Command-Injection Bug in Cisco Industrial Gear Opens Devices to Complete Takeover | Phishers' Microsoft Trick

Two security holes — one particularly gnarly — could allow hackers the freedom to do as they wish with the popular edge equipment. [TechWeb]( Follow Dark Reading: [RSS]( February 02, 2023 LATEST SECURITY NEWS & COMMENTARY [Command-Injection Bug in Cisco Industrial Gear Opens Devices to Complete Takeover]( Two security holes — one particularly gnarly — could allow hackers the freedom to do as they wish with the popular edge equipment. [Phishers Trick Microsoft Into Granting Them 'Verified' Cloud Partner Status]( Everyone on Twitter wants a blue check mark. But Microsoft Azure's blue badges are even more valuable to a threat actor stealing your data via malicious OAuth apps. [Lazarus Group Rises Again, to Gather Intelligence on Energy, Healthcare Firms]( An OpSec slip from the North Korean threat group helps researchers attribute what was first suspected as a ransomware attack to nation-state espionage. [Discrepancies Discovered in Vulnerability Severity Ratings]( Differences in how the National Vulnerability Database (NVD) and vendors score bugs can make patch prioritization harder, study says. [Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine]( The incidents are the latest indication of the growing popularity of dangerous disk wipers, created to disrupt and degrade critical infrastructure and other organizations. [Companies Struggle With Zero Trust as Attackers Adapt to Get Around It]( Only one in 10 enterprises will create a robust zero-trust foundation in the next three years, while more than half of attacks won't even be prevented by it, according to Gartner. [Hive Ransomware Gang Loses Its Honeycomb, Thanks to DoJ]( The US Department of Justice hacked into Hive's infrastructure, made off with hundreds of decryptors, and seized the gang's operations. [Federal Agencies Infested by Cyberattackers via Legit Remote Management Systems]( Hackers don't need a key to get past your defenses if they can essentially teleport using RMMs, warns CISA and the NSA. [Inside Killnet: Pro-Russia Hacktivist Group's Support and Influence Grows]( Killnet is building its profile, inspiring jewelry sales and rap anthems. But the impact of its DDoS attacks, like the ones that targeted 14 major US hospitals this week, remain largely questionable. [Critical RCE Lexmark Printer Bug Has Public Exploit]( A nasty SSRF bug in Web Services plagues a laundry list of enterprise printers. [3 Ways ChatGPT Will Change Infosec in 2023]( OpenAI's chatbot has the promise to revolutionize how security practitioners work. [Will Cybersecurity Remain Recession-Proof in 2023?]( Demand for skilled professionals will remain high, but cyber budgets will be eaten away. [Organizations Must Brace for Privacy Impacts This Year]( Expect more regulatory and enforcement action in the US and around the world. [Application Security Must Be Nonnegotiable]( Companies need to keep security priorities top of mind during economic downturns so all-important revenue generation doesn't come with a heaping side order of security problems. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Beating the Odds: 3 Challenges Women Face in the Cybersecurity Industry]( Companies need to be aware of the work culture they foster. Diversity and inclusion aren't just buzzwords. Increasing female visibility and improving female mentoring to help women enter and advance within the cybersecurity industry are key steps forward. [Spotlight on 2023 DevSecOps Trends]( Solutions that provide more actionable results — remediation that frees up engineers, processes which integrate security into software development from its design, along with automation, IAC, and tool consolidation — are among the DevSecOps strategies that will prevail this year. [MORE]( EDITORS' CHOICE [Firmware Flaws Could Spell 'Lights Out' for Servers]( Five vulnerabilities in the baseboard management controller (BMC) software used by 15 major vendors could allow remote code execution if attackers gain network access. LATEST FROM THE EDGE [A Child's Garden of Cybersecurity]( Whether you dream of your child becoming a CISO or just want them to improve their security hygiene, consider this roundup of literary geekery. LATEST FROM DR TECHNOLOGY [Software Supply Chain Security Needs a Bigger Picture]( SBOMs aren't enough. OpenSSF's Alpha-Omega brings in new blood to help secure the open source projects most impactful to the software supply chain. WEBINARS - [Deciphering the Hype Around XDR]( Security teams are increasingly being asked about the organization's Extended Detection and Response capabilities. There is still a lot of confusion and misunderstanding about XDR and what it can accomplish. XDR goes beyond endpoint monitoring and detection, while extending visibility ... - [A Roadmap to Zero Trust: Steps for Meaningful Progress Amongst the Hype]( Join this webinar as our Zero Trust experts discuss "quick wins" like: --Enforcing strong multifactor authentication and Zero Trust policies for critical applications. --Closing inbound ports open to the Internet. --Areas not always included in the Zero Trust conversation, like ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( - [State of Email Security]( - [Ransomware Resilience and Response: The Next-Generation]( - [Ransomware Is On The Rise]( - [State of Ransomware Readiness: Facing the Reality Gap]( - [How Hybrid Work Fuels Ransomware Attacks]( [View More White Papers >>]( FEATURED REPORTS - [The Promise and Reality of Cloud Security]( Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ... - [10 Hot Talks From Black Hat USA 2022]( Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ... - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Vista Equity Partners Completes Acquisition of KnowBe4]( [Radiant Logic Signs Definitive Agreement to Acquire Brainwave GRC]( [Gem Security Emerges From Stealth With $11M, Unveils Cloud TDIR Platform for Faster Response to Cloud Threats]( [Contrast Security Launches Alliance Program to Change the Way Customers Scale Their Security Solutions]( [Fortra's Terranova Security 2022 Gone Phishing Tournament Results Reveal Large Organizations at Highest Risk of Compromising Data]( [KnowBe4 to Offer $10,000 to Black Americans in Cybersecurity Scholarship]( [ManageEngine Study Finds United States Enterprises Hit by Short-Staffed Security Operations Centers]( [Aura and Nonprofit Cyversity Partner to Support a More Inclusive Cyber Workforce]( [New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year]( [SentinelOne and KPMG Announce Alliance To Accelerate Cyber Investigations and Response]( [Sentra Raises $30 Million Series A Financing to Meet Growing Demand for Data Security in the Cloud]( [Fake Texts From the Boss, Bogus Job Postings and Frankenstein Shoppers — Oh My!]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [The Promise and Reality of Cloud Security]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)