The Sky Is Not Falling: Disclosed OpenSSL Bugs Are Serious but Not Critical

Organizations should update to the latest encryption (version 3.0.7) as soon as possible, but there's no need for Heartbleed-like panic, security experts say. [TechWeb]( Follow Dark Reading: [RSS]( November 02, 2022 LATEST SECURITY NEWS & COMMENTARY [The Sky Is Not Falling: Disclosed OpenSSL Bugs Are Serious but Not Critical]( Organizations should update to the latest encryption (version 3.0.7) as soon as possible, but there's no need for Heartbleed-like panic, security experts say. [Layoffs Mount as Cybersecurity Vendors Hunker Down]( With the vast majority of business leaders expecting a recession in 2023, cybersecurity firms are bolstering their operations and cash flow by laying off workers. [China-Backed APT10 Supercharges Spy Game With Custom Fileless Backdoor]( The sophisticated and ever-evolving threat known as LodeInfo is being deployed against media, diplomatic, government, public sector, and think-tank targets. [Where Are All of the Container Breaches?]( Containers and their supporting infrastructure are too important to ignore. [How Retailers Can Stay Protected During the Most Wonderful Time of the Year]( Retailers' new holiday jingle must hit cybersecurity high points to help survive the season. Forget Dasher and Dancer — add SAST and DAST to app testing; manage third-party risks; and use MFA along with training and proper authentication to secure credentials. [Bed Bath & Beyond Discloses Data Breach to SEC]( The retailer reported that an employee fell for a phishing scam, allowing malicious actors to access shared drives. [FTC Gives Chegg an 'F' for Careless Cybersecurity Impacting 40M Students]( Ed-tech company Chegg is ordered by FTC to secure its systems after repeated breaches that exposed tens of millions of users' personal data. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Atlassian Vulnerabilities Highlight Criticality of Cloud Services]( Two flaws in the popular developer cloud platform show how weaknesses in authorization functions and SaaS flaws can put cloud apps at risk. [Does Security Have to Get Worse Before It Gets Better?]( How to solve the software vulnerability problem across the entire SDLC. [7 Hidden Social Media Cyber-Risks for Enterprises]( Leaning on social media to amplify your company's brand? Here's a look at the emerging cybersecurity risks that can arise from TikTok, LinkedIn, Twitter, and other platforms. [MORE]( EDITORS' CHOICE [Patch Now: Dangerous RCE Bug Lays Open ConnectWise Server Backup Managers]( A critical security vulnerability gives attackers a way to compromise thousands of systems at ConnectWise's managed service provider (MSP) customer locations and their downstream clients. LATEST FROM THE EDGE [Name That Edge Toon: Talk Turkey]( Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card. LATEST FROM DR TECHNOLOGY [Now That EDR Is Obvious, What Comes Next?]( First in our series addressing the top 10 unanswered questions in security: What's going to replace EDR? WEBINARS - [Analyzing and Correlating Security Operations Data]( Most security operations centers aren't failing because they don't have enough data - they are failing because they have too much data. In this webinar, experts recommend tools and best practices for correlating information from multiple security systems so that ... - [Penetration Testing, Red Teaming, and More: Improving Your Defenses By Thinking Like an Attacker]( Enterprises are increasingly discovering that the best way to expose vulnerabilities in their defenses is to think like an attacker. Penetration testing, red teaming, threat hunting, and other offensive strategies are helping organizations quickly find the holes in their cyber ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Ransomware Is On The Rise]( - [5 Takeaways from Major Cybersecurity Headlines]( - [Why Legacy Point Tools Are Failing in Today's Environment]( - [Why Email Security Is So Valuable For Protecting Against Ransomware]( - [The Threat Landscape HEATs Up with Highly Evasive Adaptive Threats]( - [2022 Cyberthreat Defense Report]( - [ESG: Investing in Incident Readiness]( [View More White Papers >>]( FEATURED REPORTS - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( - [Breaches Prompt Changes to Enterprise IR Plans and Processes]( - [Implementing Zero Trust In Your Enterprise: How to Get Started]( [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Network Perception and Check Point Software Technologies Partner to Tighten the Security of OT Firewall Environments]( [Online Holiday Shopping Frenzy: Study Shows 1 in 3 Americans Tend to Take More Risks When Shopping Online During Holiday Season]( [Critical Start® Launches New Managed SIEM Service]( [FitStack, a New Solution For Code and Container Risk Management, Launches With Support From Varsity Venture Studio]( [(ISC)² Expands DEI Initiative with International Partnership Agreements]( [Mercy College Awarded NSA Research Grant to Develop Cybersecurity Technology]( [Kodiak Robotics Hires Former Google Chief Information Security Officer Gerhard Eschelbeck]( [Mission Secure Releases Sentinel 5.0 Platform, Enabling Context-Aware, Zero Trust Security for Critical Infrastructure OT]( [Can You Nudge Employees Toward Better Cybersecurity? New Research Says Yes]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Building the SOC of the Future]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)