Prepare Now for Critical Flaw in OpenSSL, Security Experts Warn

Even if the security bug is not another Heartbleed, prepare like it might be, they note — it has potentially sprawling ramifications. [TechWeb]( Follow Dark Reading: [RSS]( October 28, 2022 LATEST SECURITY NEWS & COMMENTARY [Prepare Now for Critical Flaw in OpenSSL, Security Experts Warn]( Even if the security bug is not another Heartbleed, prepare like it might be, they note — it has potentially sprawling ramifications. [Cyberattackers Target Instagram Users With Threats of Copyright Infringement]( A novel campaign is using an emerging URL redirection tactic to try to trick business users and others into clicking on an embedded link and giving up credentials. [Cryptojacking, Freejacking Compromise Cloud Infrastructure]( Cybercriminal groups are targeting misconfigured Docker and Kubernetes clusters — or just automating the sign-up process for free trial accounts — to build infrastructure for cryptomining. [Raspberry Robin's Cyber Worm Infects Thousands of Endpoints]( The malware is being used to deliver Clop ransomware, in a vicious spate of October attacks that show an evolution in its methods. [iOS Bug Lets Apps Record Siri Conversations]( Without even asking for permissions, the newly discovered 'SiriSpy' flaw in Apple's iOS Bluetooth access could allow someone to access user interactions with Siri and keyboard-dictation audio. [Google Trumpets US Federal Open Source Security Initiative]( A bipartisan bill aims to create a usable framework for the use of open source components when building applications, which Google is urging the private sector to support. [How to Attract Top Research Talent for Your Bug Bounty Program]( Successful bug bounty programs strike a balance between vendor benefits and researcher incentives. [NY Post Falls Victim to Insider Threat]( A malicious employee was behind hateful, violent messages on the Post's website and Twitter account, the paper has confirmed. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Ransomware Gangs Ramp Up Industrial Attacks in US]( The manufacturing segment was especially hard hit by cyberattacks in the third quarter of 2022. [Windows Mark of the Web Zero-Days Remain Patchless, Under Exploit]( A pair of Microsoft bugs allow cyberattackers to bypass native Windows Internet download security, says former CERT CC researcher who discovered the flaws. [Open Source Is Just the Tip of the Iceberg in Software Supply Chain Security]( As more of the software stack consists of third-party code, it's time for a more-advanced open source vetting system. [MORE]( EDITORS' CHOICE [7 Hidden Social Media Cyber-Risks for Enterprises]( Leaning on social media to amplify your company's brand? Here's a look at the emerging cybersecurity risks that can arise from TikTok, LinkedIn, Twitter, and other platforms. LATEST FROM THE EDGE [3 Steps Small Businesses Can Take to Prevent Cyberattacks]( Setting priorities for internal security measures and outsourcing complex practices help protect small and midsize businesses. LATEST FROM DR TECHNOLOGY [Apple Launches New Security Research Hub]( Apple engineers share technical details about the team's work on memory safety features on the new Apple Security Research site. WEBINARS - [Analyzing and Correlating Security Operations Data]( Most security operations centers aren't failing because they don't have enough data - they are failing because they have too much data. In this webinar, experts recommend tools and best practices for correlating information from multiple security systems so that ... - [Building & Maintaining an Effective Incident Readiness and Response Plan]( The cyber attackers hit their mark: now what do you do? Whom do you call first? Do you have a plan to contain the damage, eliminate the threat, avoid destruction of forensic evidence, and keep the business The attackers have ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [State of Ransomware Readiness: Facing the Reality Gap]( - [Understanding the Zero Trust Approach]( - [Addressing Cyber Risk Starts with Understanding Cyber Risk]( - [5 Takeaways from Major Cybersecurity Headlines]( - [Why Legacy Point Tools Are Failing in Today's Environment]( - [How Hybrid Work Fuels Ransomware Attacks]( - [BotGuard for Denial of Inventory & Stockouts]( [View More White Papers >>]( FEATURED REPORTS - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( - [Breaches Prompt Changes to Enterprise IR Plans and Processes]( - [6 Elements of a Solid IoT Security Strategy]( [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Persona Launches Unified Identity Platform to Fight Fraud and Reduce Compliance Risk]( [Cybersecurity Startup Protexxa Raises $4 Million in Seed Funding to Protect Businesses and Individuals Online as Cybercrime Accelerates]( [Worldwide Banking Encryption Software Market to Reach $5.03 Billion by 2030 at a 13% CAGR]( [Netwrix Study: 86% of Cloud Attacks in the Healthcare Sector Result in Financial Losses or Other Damage]( [2022 Advisen-Zurich Survey Illuminates Growing Cybersecurity Concerns]( [OneLayer Opens 5G Security Lab for Network Security Companies to Research Threats to Private Cellular Networks]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Building the SOC of the Future]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)