Patch Now: Critical Windows Kerberos Bug Bypasses Microsoft Security

A second, easy-to-exploit critical security vulnerability in Microsoft's first 2024 Patch Tuesday allows RCE within Hyper-Virtualization. [TechWeb]( Follow Dark Reading: [RSS]( January 10, 2024 LATEST SECURITY NEWS & COMMENTARY [Patch Now: Critical Windows Kerberos Bug Bypasses Microsoft Security]( A second, easy-to-exploit critical security vulnerability in Microsoft's first 2024 Patch Tuesday allows RCE within Hyper-Virtualization. [Ukraine Claims Revenge Hack Against Moscow Internet Provider]( Reports say M9 Telecom servers were destroyed in retaliation for Russia-backed cyberattack against Kyivstar mobile phone operator. [Ransomware Gang Gives Toronto Zoo the Monkey Business]( As the investigation continues, the zoo reports that it does not store the credit card information of its guests. [Turkish Cyber Threat Targets MSSQL Servers With Mimic Ransomware]( Microsoft's database continues to attract cybercriminal attention; the nature of this wave's threat group is unknown, with the attacks having been exposed only after a happenstance OpSec lag. [Beware Weaponized YouTube Channels Spreading Lumma Stealer]( Videos promoting how to crack popular software circumvent Web filters by using GitHub and MediaFire to propagate the malware. [It's Time to Close the Curtain on Security Theater]( A shift of focus to cyberattack prevention strategies will more effectively mitigate risk. [Path Traversal Bug Besets Popular Kyocera Office Printers]( A printer bug could lead to much worse, in IT networks without proper segmentation. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS ['Swatting' Becomes Latest Extortion Tactic in Ransomware Attacks]( Threat actors leave medical centers with the difficult choice of paying the ransom or witnessing patients suffer the consequences. [Protecting Critical Infrastructure Means Getting Back to Basics]( Critical infrastructure organizations need to recognize that the technology and cybersecurity landscapes have changed. [Cacti Monitoring Tool Spiked by Critical SQL Injection Vulnerability]( Attackers can exploit the issue to access all data in Cacti database; and, it enables RCE when chained with a previous vulnerability. [Why Red Teams Can't Answer Defenders' Most Important Questions]( Red-team assessments aren't very good at validating that defenses are working, so defenders don't have a realistic sense of how strong their defenses are. [MORE]( PRODUCTS & RELEASES [Delinea Acquires Authomize to Strengthen Extended PAM]( [TitanHQ Launches PhishTitan to Combat Advanced Phishing Attacks]( [Industrial Defender Risk Signal, a Risk-Based Vulnerability Management Solution for OT Security]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [US, Israel Used Dutch Spy to Launch Stuxnet Malware Against Iran]( Report says US and Israel spent $1 billion to develop the infamous Stuxnet virus, built to sabotage Iran's nuclear program in 2008. LATEST FROM THE EDGE [Is the vCISO Model Right for Your Organization?]( More and more organizations are working with virtual CISOs to handle security-related responsibilities. Here are tips on how to find the right fit. LATEST FROM DR TECHNOLOGY [Localization Mandates, AI Regs to Pose Major Data Challenges in 2024]( With more than three-quarters of countries adopting some form of data localization and, soon, three-quarters of people worldwide protected by privacy rules, companies need to take care. LATEST FROM DR GLOBAL [Bangladesh Election App Crashes Amid Suspected Cyberattack]( The country's election commission pointed the blame at traffic coming from Ukraine and Germany. WEBINARS - [Top Cloud Security Threats Targeting Enterprises]( - [Everything You Need to Know About DNS Attacks]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [SANS ICS/OT Cybersecurity Survey: 2023's Challenges and Tomorrow's Defenses]( - [Threat Terrain of the Modern Factory: Survey of Programmable Assets and Robot Software]( - [Pixelle's OT Security Triumph with Security Inspection]( - [2023 Snyk AI-Generated Code Security Report]( - [Migrations Playbook for Saving Money with Snyk + AWS]( - [Understanding AI Models to Future-Proof Your AppSec Program]( - [The Need for a Software Bill of Materials]( [View More White Papers >>]( FEATURED REPORTS - [The State of Supply Chain Threats]( - [How to Deploy Zero Trust for Remote Workforce Security]( - [What Ransomware Groups Look for in Enterprise Victims]( Ransomware attackers cast a wide net -- they just care about causing damage, making money, and gaining new victims. That means no organization is automatically immune to attack just because of its size or industry. Organizations need to take steps ... [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=120357&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_01.10.24&sp_cid=51325&utm_content=DR_NL_Dark%20Reading%20Daily_01.10.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#ac If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)