Critical Atlassian Bug Exploit Now Available; Immediate Patching Needed

In-the-wild exploit activity from dozens of cyberattacker networks is ramping up for the security vulnerability in Confluence, tracked as CVE-2023-22518. [TechWeb]( Follow Dark Reading: [RSS]( November 06, 2023 LATEST SECURITY NEWS & COMMENTARY [Critical Atlassian Bug Exploit Now Available; Immediate Patching Needed]( In-the-wild exploit activity from dozens of cyberattacker networks is ramping up for the security vulnerability in Confluence, tracked as CVE-2023-22518. [Okta Customer Support Breach Exposed Data on 134 Companies]( 1Password, BeyondTrust, and Cloudflare were among five customers directly targeted with stolen Okta session tokens, the company's CSO says. [Ace Hardware Still Reeling From Weeklong Cyberattack]( Cyberattackers downed a quarter of the hardware giant's entire IT apparatus. Now, before the company can recover, they're going after individual branches. ['KandyKorn' macOS Malware Lures Crypto Engineers]( Posing as fellow engineers, the North Korean state-sponsored cybercrime group Lazarus tricked crypto-exchange developers into downloading the hard-to-detect malware. [Somebody Just Killed the Mozi Botnet]( The once great botnet was nearly entirely eliminated in August. Why, who did it, and what comes next remain unclear. [Ransomware Readiness Assessments: One Size Doesn't Fit All]( Tailored ransomware readiness assessments help organizations develop comprehensive response plans that minimize damage and restore operations quickly. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Okta Data Compromised Through Third-Party Vendor]( After 1Password, MGM, and Caesars, yet more cybersecurity woes mount for the identity and access management company. [Threat Prevention Begins With IT & Security Team Collaboration]( As cyber threats evolve, so does the shared responsibility mindset that calls for IT and security to work in tandem. ['Scarred Manticore' Unleashes the Most Advanced Iranian Cyber Espionage Yet]( The government-backed APT's new malware framework represents a step up in Iran's cyber sophistication. [Middle East Advances in Generative AI Hold Promise]( Gulf countries are heavily invested in GenAI, but security is still a concern. [MORE]( EDITORS' CHOICE [Attackers Target Max-Severity Apache ActiveMQ Bug to Drop Ransomware]( More than 3,000 systems are exposed and vulnerable to attack on the Internet. LATEST FROM THE EDGE [To Improve Cyber Defenses, Practice for Disaster]( Trained teams can implement and test security measures and protocols to prevent and mitigate cyber breaches. LATEST FROM DR TECHNOLOGY [New Index Finds AI Models Are Murky, Not Transparent At All]( Despite the growing demand for AI transparency, 10 of the better-known models did not score very highly on Stanford's new Foundation Model Transparency Index. LATEST FROM DR GLOBAL [Spyware Designed for Telegram Mods Also Targets WhatsApp Add-Ons]( Researchers discovered spyware designed to steal from Android devices and from Telegram mods can also reach WhatsApp users. WEBINARS - [Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing]( Many of today's most damaging cyberattacks begin with a phishing lure delivered over corporate email. The attacks against Microsoft Exchange illustrated the extent of damage attackers can inflict by targeting enterprise email servers. Many enterprises still don't have a unified ... - [Building an Effective Active Directory Security Strategy]( For many organizations, Microsoft's Active Directory is the source of truth for user identity and system access. For criminals, Active Directory is a gold mine of information for moving laterally through the corporate infrastructure. Despite its importance, many security teams ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [The Forrester Wave: External Threat Intelligence Service Providers, Q3 2023]( - [Threat Intelligence: Data, People and Processes]( - [Global Perspectives on Threat Intelligence]( - [Building Cyber Resiliency: Key Strategies for Proactive Security Operations]( - [Mandiant Threat Intelligence at Penn State Health]( - [9 Traits You Need to Succeed as a Cybersecurity Leader]( - [The Ultimate Guide to the CISSP]( [View More White Papers >>]( FEATURED REPORTS - [What Ransomware Groups Look for in Enterprise Victims]( Ransomware attackers cast a wide net -- they just care about causing damage, making money, and gaining new victims. That means no organization is automatically immune to attack just because of its size or industry. Organizations need to take steps ... - [Everything You Need to Know About DNS Attacks]( - [How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment]( Concerns over API security and low-code/no-code use added to an already-full plate of application security challenges for many organizations over the last year. IT and security decision-makers are deeply concerned about compromises resulting from vulnerabilities in the software supply ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [SonicWall Data Confirms That Ransomware Is Still the Enterprise's Biggest Fear]( [ReasonLabs Unveils RAV VPN for Apple iOS]( [Proofpoint Signs Definitive Agreement to Acquire Tessian]( [Graylog Secures $39 Million Investment to Accelerate Growth and Security Product Line Expansion]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Tips for a Streamlined Transition to Zero Trust]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=119117&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_11.06.23&sp_cid=50388&utm_content=DR_NL_Dark%20Reading%20Daily_11.06.23&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#d0 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)