New Exploit Broker on the Scene Pays Premium for Signal App Zero-Days

Signal messaging app zero-day vulnerabilities have sparked a $1.5M bidding match, as gray-market exploit brokers flourish in today's geopolitical climate. [TechWeb]( Follow Dark Reading: [RSS]( December 01, 2022 LATEST SECURITY NEWS & COMMENTARY [New Exploit Broker on the Scene Pays Premium for Signal App Zero-Days]( Signal messaging app zero-day vulnerabilities have sparked a $1.5M bidding match, as gray-market exploit brokers flourish in today's geopolitical climate. [Critical Quarkus Flaw Threatens Cloud Developers With Easy RCE]( Red Hat has issued patches for a bug in an open source Java virtual machine software that opens the door to drive-by localhost attacks. Patch now, as it's easy for cyberattackers to exploit. [Google TAG Warns on Emerging Heliconia Exploit Framework for RCE]( The framework has ties back to a Spanish exploit broker called Variston IT, and offers a one-stop shop for compromising Chrome, Defender and Firefox. [Nvidia GPU Driver Bugs Threaten Device Takeover & More]( If unpatched, a host of GPU Display Driver flaws could expose gamers, graphic designers, and others to code execution, denial of service, data tampering, and more. [The Evolution of Business Email Compromise]( The simplicity and profitability of these attacks continue to appeal to threat actors a decade later. [How Banks Can Upgrade Security Without Affecting Client Service]( New protective measures work behind the scenes, with little impact on the customer experience. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Cyberattackers Selling Access to Networks Compromised via Recent Fortinet Flaw]( The vulnerability, disclosed In October, gives an unauthenticated attacker a way to take control of an affected product. [CISA's Strategic Plan Is Ushering in a New Cybersecurity Era]( Today's cyber environment requires less emphasis on detection and perimeter defenses and more focus on bolstering security with resilience. [Why the Culture Shift on Privacy and Security Means Today's Data Looks Different]( A lack of federal regulatory legislation leaves US privacy concerns to battle for attention with other business priorities. [MORE]( EDITORS' CHOICE [Acer Firmware Flaw Lets Attackers Bypass Key Security Feature]( The manufacturer is working to fix a vulnerability — similar to a previous problem in Lenovo laptops — that allows threat actors to modify or disable Secure Boot settings to load malware. LATEST FROM THE EDGE [How to Use Cyber Deception to Counter an Evolving and Advanced Threat Landscape]( Organizations must be prepared to root out bad actors by any means possible, even if it means setting traps and stringing lures. LATEST FROM DR TECHNOLOGY [CI Fuzz CLI Brings Fuzz Testing to Java Applications]( CI Fuzz CLI, the open source fuzzing tool with just three commands, integrates fuzz testing directly into the software development workflow. WEBINARS - [Cloud Security Essentials]( The pandemic accelerated cloud technology adoption to better support and streamline remote workers, but going to the cloud is not just a set-it-and-forget-it strategy for security. The potential attack surface actually expands with the cloud, and without the proper controls ... - [Seeing Your Attack Surface Through the Eyes of an Adversary]( The best way to manage exposure, reduce risk, and improve your security posture is to understand your attack surface through the eyes of an attacker. Cortex Xpanse provides automated Attack Surface Management with an agentless implementation. Xpanse scans the entirety ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( - [State of Email Security]( - [Ransomware Resilience and Response: The Next-Generation]( - [How Hybrid Work Fuels Ransomware Attacks]( - [Your Digital Transformation Is Being Sabotaged - The Surprising Impact of Sophisticated Bots]( - [BotGuard for Streaming Service Case Study]( - [BotGuard for Applications Higher Education Case Study]( [View More White Papers >>]( FEATURED REPORTS - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( - [Implementing Zero Trust In Your Enterprise: How to Get Started]( - [2022 State of Network Management (a $499 Value FREE)]( We surveyed networking professionals about their networking budgets, spending priorities, and concerns. Find out how big of a role security is playing and how they plan to address it. Download the report today! [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [SPHERE Receives $31M for Series B Funding From Edison Partners, Forgepoint Capital]( [Identity Digital Releases Its First DNS Anti-Abuse Report]( [Delinea Introduces Granular Privileged Access Controls on Servers]( [CyberRatings.org Revives NSS Labs Research]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Creating an Effective Incident Response Plan]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)