Critical, Unpatched Cisco Zero-Day Bug Is Under Active Exploit

No patch or workaround is currently available for the maximum severity flaw, which allows attackers to gain complete administrator privilege on affected devices remotely and without authentication. [TechWeb]( Follow Dark Reading: [RSS]( October 17, 2023 LATEST SECURITY NEWS & COMMENTARY [Critical, Unpatched Cisco Zero-Day Bug Is Under Active Exploit]( No patch or workaround is currently available for the maximum severity flaw, which allows attackers to gain complete administrator privilege on affected devices remotely and without authentication. [Malicious 'Airstrike Alert' App Targets Israelis]( A spoofed version of the popular RedAlert app collects sensitive user data on Israeli citizens, including contacts, call logs, SMS account details, and more. [Pro-Israeli Hacktivist Group 'Predatory Sparrow' Reappears]( It's been a year since its last communication and attack on Iran — but the conflict with Hamas appears to have reactivated the group. ['RomCom' Cyber Campaign Targets Women Political Leaders]( A threat group known as "Void Rabisu" used a spoofed Women Political Leaders Summit website to target attendees to the actual conference with espionage malware. [How Data Changes the Cyber-Insurance Market Outlook]( By using data to drive policy underwriting, cyber-insurance companies can offer coverage without a price tag that drives customers away. [Name That Toon: Modern Monarchy]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. [(Sponsored Article) Addressing AI and Security Challenges With Red Teams: A Google Perspective]( Red Teams can help organizations better understand vulnerabilities and secure critical AI deployments. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Feds: Beware AvosLocker Ransomware Attacks on Critical Infrastructure]( CISA and FBI warn the RaaS provider's affiliates are striking critical industries, with more attacks expected to come from additional ransomware groups in the months ahead. [How MOVEit Is Likely to Shift Cyber Insurance Calculus]( Progress Software plans to collect millions in cyber insurance policy payouts after the MOVEit breaches, which will make getting coverage more expensive and harder to get for everyone else, experts say. [What the Hollywood Writers Strike Resolution Means for Cybersecurity]( The writers' strike shows that balancing artificial intelligence and human ingenuity is the best possible outcome for creative as well as cybersecurity professionals. [MORE]( EDITORS' CHOICE [ShellBot Cracks Linux SSH Servers, Debuts New Evasion Tactic]( The botnet — built for DDoS, backdooring, and dropping malware — is evading standard URL signature detections with a novel approach involving Hex IP addresses. LATEST FROM THE EDGE [Security Must Empower AI Developers Now]( Enterprises need to create a secure structure for tracking, assessing, and monitoring their growing stable of AI business apps. LATEST FROM DR TECHNOLOGY [5 Ways Hospitals Can Help Improve Their IoT Security]( HIPAA compliance does not equal security, as continuing attacks on healthcare organizations show. Medical devices need to be secured. LATEST FROM DR GLOBAL [Gaza Conflict Paves Way for Pro-Hamas Information Operations]( Mandiant's John Hultquist says to expect anti-Israel influence and espionage campaigns to ramp up as the war grinds on. WEBINARS - [The Enterprise View to Cloud Security]( Today's enterprises may have dozens and dozens of cloud applications and services running in their environment. Enterprises need to coordinate security, manage privileges and access, and handle incident response - the service provider will do only so much. In this ... - [DevSecOps for Mobile App Development]( Baking security into applications earlier in the software development lifecycle has become the mantra of the enterprise today, with software development and security teams working closely together to ensure more secure coding throughout the development process to ensure safer and ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [The Forrester Wave: External Threat Intelligence Service Providers, Q3 2023]( - [Threat Intelligence: Data, People and Processes]( - [Global Perspectives on Threat Intelligence]( - [Building Cyber Resiliency: Key Strategies for Proactive Security Operations]( - [Mandiant Threat Intelligence at Penn State Health]( - [9 Traits You Need to Succeed as a Cybersecurity Leader]( - [The Ultimate Guide to the CISSP]( [View More White Papers >>]( FEATURED REPORTS - [The State of Supply Chain Threats]( - [How to Deploy Zero Trust for Remote Workforce Security]( - [How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment]( Concerns over API security and low-code/no-code use added to an already-full plate of application security challenges for many organizations over the last year. IT and security decision-makers are deeply concerned about compromises resulting from vulnerabilities in the software supply ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Appdome Announces Attack Evaluation Tools in Digital Economy's Mobile XDR]( [Cybersecurity Funding Rises by 21% in Q3 2023, Pinpoint Search Group's Report Indicates]( [DigiCert Announces Comprehensive Discovery of Cryptographic Assets]( [WatchGuard Threat Lab Report Finds Endpoint Malware Volumes Decreasing Despite Campaigns Growing More Expansive]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [The Secrets of Successful SecOps Data Analytics]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=118777&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_10.17.23&sp_cid=50157&utm_content=DR_NL_Dark%20Reading%20Daily_10.17.23&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#a7 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)