Patch Now: Critical Atlassian Bugs Endanger Enterprise Apps | Critical Bluetooth Flaw Exposes Devices to Takeover

Four RCE vulnerabilities in Confluence, Jira, and other platforms, allow instance takeover and environment infestation. [TechWeb]( Follow Dark Reading: [RSS]( December 07, 2023 LATEST SECURITY NEWS & COMMENTARY [Patch Now: Critical Atlassian Bugs Endanger Enterprise Apps]( Four RCE vulnerabilities in Confluence, Jira, and other platforms, allow instance takeover and environment infestation. [Critical Bluetooth Flaw Exposes Android, Apple & Linux Devices to Takeover]( Various devices remain vulnerable to the bug, which has existed without notice for years and allows an attacker to control devices as if from a Bluetooth keyboard. [Microsoft Is Getting a New 'Outsider' CISO]( Igor Tsyganskiy inherits the high-profile CISO spot in Redmond, while his predecessor, Bret Arsenault, is named chief security adviser. [Simple Hacking Technique Can Extract ChatGPT Training Data]( Apparently all it takes to get a chatbot to start spilling its secrets is prompting it to repeat certain words like "poem" forever. [Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCs]( Hundreds of consumer and enterprise-grade x86 and ARM models from various vendors, including Intel, Acer, and Lenovo, are potentially vulnerable to bootkits and takeover. [Meta AI Models Cracked Open With Exposed API Tokens]( Researchers at Lasso Security found 1,500+ tokens in total that gave them varying levels of access to LLM repositories at Google, Microsoft, VMware, and some 720 other organizations. [Siemens PLCs Still Vulnerable to Stuxnet-like Cyberattacks]( Security updates are tedious and difficult, so users continue to use a weak version of a core protocol and remain exposed to major attacks on critical infrastructure. ['AeroBlade' Group Hacks US Aerospace Company]( Aeroblade flew under the radar, slicing through detection checks on a quest to steal sensitive commercial data. [23andMe: Data Breach Was a Credential-Stuffing Attack]( The DNA testing company believes that the attack has now been contained and is notifying impacted individuals. [Japan's Space Program at Risk After Microsoft Active Directory Breach]( The agency, known as JAXA, has shut down parts of its network as it conducts an investigation to discover the scope and impact of the breach. [Establishing New Rules for Cyber Warfare]( Why we should applaud the Red Cross's efforts, even if they likely won't work. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [The US Needs to Follow Germany's Attack-Detection Mandate]( A more proactive approach to fighting cyberattacks for US companies and agencies is shaping up under the CISA's proposal to emphasize real-time attack detection and response. [8 Tips on Leveraging AI Tools Without Compromising Security]( AI tools can deliver quick and easy results and offer huge business benefits — but they also bring hidden risks. [Strategy, Harmony & Research: Triaging Priorities for OT Cybersecurity]( Despite a focus on the future, there's no indication of how well the cybersecurity basics needed to stay safe are being applied. [Embrace Generative AI for Security, but Heed Caution]( AI could be a net positive for security, with a caveat: It could make security teams dangerously complacent. [MORE]( PRODUCTS & RELEASES [Cloudbrink Presents Firewall-As-Service for the Hybrid Workplace]( [DTEX Systems Appoints Mandiant Global CTO Marshall Heilman As CEO]( [Keeper Security Survey Finds 82% of IT Leaders Want to Move Their On-Premises Privileged Access Management (PAM) Solution to the Cloud]( [Foresite Cybersecurity Partners With Crowdstrike]( [Mine Secures $30M in Series B Funding]( [Enveedo Closes $3.15M Seed Round to Help Businesses Build and Maintain Cyber Resiliency]( [The Latest Delinea Secret Server Release Boosts Usability With New Features]( [Flow Security Launches GenAI DLP]( [Klarytee Raises $900k Pre-Seed Round to Make Data Secure by Default]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Okta Breach Widens to Affect 100% of Customer Base]( Early disclosures related to September compromise insisted less than 1% of Okta customers were impacted; now, the company says it was all of them. LATEST FROM THE EDGE [Name That Edge Toon: On Your Mark...]( Come up with a clever cybersecurity-related caption, and our panel of experts will reward the winner with a $25 Amazon gift card. LATEST FROM DR TECHNOLOGY [Dragos Expands Defense Program for Small Utilities]( The Dragos Community Defense Program provides small water, gas, and electric utilities with access to the Dragos Platform, training resources, and threat intelligence. LATEST FROM DR GLOBAL [Middle East CISOs Fear Disruptive Cloud Breach]( Increasingly, businesses are concerned about the speed of their cloud incident response times. WEBINARS - [What's In Your Cloud?]( - [How to Combat the Latest Cloud Security Threats]( More businesses have shifted critical assets and operations to the cloud, as service providers enhance their security capabilities and companies adapt to more remote workforces. In this webinar, experts outline the top ways that attackers are exploiting cloud services, applications ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [9 Traits You Need to Succeed as a Cybersecurity Leader]( - [The Ultimate Guide to the CISSP]( [View More White Papers >>]( FEATURED REPORTS - [How to Use Threat Intelligence to Mitigate Third-Party Risk]( The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ... - [Everything You Need to Know About DNS Attacks]( - [Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks]( The most profound change to enterprise security with the rise of remote work is the way endpoint security has moved from last line of defense to being on the frontline. The user's endpoint is the first device attackers encounter, making ... [View More Dark Reading Reports >>]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=119792&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly_12.07.23&sp_cid=50885&utm_content=DR_NL_Dark%20Reading%20Weekly_12.07.23&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#57 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)