Patch Now: Critical Windows Kerberos Bug Bypasses Microsoft Security | Beware Weaponized YouTube Channels

A second, easy-to-exploit critical security vulnerability in Microsoft's first 2024 Patch Tuesday allows RCE within Hyper-Virtualization. [TechWeb]( Follow Dark Reading: [RSS]( January 11, 2024 LATEST SECURITY NEWS & COMMENTARY [Patch Now: Critical Windows Kerberos Bug Bypasses Microsoft Security]( A second, easy-to-exploit critical security vulnerability in Microsoft's first 2024 Patch Tuesday allows RCE within Hyper-Virtualization. [Beware Weaponized YouTube Channels Spreading Lumma Stealer]( Videos promoting how to crack popular software circumvent Web filters by using GitHub and MediaFire to propagate the malware. [CES 2024: Will the Coolest New AI Gadgets Protect Your Privacy?]( Consumer electronics manufacturers are innovating fast. Regulators are slow to keep up. Data privacy is in the balance. [War or Cost of Doing Business? Cyber Insurers Hashing Out Exclusions]( Following a settlement over Merck's $700 million claims over NotPetya damages, questions remain about what constitutes an act of war for cyber-insurance policies. [Hospitality Hackers Target Hotels' Booking.com Logins]( Cyberattackers are checking into the accounts of Booking.com's hotel partners, hoping to steal their visitor data. [Ransomware Gang Gives Toronto Zoo the Monkey Business]( As the investigation continues, the zoo reports that it does not store the credit card information of its guests. ['Swatting' Becomes Latest Extortion Tactic in Ransomware Attacks]( Threat actors leave medical centers with the difficult choice of paying the ransom or witnessing patients suffer the consequences. [Apache ERP Zero-Day Underscores Dangers of Incomplete Patches]( Apache fixed a vulnerability in its OfBiz enterprise resource planning (ERP) framework last month, but attackers and researchers found a way around the patch. [Mandiant's X (Twitter) Account Hacked to Promote Crypto Scam]( The hours-long breach — since resolved — directed users to a suspicious website as attackers posing as crypto-wallet service Phantom took over the feed of the Google subsidiary. [Administrator Account for Middle East Internet Registry Hacked]( The compromise reportedly led to corruption in the routing of a Spanish telecom provider's network. [Why Red Teams Can't Answer Defenders' Most Important Questions]( Red-team assessments aren't very good at validating that defenses are working, so defenders don't have a realistic sense of how strong their defenses are. [Who Is Behind Pro-Ukrainian Cyberattacks on Iran?]( Are Ukrainian cyberattacks against Iranian targets a blip or the beginning of a new trend? [Navigating the New Age of Cybersecurity Enforcement]( The SolarWinds SEC lawsuit illuminates the potential risks faced by CISOs and other cybersecurity executives. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Protecting Critical Infrastructure Means Getting Back to Basics]( Critical infrastructure organizations need to recognize that the technology and cybersecurity landscapes have changed. [It's Time to Close the Curtain on Security Theater]( A shift of focus to cyberattack prevention strategies will more effectively mitigate risk. [Navigating the New Age of Cybersecurity Enforcement]( The SolarWinds SEC lawsuit illuminates the potential risks faced by CISOs and other cybersecurity executives. [MORE]( PRODUCTS & RELEASES [Delinea Acquires Authomize to Strengthen Extended PAM]( [TitanHQ Launches PhishTitan to Combat Advanced Phishing Attacks]( [Driven Technologies Expands Expertise With Acquisition of ieMentor]( [Industrial Defender Risk Signal, a Risk-Based Vulnerability Management Solution for OT Security]( [C3 Complete Acquires Information Security Business Unit of Compliance Solutions Inc.]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [23andMe: 'Negligent' Users at Fault for Breach of 6.9M Records]( When it comes to bad passwords, how much responsibility should a service provider share with its customers? LATEST FROM THE EDGE [7 Lessons Learned From Designing a DEF CON CTF]( Practical advice for anyone interested in elevating their cyber capture-the-flag events. LATEST FROM DR TECHNOLOGY [New Developer Tools Necessary to Boost Passkey Adoption]( There is a lot of interest for password-less technology to simplify online access and identity, but they need to be built first. Developer tools to help build passkeys into web applications pave the way. LATEST FROM DR GLOBAL [Syrian Threat Group Peddles Destructive SilverRAT]( The Middle Eastern developers claim to be building a new version of the antivirus-bypassing remote access Trojan (RAT) attack tool. WEBINARS - [Top Cloud Security Threats Targeting Enterprises]( - [What's In Your Cloud?]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [SANS ICS/OT Cybersecurity Survey: 2023's Challenges and Tomorrow's Defenses]( - [Threat Terrain of the Modern Factory: Survey of Programmable Assets and Robot Software]( - [The OT Zero Trust Handbook: Implementing the 4 Cornerstones of OT Security]( - [2023 Snyk AI-Generated Code Security Report]( - [Migrations Playbook for Saving Money with Snyk + AWS]( - [2023 Software Supply Chain Attack Report]( - [Understanding AI Models to Future-Proof Your AppSec Program]( [View More White Papers >>]( FEATURED REPORTS - [Passwords Are Passe: Next Gen Authentication Addresses Today's Threats]( - [The State of Supply Chain Threats]( - [How to Use Threat Intelligence to Mitigate Third-Party Risk]( The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ... [View More Dark Reading Reports >>]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=120389&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly_01.11.24&sp_cid=51353&utm_content=DR_NL_Dark%20Reading%20Weekly_01.11.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#98 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)