Patch ASAP: Critical Citrix, VMware Bugs Threaten Remote Workspaces With Takeover

Hole-y software alert, Batman: Cybercriminal faves Citrix Gateway and VMware Workspace ONE have authentication-bypass bugs that could offer up total access to attackers. [TechWeb]( Follow Dark Reading: [RSS]( November 10, 2022 LATEST SECURITY NEWS & COMMENTARY [Patch ASAP: Critical Citrix, VMware Bugs Threaten Remote Workspaces With Takeover]( Hole-y software alert, Batman: Cybercriminal faves Citrix Gateway and VMware Workspace ONE have authentication-bypass bugs that could offer up total access to attackers. [Cloud9 Malware Offers a Paradise of Cyberattack Methods]( The Swiss Army knife-like browser extension is heaven for attackers — and can be hell for enterprise users. [Malicious Python Package Relies on Steganography to Download Malware]( The malicious package downloads an image from the Web, then uses a steganography module to extract and execute the code to download malware. [InterPlanetary File System Increasingly Weaponized for Phishing, Malware Delivery]( Cyberattackers like IPFS because it is resilient to content blocking and takedown efforts. [Long Island Midterm Votes Delayed Due to Cyberattack Aftereffects]( Suffolk County had to hand deliver voting databases with ballot results to the county election headquarters. [What We Really Mean When We Talk About ‘Cybersecurity’]( A lack of precision in our terminology leads to misunderstandings and confusion about the activities we engage in, the information we share, and the expectations we hold. [A Better Way to Resist Identity-Based Cyber Threats]( New approaches to identity access management are indispensable. [Experian, T-Mobile Pay Up in Multimillion-Dollar Data Breach Settlements]( Massachusetts Attorney General announced settlements across multiple states for damages from Experian's 2012 and 2015 breaches that violated consumer protection and notification laws. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Microsoft's Certificate-Based Authentication Enables Phishing-Resistant MFA]( Microsoft added certificate-based authentication (CBA) to the Azure Active Directory to help organizations enable phishing-resistant MFA that complies with US federal requirements. The change paves the way for enterprises to migrate their Active Directory implementations to the cloud. [It's Time to See Cybersecurity Regulation as a Friend, Not a Foe]( There's real value in having a better perspective around future regulation and compliance requirements. [The Shifting Role of the CISO]( My year as a venture capital CISO-in-residence. [MORE]( EDITORS' CHOICE [Microsoft Quashes Bevy of Actively Exploited Zero-Days for November Patch Tuesday]( Long-awaited security fixes for ProxyNotShell and Mark of the Web bypasses are part of a glut of actively exploited zero-day vulnerabilities and other critical flaws that admins need to prioritize in the coming hours. LATEST FROM THE EDGE [How US Businesses Suffer From the Lack of Personal Data Privacy Laws]( The stalling of federal legislation and the continued expansion of data brokers are fueling a phishing epidemic. LATEST FROM DR TECHNOLOGY [Detecting Malicious User Behavior Within and Across Applications]( The solution lies in analyzing sequences of activities as user journeys, instead of analyzing each activity on its own. WEBINARS - [State of Bot Attacks: What to Expect in 2023]( Malicious bots have moved past distributed denial-of-service and credential-stuffing attacks and are now capable of launching sophisticated attacks such as performing reconnaissance for future attacks, committing shopping cart and ticketing fraud, and engaging in clickjacking. Bot attacks are highly profitable ... - [Understanding Cyber Attackers & Their Methods]( Every day, your enterprise is at risk of being hacked. But just who are the cyber attackers, and what are their motivations? What methods might they use to crack enterprise data, and how do they stage their attacks? Do you ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Addressing Cyber Risk Starts with Understanding Cyber Risk]( - [Why Legacy Point Tools Are Failing in Today's Environment]( - [How Hybrid Work Fuels Ransomware Attacks]( - [Your Digital Transformation Is Being Sabotaged - The Surprising Impact of Sophisticated Bots]( - [BotGuard Supplements CDN and WAF Case Study]( - [Achieve Balanced Security and Performance with Next-Generation Software-Defined WAN]( - [Analyzing the Economic Benefits of Microsoft Defender for IoT]( [View More White Papers >>]( FEATURED REPORTS - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( - [Implementing Zero Trust In Your Enterprise: How to Get Started]( - [6 Elements of a Solid IoT Security Strategy]( [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Compliancy Group Urges Healthcare Organizations to Complete Their HIPAA Security Risk Assessments]( [Research Finds Less Than a Quarter of Organizations Fully Confident Ex-Employees No Longer Have Access to Company Infrastructure]( [Industrial Control Systems (ICS) Security Market Worth $23.7B by 2027, Report Says]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [How Enterprises Are Attacking the Cybersecurity Problem]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)