Fortra Discloses Critical Auth Bypass Vuln in GoAnywhere MFT

PoC exploit code for flaw is publicly available, heightening breach risks for users of the managed file-transfer technology. [TechWeb]( Follow Dark Reading: [RSS]( January 25, 2024 LATEST SECURITY NEWS & COMMENTARY [Fortra Discloses Critical Auth Bypass Vuln in GoAnywhere MFT]( PoC exploit code for flaw is publicly available, heightening breach risks for users of the managed file-transfer technology. [Atlassian Tightens API After Hacker Scrapes 15M Trello Profiles]( The company hasn't acknowledged responsibility for the incident, although allowing scraping paves the way for dangerous follow-on attacks. [Jason's Deli Accounts Compromised by Credential Stuffing]( Deli Dollars loyalty accounts hit with stolen credentials from the Dark Web, potentially exposing the personal data of more than 340,000 customers. [Kasseika Ransomware Linked to BlackMatter in BYOVD Attack]( An emerging actor is the latest to deploy a tactic that terminates AV processes and services before deploying its payload; the campaign is part of a bigger "bring your own vulnerable driver" trend. [CISA's Water Sector Guide Puts Incident Response Front & Center]( As cyberattackers increasingly target water suppliers and wastewater utilities, the US federal government wants to help limit the impact of destructive attacks. [ChatGPT Cybercrime Discussions Spike to Nearly 3K Posts on Dark Web]( And there were an additional 3,000 comments posted to the Dark Web about the sale of stolen ChatGPT accounts. [Filling the Cybersecurity Talent Gap]( Veterans are ideal candidates to close the skills gap and create the industry needed to meet security threats head-on. [(Sponsored Article) Identity Protection 101: Building a Modern ITDR Practice]( Identities are your new corporate security boundary. Put the right identity threat detection and response (ITDR) in place before it's too late. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Millions at Risk As 'Parrot' Web Server Compromises Take Flight]( The cyberattackers behind the traffic redirection system (TDS) inject websites with malicious scripts, have control over thousands of servers worldwide, and have ramped up efforts to avoid detection. [Learning From Ukraine's Pioneering Approaches to Cybersecurity]( Ukraine's tactical and strategic cybersecurity approach in the intense warfare environment offers a blueprint for organizations aiming to fortify their cyber defenses. [Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine]( The new bug is Apple's 12th WebKit zero-day in the last year, highlighting the increasing enterprise exposure to browser-borne threats. [MORE]( PRODUCTS & RELEASES [Darktrace and Garland Technology Collaborate to Help Businesses Secure Operational Technology Environments]( [Nozomi Networks Delivers Multi-Spectrum Wireless Security Sensor for Global OT and IoT Environments]( [Peters and Braun Introduce Bipartisan Bill to Bolster Government's Cybersecurity Capabilities]( [Managed Ransomware Detect & Respond (RDR) Offering From Zyston]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine]( The new bug is Apple's 12th WebKit zero-day in the last year, highlighting the increasing enterprise exposure to browser-borne threats. LATEST FROM THE EDGE [Hook Younger Users With Cybersecurity Education Designed for Them]( Security should not be treated as one-size-fits all, and that is doubly true when it comes to security awareness education. Training should be customized by age, learning styles, and preferred media if it is to be effective. LATEST FROM DR TECHNOLOGY [Researchers Map AI Threat Landscape, Risks]( With the rush to adopt large language models, companies have not thought through all of the security implications to their businesses. Two groups of researchers tackle the questions. LATEST FROM DR GLOBAL [AI Learning Initiative Launches for UAE Women]( The effort will train 100 women in technology and cybersecurity around artificial intelligence concepts. WEBINARS - [API Security: Protecting Your Application's Attack Surface]( - [Tips for Managing Cloud Security in a Hybrid Environment]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Pixelle's OT Security Triumph with Security Inspection]( - [The OT Zero Trust Handbook: Implementing the 4 Cornerstones of OT Security]( - [2023 Snyk AI-Generated Code Security Report]( - [Migrations Playbook for Saving Money with Snyk + AWS]( - [2023 Software Supply Chain Attack Report]( - [Understanding AI Models to Future-Proof Your AppSec Program]( - [Increase Speed and Accuracy with AI Driven Static Analysis Auditing]( [View More White Papers >>]( FEATURED REPORTS - [The State of Supply Chain Threats]( - [What Ransomware Groups Look for in Enterprise Victims]( Ransomware attackers cast a wide net -- they just care about causing damage, making money, and gaining new victims. That means no organization is automatically immune to attack just because of its size or industry. Organizations need to take steps ... - [How to Use Threat Intelligence to Mitigate Third-Party Risk]( The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ... [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=120762&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_01.25.24&sp_cid=51626&utm_content=DR_NL_Dark%20Reading%20Daily_01.25.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#96 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)