Apache ERP Zero-Day Underscores Dangers of Incomplete Patches

Apache fixed a vulnerability in its OfBiz enterprise resource planning (ERP) framework last month, but attackers and researchers found a way around the patch. [TechWeb]( Follow Dark Reading: [RSS]( January 05, 2024 LATEST SECURITY NEWS & COMMENTARY [Apache ERP Zero-Day Underscores Dangers of Incomplete Patches]( Apache fixed a vulnerability in its OfBiz enterprise resource planning (ERP) framework last month, but attackers and researchers found a way around the patch. [Threat Group Using Rare Data Transfer Tactic in New RemcosRAT Campaign]( UNC-0050 is targeting government agencies in Ukraine in what appears to be a politically motivated intelligence-gathering operation. [Russia Kyivstar Hack Should Alarm West, Ukraine Security Chief Warns]( If Ukraine's core telephone network can be taken out, organizations in the West could easily be next, Ukraine's SBU chief says. [Airbus Looks to Acquire Atos Cybersecurity Unit for Nearly $2 Billion]( One of the world's largest aerospace companies is eyeing a cybersecurity upgrade. [Administrator Account for Middle East Internet Registry Hacked]( The compromise reportedly led to corruption in the routing of a Spanish telecom provider's network. ['Cyber Toufan' Hacktivists Leaked 100-Plus Israeli Orgs in One Month]( A new threat actor just concluded a month and a half of two major leaks per day. Now comes phase two: follow-on attacks. [Mandiant's X (Twitter) Account Hacked to Promote Crypto Scam]( The hours-long breach — since resolved — directed users to a suspicious website as attackers posing as crypto-wallet service Phantom took over the feed of the Google subsidiary. [Navigating the New Age of Cybersecurity Enforcement]( The SolarWinds SEC lawsuit illuminates the potential risks faced by CISOs and other cybersecurity executives. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Cybercriminals Flood Dark Web With X (Twitter) Gold Accounts]( Verified accounts for celebs and organizations deliver a deep vein of cybercrime riches for crooks. [Ransomware Group Claims Cyber Breach of Xerox Subsidiary]( After Xerox cybersecurity personnel discovered the breach, they brought in third-party experts to investigate. [5 Steps for Preventing and Mitigating Corporate Espionage]( Companies must take steps to enhance their protection against corporate espionage and safeguard their assets. [MORE]( PRODUCTS & RELEASES [SentinelOne to Expand Cloud Security Capabilities With Acquisition of PingSafe]( [C3 Complete Acquires Information Security Business Unit of Compliance Solutions Inc.]( [Driven Technologies Expands Expertise With Acquisition of ieMentor]( [Industrial Defender Risk Signal, a Risk-Based Vulnerability Management Solution for OT Security]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Russian Agents Hack Webcams to Guide Missile Attacks on Kyiv]( Incident prompts Ukraine's security service to ask webcam operators in country to stop live broadcasts. LATEST FROM THE EDGE [Name That Edge Toon: Frosty the Steel Man]( Come up with a clever cybersecurity-related caption, and our panel of experts will reward the winner with a $25 Amazon gift card. LATEST FROM DR TECHNOLOGY [Getting Started With Passkeys, One Service at a Time]( Passkeys help do away with passwords for logging into websites and cloud services. This Tech Tip outlines ways to get started. LATEST FROM DR GLOBAL [Pilfered Data From Iranian Insurance and Food Delivery Firms Leaked Online]( Online food ordering service and insurance firms hit by mystery hackers using the moniker "irleaks." WEBINARS - [2024 API Security Trends & Predictions]( - [What's In Your Cloud?]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Threat Terrain of the Modern Factory: Survey of Programmable Assets and Robot Software]( - [The OT Zero Trust Handbook: Implementing the 4 Cornerstones of OT Security]( - [2023 Snyk AI-Generated Code Security Report]( - [Migrations Playbook for Saving Money with Snyk + AWS]( - [Buyer's Guide: Choosing a True DevSecOps Solution for Your Apps on AWS]( - [The Need for a Software Bill of Materials]( - [The Developers Guide to API Security]( [View More White Papers >>]( FEATURED REPORTS - [How to Deploy Zero Trust for Remote Workforce Security]( - [What Ransomware Groups Look for in Enterprise Victims]( Ransomware attackers cast a wide net -- they just care about causing damage, making money, and gaining new victims. That means no organization is automatically immune to attack just because of its size or industry. Organizations need to take steps ... - [How to Use Threat Intelligence to Mitigate Third-Party Risk]( The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ... [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=120263&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_01.05.24&sp_cid=51259&utm_content=DR_NL_Dark%20Reading%20Daily_01.05.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#0c If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)