Anyone who hasn't mitigated two zero-day security bugs in Ivanti VPNs may already be compromised by a Chinese nation-state actor. [TechWeb]( Follow Dark Reading:
[RSS](
January 17, 2024 LATEST SECURITY NEWS & COMMENTARY [Ivanti Zero-Day Exploits Skyrocket Worldwide; No Patches Yet](
Anyone who hasn't mitigated two zero-day security bugs in Ivanti VPNs may already be compromised by a Chinese nation-state actor.
[Patch ASAP: Max-Critical Atlassian Bug Allows Unauthenticated RCE](
Rated at a CVSS score of 10, the bug is as bad as it gets, allowing remote cyberattackers unfettered access to corporate environments.
[Bosch Smart Thermostat Feels the Heat From Firmware Bug](
The vulnerability in a popular hospitality industry gadget allows attackers to take over the device, pivot into the user's network, or brick the device entirely, rendering HVAC unusable.
[178K+ SonicWall Firewalls Vulnerable to DoS, RCE Attacks](
Two flaws discovered a year apart are ostensibly the same with slightly different exploit paths, exposing corporate networks to risk and potential intrusion.
[UAE Cyber Security Council, Khalifa University Launch Abu Dhabi Academy](
The university will also join the Emirates' National Cybersecurity Center of Excellence.
[Anti-Ransomware Coalition Bound to Fail Without Key Adjustments](
International pledge to reject ransomware demands misses the most important way to combat cybercrime: prevention. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [CISA Adds 9.8 'Critical' Microsoft SharePoint Bug to its KEV Catalog]( It's a tale as old as time: an old, long-since patched vulnerability that remains actively exploited.
[GitLab Releases Updates to Address Critical Vulnerabilities]( Two vulnerabilities are critical, and three others are determined to be of high, medium, and low severity.
[Your Cybersecurity Budget Is a Horse's Rear End]( Are historical budget constraints limiting your cybersecurity program? Don't let old saws hold you back. It's time to revisit your budget with revolutionary future needs front of mind.
[Name That Toon: Cast Adrift]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. [MORE]( PRODUCTS & RELEASES [Savvy Launches Identity-First Security Offering to Combat Toxic Combinations Driving SaaS Risk]( [Accenture and SandboxAQ Collaborate to Help Organizations Protect Data]( [Former Secretary of State Mike Pompeo Joins Cyabra Board of Directors]( [The Future of IT: Info-Tech LIVE 2024 Conference Announced for September](
[MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [SEC X Account Hack Draws Senate Outrage](
Senators from both parties called the Securities and Exchange Commission's lack of MFA "inexcusable" and demand investigation into the regulator's cybersecurity lapse. LATEST FROM THE EDGE [Snyk Acquires Helios for Runtime Visibility](
Developer-security company Snyk acquired Helois, a startup specializing in capturing security-relevant data from live applications. LATEST FROM DR TECHNOLOGY [Effective Incident Response Relies on Internal and External Partnerships](
Dark Reading Research finds increased collaboration between security incident responders and groups within the HR, legal, and communications functions. LATEST FROM DR GLOBAL [Africa, Middle East Lead Peers in Cybersecurity, but Lag Globally](
Both regions score above average compared to similar sized economies, but investing in updated technologies and patching processes would help cyber resilience globally. WEBINARS - [DevSecOps: The Smart Way to Shift Left](
- [What's In Your Cloud?]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [SANS ICS/OT Cybersecurity Survey: 2023's Challenges and Tomorrow's Defenses](
- [Threat Terrain of the Modern Factory: Survey of Programmable Assets and Robot Software](
- [IT Zero Trust vs. OT Zero Trust: It's all about Availability](
- [Migrations Playbook for Saving Money with Snyk + AWS](
- [Understanding AI Models to Future-Proof Your AppSec Program](
- [The Need for a Software Bill of Materials](
- [The Developers Guide to API Security]( [View More White Papers >>]( FEATURED REPORTS - [Passwords Are Passe: Next Gen Authentication Addresses Today's Threats](
- [The State of Supply Chain Threats](
- [How to Use Threat Intelligence to Mitigate Third-Party Risk]( The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ... [View More Dark Reading Reports >>]( Dark Reading Daily
-- Published By [Dark Reading](
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.](
Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com)
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=120504&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_01.17.24&sp_cid=51441&utm_content=DR_NL_Dark%20Reading%20Daily_01.17.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#da
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)