Patch Now: Cybercriminals Set Sights on Critical IBM File Transfer Bug

A vulnerability with a 9.8 CVSS rating in IBM's widely deployed Aspera Faspex offering is being actively exploited to compromise enterprises. [TechWeb]( Follow Dark Reading: [RSS]( March 30, 2023 LATEST SECURITY NEWS & COMMENTARY [Patch Now: Cybercriminals Set Sights on Critical IBM File Transfer Bug]( A vulnerability with a 9.8 CVSS rating in IBM's widely deployed Aspera Faspex offering is being actively exploited to compromise enterprises. [Bundestag Bungle: Political Microtargeting of Facebook Users Draws Ire]( With shades of the Cambridge Analytica scandal, German political parties skirted consumer data privacy regulations during the country's last parliamentary election, a privacy watchdog warns. [Twitter's Source Code Leak on GitHub a Potential Cyber Nightmare]( Indicators point to Twitter's source code being publicly available for around three months, offering a developer security object lesson for businesses. [Top Tech Talent Warns of AI's Threat to Human Existence in Open Letter]( Elon Musk, Steve Wozniak, and Andrew Yang are among more than 1,000 tech leaders asking for time to establish human safety parameters around AI. [7 Women Leading the Charge in Cybersecurity Research & Analysis]( From rising stars to veterans heading up research teams, check out our profiles of women making a big impact in cyber defense as the threat landscape expands. [Millions of Pen Tests Show Companies' Security Postures Are Getting Worse]( A lack of website protections, Sender Policy Framework (SPF) records, and DNSSEC configurations leave companies open to phishing and data exfiltration attacks. [Hey, Siri: Hackers Can Control Smart Devices Using Inaudible Sounds]( A technique, dubbed the "Near-Ultrasound Inaudible Trojan" (NUIT), allows an attacker to exploit smartphones and smart speakers over the Internet, using sounds undetectable by humans. [Zoom Zoom: 'Dark Power' Ransomware Extorts 10 Targets in Less Than a Month]( A new threat actor is racking up victims and showing unusual agility. Part of its success could spring from the use of the Nim programming language. [Clop Keeps Racking Up Ransomware Victims With GoAnywhere Flaw]( After several weeks and more than 130 ransomware victims, GoAnywhere parent company Forta issues a statement. [CISA Releases Hunt Tool for Microsoft's Cloud Services]( CISA released the hunt and response tool to help defenders extract cloud artifacts without performing additional analytics. [MacStealer Malware Plucks Bushels of Data From Apple Users]( A novel cyber threat against macOS users is being sold for $100 a pop on the Dark Web, and activity is ramping up. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest]( In two days, ethical researchers from 10 countries have unearthed more than 22 zero-day bugs in a wide range of technologies at the annual hacking contest. [MITRE Rolls Out Supply Chain Security Prototype]( Cloud-based System of Trust application now available for test-driving quantitative risk assessment of suppliers of hardware, software, services. [Chinese Warships Suspected of Signal-Jamming Passenger Jets]( Attackers claiming to be part of the Chinese navy are making calls to commercial Qantas pilots midair, while GPS, comms systems, and altimeter instruments are all experiencing denial of service. [MORE]( EDITORS' CHOICE [Name That Toon: It's E-Live!]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. LATEST FROM THE EDGE [How CISOs Can Work With the CFO to Get the Best Security Budget]( CISOs can and should push back when they're presented with budget costs that affect the business. Here's how. LATEST FROM DR TECHNOLOGY [Drive to Pervasive Encryption Boosts Key Management]( Key vaults, aka key-management-as-a-service (KMaaS), promise to allow companies to encrypt sensitive data across cloud and third parties with granular control. WEBINARS - [How to Launch a Threat Hunting Program]( Security teams need to be more proactive about finding threats before they can cause too much damage. How do these enterprises build threat hunting programs? What stakeholders needs to be involved? What skills are necessary for the threat hunting team? ... - [ChatGPT: Defending Your Business Against AI-Supercharged Ransomware]( This webinar will dig into the ways criminals are projected to take advantage of ChatGPT and other AI tools to improve the reach and effectiveness of their ransomware attacks. The session will conclude with a review of a 12-step plan ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [The Essential Guide to Secure Web Gateway]( - [Securing OT, Remote Access and Converged SOC Operations]( - [IT/OT Convergence Enables Security Operations Synergies]( - [Top Three Considerations To Build, Deploy, and Run Your Application Journey]( - [Cloud Journey Adoption Stage: Securing Hybrid and Multi-cloud Environments]( - [Attack Surface Management v2.0 by Brad LaPorte]( - [State of Enterprise Cybersecurity: Invest Now, or Pay Big Later]( [View More White Papers >>]( FEATURED REPORTS - [The 10 Most Impactful Types of Vulnerabilities for Enterprises Today]( The enterprise attack surface is constantly expanding. Enterprises have to think beyond zero day vulnerabilities. It's imperative security teams start looking at vulnerabilities in 5G, firmware, edge, and ICS/OT, among others. Managing system vulnerabilities is one of the old ... - [10 Hot Talks From Black Hat USA 2022]( Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ... - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Lightspin Launches Remediation Hub to Identify and Fix Cloud Security Threats]( [Bitwarden Announces Secrets Management With a Combination of Open Source, End-to-End Encryption, and Ease of Use]( [CyberSecure Announces Strategic Alliance]( [Vectra Unifies AI-Driven Behavior-Based Detection and Signature-Based Detection]( [Kaspersky Survey Finds One in Three Users Have Experienced CryptoTheft]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [The 10 Most Impactful Types of Vulnerabilities for Enterprises Today]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)