Microsoft Azure HDInsight Plagued With XSS Vulnerabilities

To boot, the technology could be riddled with other flaws via its Apache services components, a security vendor says. [TechWeb]( Follow Dark Reading: [RSS]( September 14, 2023 LATEST SECURITY NEWS & COMMENTARY [Microsoft Azure HDInsight Plagued With XSS Vulnerabilities]( To boot, the technology could be riddled with other flaws via its Apache services components, a security vendor says. ['Scattered Spider' Behind MGM Cyberattack, Targets Casinos]( The ransomware group is a collection of young adults, and also recently breached Caesars Entertainment and made a ransom score in the tens of millions range. [When LockBit Ransomware Fails, Attackers Deploy Brand-New '3AM']( Nothing good happens after 2 a.m., they say, especially when hackers have two kinds of ransomware at their disposal. [A 2-Week Prescription for Eliminating Supply Chain Threats]( Giving users time to detect and then update hijacked packages can help developers avoid using malicious code in software development. [Federal Mandates on Medical-Device Cybersecurity Get Serious]( In October, the US Food and Drug Administration will start rejecting medical devices that lack a secure design or a post-market cybersecurity plan. [Cybersecurity Skills Gap: Roadies & Gamers Are Untapped Talent]( Gamers and former sound engineers and roadies can help boost the cybersecurity talent pool. Their flexible mindset and attention to detail make them valuable resources. [Kubernetes Admins Warned to Patch Clusters Against New RCE Vulns]( All Windows endpoints within a vulnerable Kubernetes cluster are open to command injection attacks, new research finds. [Recent Rhysida Attacks Show Focus on Healthcare by Ransomware Actors]( The operators of the Rhysida ransomware-as-a-service have claimed credit for a crippling attack on Mississippi's Singing River health system. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Microsoft Patches a Pair of Actively Exploited Zero-Days]( Five critical bugs, zero-days exploited in the wild, Exchange Server, and more headline Microsoft's September 2023 Patch Tuesday release. Here's what to patch now. [Attackers Abuse Google Looker Studio to Evade DMARC, Email Security]( Cyberattackers are tapping the legitimacy of the Web-based data-visualization tool in a campaign aimed at stealing credentials and defrauding hundreds of business users. [Overcoming the Rising Threat of Session Hijacking]( Passkeys and multifactor authentication aren't enough for combating infostealer malware, which can exfiltrate corporate data before anyone knows an attack happened. [MORE]( EDITORS' CHOICE [MGM Resorts Cyberattack Hobbles Las Vegas Strip Operations]( Hospitality behemoth struggles to recover following a Sunday cyber incident that looks a lot like a ransomware attack. LATEST FROM THE EDGE [Rail Cybersecurity Is a Complex Environment]( CISOs in the rail industry must protect an older, more complex infrastructure than most industries. Here are some of the unique, high-stakes challenges. LATEST FROM DR TECHNOLOGY [Microsoft, Google Take on Obsolete TLS Protocols]( Google shortened the lifetime of Transport Layer Security (TLS) certificates, and Microsoft plans to downgrade support for older versions, giving companies more data security but also removing visibility into their own traffic. LATEST FROM DR GLOBAL [Iran's Charming Kitten Pounces on Israeli Exchange Servers]( Archrivals face off in the cyber plane, as opportunistic hackers prey on the unpatched and generally negligent. WEBINARS - [Cyber Risk Assessment Secrets From the Pros]( Executives want to know whether they should worry about an attack that hit another organization. They worry how safe they are from a breach. But it can be difficult for security teams to quantitatively measure risk, or even say with ... - [Managing Security In a Hybrid Cloud Environment]( Many enterprises have embraced hybrid- and multi-clouds. They spread their workloads across private data centers and public cloud, or across multiple cloud providers. How do you manage security when the tools are all different? How do you enforce security controls ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Threat Intelligence: Data, People and Processes]( - [Building Cyber Resiliency: Key Strategies for Proactive Security Operations]( - [Crucial Considerations when Enabling Secure Industrial Digital Transformation]( - [Evaluating SASE for the Work-From-Anywhere Era]( - [Work From Anywhere Doesn't Have to Be Complicated]( - [2023 Work-From-Anywhere Global Study]( - [Cybersecurity in 2023 and beyond: 12 leaders share their forecasts]( [View More White Papers >>]( FEATURED REPORTS - [What Ransomware Groups Look for in Enterprise Victims]( Ransomware attackers cast a wide net -- they just care about causing damage, making money, and gaining new victims. That means no organization is automatically immune to attack just because of its size or industry. Organizations need to take steps ... - [How to Use Threat Intelligence to Mitigate Third-Party Risk]( The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ... - [How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment]( Concerns over API security and low-code/no-code use added to an already-full plate of application security challenges for many organizations over the last year. IT and security decision-makers are deeply concerned about compromises resulting from vulnerabilities in the software supply ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Claroty Unveils Vulnerability & Risk Management Capabilities to Elevate Risk Reduction for Cyber-Physical Systems]( [NordVPN Launches Sonar to Prevent Phishing Attacks]( [World Security Report Finds Physical Security Incidents Cost Companies USD $1T in 2022]( [Google and Acalvio Partner to Deliver Active Defense to Protect Customers From Advanced Threats]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [How Supply Chain Attacks Work, and How to Stop Them]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=118195&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_09.14.23&sp_cid=49811&utm_content=DR_NL_Dark%20Reading%20Daily_09.14.23&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#33 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)