Cisco Finds New Zero-Day Bug, Pledges Patches in Days

A patch for the max-severity zero-day bug tracked as CVE-2023-20198 is coming soon, but the bug has already led to the compromise of tens of thousands of Cisco devices. And now, there's a new unpatched threat. [TechWeb]( Follow Dark Reading: [RSS]( October 23, 2023 LATEST SECURITY NEWS & COMMENTARY [Cisco Finds New Zero-Day Bug, Pledges Patches in Days]( A patch for the max-severity zero-day bug tracked as CVE-2023-20198 is coming soon, but the bug has already led to the compromise of tens of thousands of Cisco devices. And now, there's a new unpatched threat. [Critical SolarWinds RCE Bugs Enable Unauthorized Network Takeover]( SolarWinds' access controls contain five high-severity and three critical-severity security vulnerabilities that need to be patched yesterday. [Ducktail Infostealer, DarkGate RAT Linked to Same Threat Actors]( Vietnamese cybercrime groups are using multiple different MaaS infostealers and RATs to target the digital marketing sector. [More Okta Customers Hacked]( Attackers compromised customer support files containing cookies and session tokens, which could result in malicious impersonation of valid Okta users. [Change From Within: 3 Cybersecurity Transformation Traps for CISOs to Avoid]( To make cybersecurity an organizationwide priority, CISOs must avoid these common input, empathy, and alignment obstacles. [DoD Gets Closer to Nominating Cyber Policy Chief]( Though there is speculation regarding potential candidates, the Department of Defense will likely not nominate someone in the near term. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Patch Now: APTs Continue to Pummel WinRAR Bug]( State-sponsored cyber-espionage actors from Russia and China continue to target WinRAR users with various info-stealing and backdoor malware, as a patching lag plagues the software's footprint. [The Trifecta of Consumer Data Privacy: Education, Advocacy & Accountability]( It's time to build a culture of privacy, one that businesses uphold. [Pro-Iranian Hacktivists Set Sights on Israeli Industrial Control Systems]( The hacktivists known as SiegedSec identify ICS targets, but there's no evidence of attacks yet. [The Need for a Cybersecurity-Centric Business Culture]( Building a culture of cybersecurity is achievable by acknowledging its importance and consistently reinforcing that message. [North Korea's Kimsuky Doubles Down on Remote Desktop Control]( The sophisticated APT employs various tactics to abuse Windows and other built-in protocols with both custom and public malware to take over victim systems. [MORE]( EDITORS' CHOICE [9 Innovative Ways to Boost Security Hygiene for Cyber Awareness Month]( If we really want to move the dial on security habits, it's time to think beyond phishing tests. Our panel of CISOs and other security heavy-hitters offer expert tips that go beyond the obvious. LATEST FROM THE EDGE [From Snooze to Enthuse: Making Security Awareness Training 'Sticky']( Most companies offer some kind of awareness training these days. But how much of those lessons are employees actually retaining? LATEST FROM DR TECHNOLOGY [Amazon Quietly Wades Into the Passkey Waters]( The move by the e-commerce kahuna to offer advanced authentication to its 300+ million users has the potential to move the needle on the technology's adoption, security experts say. LATEST FROM DR GLOBAL [SIM Card Ownership Slashed in Burkina Faso]( Users could hold up to five SIM cards previously, but now they can only have two; it's a move that the government says is intended to cut down mobile spam levels. WEBINARS - [Building an Effective Active Directory Security Strategy]( For many organizations, Microsoft's Active Directory is the source of truth for user identity and system access. For criminals, Active Directory is a gold mine of information for moving laterally through the corporate infrastructure. Despite its importance, many security teams ... - [Data Analytics That Matter Most to The Modern Enterprise]( Security teams are overwhelmed with incident data, alerts, and log files. Each endpoint and each application generate its own set of data. How do you know which ones are useful? How do you collect, aggregate, and analyze security data so ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [The Forrester Wave: External Threat Intelligence Service Providers, Q3 2023]( - [Threat Intelligence: Data, People and Processes]( - [Global Perspectives on Threat Intelligence]( - [Building Cyber Resiliency: Key Strategies for Proactive Security Operations]( - [Mandiant Threat Intelligence at Penn State Health]( - [9 Traits You Need to Succeed as a Cybersecurity Leader]( - [The Ultimate Guide to the CISSP]( [View More White Papers >>]( FEATURED REPORTS - [The State of Supply Chain Threats]( - [How to Use Threat Intelligence to Mitigate Third-Party Risk]( The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ... - [How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment]( Concerns over API security and low-code/no-code use added to an already-full plate of application security challenges for many organizations over the last year. IT and security decision-makers are deeply concerned about compromises resulting from vulnerabilities in the software supply ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [AI 'Will Have a Significant Impact on Energy Industry,' EPRI Tells Congress]( [Norton Boosts Security and Privacy With Enhanced Password Manager and AntiTrack]( [Spec Secures $15M Series A Funding, Accelerating Innovation in Fraud Defense]( [Fingerprint Raises $33M in Series C Funding to Accelerate Enterprise Device Intelligence and Fraud Prevention Adoption]( [SailPoint Unveils Annual 'Horizons of Identity Security' Report]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Passwords Are Passe: Next Gen Authentication Addresses Today's Threats]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=118875&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_10.23.23&sp_cid=50221&utm_content=DR_NL_Dark%20Reading%20Daily_10.23.23&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#56 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)