-disciplinary effort of change is needed to attract new professionals in the coming decade. [Shared Responsibility or Shared Fate? Decentralized IT Means We Are All Cyber Defenders]( With the IT universe expanding, collaboration, thoughtfulness, and discipline can ensure a more secure future. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [SBOMs: An Overhyped Concept That Won't Secure Your Software Supply Chain]( We need more than the incomplete snapshot SBOMs provide to have real impact. [Treat Essential Security Certificates as Valuable Assets]( Manage the company's often-overlooked security certificates as the valuable assets they are, essential for security hygiene and to prevent issues. [MORE]( EDITORS' CHOICE [8 Trends Driving Cybersecurity in the Public Sector]( CISOs and security leaders in state and local governments are dealing with increasing threats like ransomware — with varying degrees of cyber maturity. LATEST FROM THE EDGE [Apple's Constant Battles Against Zero-Day Exploits]( Such exploits sell for up to $10 million, making them the single most valuable commodity in the cybercrime underworld. LATEST FROM DR TECHNOLOGY [Microsoft Secures Azure Enclaves With Hardware Guards]( Microsoft highlighted emerging confidential computing offerings for Azure during its Ignite conference. WEBINARS - [Next-Gen Security Operations: Building the SOC of the Future]( What does a security operations center (SOCs) require in 2022? The practice of monitoring and responding to threats looks very different today than it did just a few years ago. Which tools and skills do you need know to outfit a ... - [Understanding Cyber Attackers & Their Methods]( Every day, your enterprise is at risk of being hacked. But just who are the cyber attackers, and what are their motivations? What methods might they use to crack enterprise data, and how do they stage their attacks? Do you ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Understanding the Zero Trust Approach]( - [Why Legacy Point Tools Are Failing in Today's Environment]( - [BotGuard Supplements CDN and WAF Case Study]( - [BotGuard for Applications Higher Education Case Study]( - [Achieve Balanced Security and Performance with Next-Generation Software-Defined WAN]( - [Top Four Steps to Reduce Ransomware Risk]( - [The Ultimate Buyer's Guide: SASE Security]( [View More White Papers >>]( FEATURED REPORTS - [Implementing Zero Trust In Your Enterprise: How to Get Started]( - [6 Elements of a Solid IoT Security Strategy]( - [Incorporating a Prevention Mindset into Threat Detection and Response]( [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [GroupSense Delivers New Ransomware Negotiation Training Service]( [ControlMap Announces the Launch of the Trust Portal, Creating Transparency in Cybersecurity Compliance]( [Resistant AI and ComplyAdvantage Launch AI Transaction Monitoring Solution To Combat Fraud and Money Laundering]( [Newly Introduced HackerOne Assets Goes Beyond Attack Surface Management To Close Security Gaps]( [Armis Now Available on Google Cloud Marketplace]( [Nexusguard Research Shows Total Number of DDoS Attacks Increased during First Half of 2022 While Maximum Attack Size Decreased Compared to Second Half of 2021]( [HSBC and Silent Eight Expand Machine Learning Partnership]( [Google Cloud Advances Partnerships with 20-Plus Software Companies Focused on Digital Sovereignty and Cybersecurity]( [GitGuardian Extends Code Security Platform, Adding Infrastructure-as-Code Scanning for Security Misconfigurations]( [Quarter of Healthcare Ransomware Victims Forced to Halt Operations]( [Imprivata Expands Its Integrated Digital Identity Platform to Defragment Identities Across Disparate Applications]( [New Research Report Predicts Blockchain and Quantum Threat Will Quickly Spread Beyond Cybercurrencies; Surge in New Product and Services Opportunities to Come]( [Revelstoke Teams Up With BreachRx, Offering Users Automated Incident Response and Compliance Solutions]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Building the SOC of the Future]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)