Citrix Zero-Day: 7K Instances Remain Exposed, 460 Compromised

Many organizations have failed to patch a critical zero-day vulnerability, allowing hackers to install Web shells on hundreds of endpoints. [TechWeb]( Follow Dark Reading: [RSS]( August 09, 2023 LATEST SECURITY NEWS & COMMENTARY [Citrix Zero-Day: 7K Instances Remain Exposed, 460 Compromised]( Many organizations have failed to patch a critical zero-day vulnerability, allowing hackers to install Web shells on hundreds of endpoints. [TUNE IN Dark Reading News Desk: Live at Black Hat USA 2023]( Watch Dark Reading News Desk live from Black Hat USA 2023, starting at 10 a.m. PT. [Microsoft Fixes 74 CVEs in August Update]( Attackers are already exploiting one of Microsoft's latest fixes in the wild. [Custom Yashma Ransomware Crashes Into the Scene]( The threat actor is targeting organizations in Bulgaria, China, Vietnam, and various English-speaking nations. [Attacker Breakout Time Shrinks Again, Underscoring Need for Automation]( Just 79 minutes — that's how long it takes attackers to move from an initial compromise to extending their infiltration of a firm's network. [Russian Rocket Bureau Faces Cyber-Espionage Breach, North Korea Responsible]( Whether or not North Korea used information gathered from its cyber-espionage teams in this breach to build up its own military technology is unknown. [India Data Protection Bill Approved, Despite Privacy Concerns]( Opponents claim the new bill hinders right to information, while there are concerns on data transfers outside the country. [10 Key Controls to Show Your Organization Is Worthy of Cyber Insurance]( More-effective cyber-risk management controls can help bolster a company's policy worthiness. Start with these 10 tips to manage risk as underwriter requirements get more sophisticated. [The Problem With Cybersecurity (and AI Security) Regulation]( Are we really improving security, or are we just imposing more regulation? [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Ransomware Victims Surge as Threat Actors Pivot to Zero-Day Exploits]( Threat actors such as the operators of the Cl0p ransomware family increasingly exploit unknown and day-one vulnerabilities in their attacks. [Selling Software to the US Government? Know Security Attestation First]( Challenging new safety requirements are needed to improve security and work toward a more secure future. [Apple Users See Big Mac Attack, Says Accenture]( Accenture's Cyber Threat Intelligence unit has observed a tenfold rise in Dark Web threat actors targeting macOS since 2019, and the trend is poised to continue. [MORE]( EDITORS' CHOICE [Mallox Ransomware Group Revamps Malware Variants, Evasion Tactics]( The group continues to target SQL servers, adding the Remcos RAT, BatCloak, and Metasploit in an attack that shows advance obfuscation methods. LATEST FROM THE EDGE [Name That Edge Toon: How Now?]( Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card. LATEST FROM DR TECHNOLOGY [Analyzing Network Chaos Leads to Better DDoS Detection]( Suspicious changes in entropy allow researchers to more accurately spot distributed denial-of-service attacks, but false positives remain a problem. LATEST FROM DR GLOBAL [Raft of TETRA Zero-Day Vulnerabilities Endanger Industrial Communications]( Further TETRA-related vulnerabilities have been disclosed in base stations that run and decrypt the worldwide communications protocol for industrial systems. WEBINARS - [The Dark Side of AI: Unmasking its Threats and Navigating the Shadows of Cybersecurity in the Digital Age]( Artificial Intelligence has come roaring to the forefront of today's technology landscape. It has revolutionized industries and will modernize careers, bringing numerous benefits and advancements to our daily lives. However, it is crucial to recognize that AI also introduces unseen ... - [Where and When Automation Makes Sense For Enterprise Cybersecurity]( A shortage of skilled IT security professionals has made it tempting to try to automate everything. But security teams have to be able to determine which tasks are safe to automate. How does emerging automation technology work, and how can ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [9 Traits You Need to Succeed as a Cybersecurity Leader]( - [The Ultimate Guide to the CISSP]( - [Rediscovering Your Identity]( - [2023 Global Future of Cyber Report]( - [Cybersecurity in a post pandemic world: A focus on financial services]( - [Cybersecurity in 2023 and beyond: 12 leaders share their forecasts]( - [Know your customer: Enable a 360-degree view with customer identity & access management]( [View More White Papers >>]( FEATURED REPORTS - [Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware]( - [Successfully Managing Identity in Modern Cloud and Hybrid Environments]( Cloud promised to simplify the security and management of enterprise systems. In many ways it has, but when it comes to identity management it's as complicated as ever. This report details how to get identity programs on track -- and ... - [The Promise and Reality of Cloud Security]( Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [75% of Organizations Worldwide Set to Ban ChatGPT and Generative AI Apps on Work Devices]( [zkPass Secures $2.5M in Seed Funding to Safeguard User Privacy and Data]( [Brillio Partners With Google Cloud to Build Generative AI Solutions for the Financial Services and Healthcare Industries]( [Akamai Research: Rampant Abuse of Zero-Day and One-Day Vulnerabilities Leads to 143% Increase in Victims of Ransomware]( [SecurityScorecard Launches Managed Cyber Risk Services to Mitigate Zero-Day and Critical Supply Chain Vulnerabilities]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [The Secrets of Successful SecOps Data Analytics]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=117656&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_08.09.23&sp_cid=49442&utm_content=DR_NL_Dark%20Reading%20Daily_08.09.23&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#c2 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)