Curl Bug Hype Fizzles After Patching Reveal

Touted for days as potentially catastrophic, the curl flaws only impact a narrow set of deployments. [TechWeb]( Follow Dark Reading: [RSS]( October 12, 2023 LATEST SECURITY NEWS & COMMENTARY [Curl Bug Hype Fizzles After Patching Reveal]( Touted for days as potentially catastrophic, the curl flaws only impact a narrow set of deployments. [Microsoft: Chinese APT Behind Atlassian Confluence Attacks; PoCs Appear]( Organizations should brace for mass exploitation of CVE-2023-22515, an uber-critical security bug that opens the door to crippling supply chain attacks on downstream victims. [Chinese 'Stayin' Alive' Attacks Dance Onto Targets With Dumb Malware]( A sophisticated APT known as "ToddyCat," sponsored by Beijing, is cleverly using unsophisticated malware to keep defenders off their trail. [Cloud Security Demand Drives Better Cyber-Firm Valuations — and Deals]( Cisco's $28 billion purchase of Splunk was the biggest story, but there were other big security acquisitions and investments during a richer-than-expected quarter. [Magecart Campaign Hijacks 404 Pages to Steal Data]( The novel technique helps hide the cybercriminal campaign's efforts to steal credit card information from visitors to major websites, and it represents an evolution for Magecart. [Data Thieves Test-Drive Unique Certificate Abuse Tactic]( An SEO poisoning campaign is spreading the RecordBreaker/Raccoon Stealer and LummaC2 infostealers by attempting to confound software certificate checks. [One-Click 'Gnome' Exploit Is a Supply Chain Risk for Linux OSes]( An overlooked library contains a vulnerability that could enable full remote takeover simply by clicking a link. [Adobe Acrobat Reader Vuln Now Under Attack]( CISA flags use-after-free bug now being exploited in the wild. [Addressing a Breach Starts With Getting Everyone on the Same Page]( The best incident-response plans cover contingencies and are fine-tuned in stress tests to ensure collaboration, remediation, and recovery efforts align. [Reassessing the Impacts of Risk Management With NIST Framework 2.0]( The latest NIST Cybersecurity Framework draft highlights four major themes that organizations should pay attention to for managing risk. [(Sponsored Article) The Need for Speed: When Cloud Attacks Take Only 10 Minutes]( Security sensors are common in the home for both prevention and response in the event something goes wrong. But in the cloud, have you taken the same approach? [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Microsoft Patch Tuesday Haunted by Zero-Days, Wormable Bug]( October's CVE update is here. Here's which security vulnerabilities to patch now to exorcise your Microsoft systems demons. [Old-School Attacks Are Still a Danger, Despite Newer Techniques]( The cold, hard truth? Cybercriminals are still perpetuating plenty of unsophisticated attacks for a simple reason: They work. [How Keyloggers Have Evolved From the Cold War to Today]( Keyloggers have been used for espionage since the days of the typewriter, but today's threats are easier to get and use than ever. [MORE]( EDITORS' CHOICE [Internet-Wide Zero-Day Bug Fuels Largest-Ever DDoS Event]( Ongoing Rapid Reset DDoS flood attacks exposed organizations need to patch CVE-2023-44487 immediately to head off crippling outages and business disruption. LATEST FROM THE EDGE [New California Delete Act Tightens Rules for Data Brokers]( Companies with customers in California need to prepare for a new process for demanding deletion of personal data. LATEST FROM DR TECHNOLOGY [Protect AI Releases 3 AI/ML Security Tools as Open Source]( The company released NB Defense, ModelScan, and Rebuff, which detect vulnerabilities in machine learning systems, on GitHub. LATEST FROM DR GLOBAL [Gaza Conflict: How Israeli Cybersecurity Will Respond]( The Israeli-Hamas war will most assuredly impact businesses when it comes to ramped-up cyberattacks. Experts say that Israel's considerable collection of cybersecurity vendors be a major asset on the cyber-front. WEBINARS - [When Tech Converges, Orgs Consolidate: Navigating Change Across your Security Platforms]( Convergence trends across both Web Application and API Protection (WAAP) and Secure Access Service Edge (SASE) are no coincidence. Modern organizations need the multiplicative value these security platform approaches provide, with underlying capabilities that were designed to work together. And ... - [Data Analytics That Matter Most to The Modern Enterprise]( Security teams are overwhelmed with incident data, alerts, and log files. Each endpoint and each application generate its own set of data. How do you know which ones are useful? How do you collect, aggregate, and analyze security data so ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [The Forrester Wave: External Threat Intelligence Service Providers, Q3 2023]( - [Threat Intelligence: Data, People and Processes]( - [Building Cyber Resiliency: Key Strategies for Proactive Security Operations]( - [Mandiant Threat Intelligence at Penn State Health]( - [The Ultimate Guide to the CISSP]( - [Rediscovering Your Identity]( - [Cybersecurity in a post pandemic world: A focus on financial services]( [View More White Papers >>]( FEATURED REPORTS - [Everything You Need to Know About DNS Attacks]( - [Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks]( The most profound change to enterprise security with the rise of remote work is the way endpoint security has moved from last line of defense to being on the frontline. The user's endpoint is the first device attackers encounter, making ... - [How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment]( Concerns over API security and low-code/no-code use added to an already-full plate of application security challenges for many organizations over the last year. IT and security decision-makers are deeply concerned about compromises resulting from vulnerabilities in the software supply ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [WatchGuard Threat Lab Report Finds Endpoint Malware Volumes Decreasing Despite Campaigns Growing More Expansive]( [RIT Is the First University to Receive Support From the Google Cybersecurity Clinics Fund]( [SecTor 2023: Full Schedule Programming for Toronto Event]( [37% Intimidated, 39% Frustrated With Online Security Highlighting Digital Anxiety]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Passwords Are Passe: Next Gen Authentication Addresses Today's Threats]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=118709&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_10.12.23&sp_cid=50115&utm_content=DR_NL_Dark%20Reading%20Daily_10.12.23&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#99 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)