Apple Reveals Exploited Zero-Day in Browser Engine | Millions at Risk As 'Parrot' Web Server Compromises Take Flight

The new bug is Apple's 12th WebKit zero-day in the last year, highlighting the increasing enterprise exposure to browser-borne threats. [TechWeb]( Follow Dark Reading: [RSS]( January 25, 2024 LATEST SECURITY NEWS & COMMENTARY [Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine]( The new bug is Apple's 12th WebKit zero-day in the last year, highlighting the increasing enterprise exposure to browser-borne threats. [Millions at Risk As 'Parrot' Web Server Compromises Take Flight]( The cyberattackers behind the traffic redirection system (TDS) inject websites with malicious scripts, have control over thousands of servers worldwide, and have ramped up efforts to avoid detection. [Fortra Discloses Critical Auth Bypass Vuln in GoAnywhere MFT]( PoC exploit code for flaw is publicly available, heightening breach risks for users of the managed file-transfer technology. [Subway Puts a LockBit Investigation on the Menu]( The foot-long sandwich purveyor is looking into LockBit 3.0 claims that it stole reams of data from the proprietary "SBS" network. [CISA Director Jen Easterly Targeted in Swatting Incident]( A phone call to authorities claimed that a shooting had taken place on Easterly's block. ['VexTrio' TDS: The Biggest Cybercrime Operation on the Web?]( The traffic distribution system supports tens of thousands of malicious domains and cyberattack campaigns that reach far and wide globally. [Atlassian Tightens API After Hacker Scrapes 15M Trello Profiles]( The company hasn't taken full responsibility for the incident, even though allowing scraping paves the way for dangerous follow-on attacks. [Microsoft: Iran's Mint Sandstorm APT Blasts Educators, Researchers]( The Charming Kitten-related cyber-espionage group is posing as legitimate journalists and researchers to get intel on the Israel-Hamas war. [Third Ivanti Vulnerability Exploited in the Wild, CISA Reports]( Though reports say this latest Ivanti bug is being exploited, it's unclear exactly how threat actors are using it. [Google: Russia's ColdRiver APT Unleashes Custom 'Spica' Malware]( Just in time for the US election season, one of the Kremlin's favorite hack-and-leak spy groups — Star Blizzard — has developed its very first custom backdoor. [Filling the Cybersecurity Talent Gap]( Veterans are ideal candidates to close the skills gap and create the industry needed to meet security threats head-on. [Battling Misinformation During Election Season]( Dissemination of false information, often with the intent to deceive, has become a pervasive issue amplified by artificial intelligence (AI) tools. [CISA's Road Map: Charting a Course for Trustworthy AI Development]( The agency aims to build a more robust cybersecurity posture for the nation. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Survey Shows a Surge in (Artificial) Intelligence]( A new Omdia survey shows a rapid increase in generative AI adoption for security [Name That Toon: Cast Adrift]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. [Building AI That Respects Our Privacy]( Until laws can move at the speed of innovation, we'll see a discrepancy between the protections offered and the risks associated with technology. [MORE]( PRODUCTS & RELEASES [Netskope Announces MSP-Friendly, Enterprise-Grade SASE Tailored for the Midmarket]( [Darktrace and Garland Technology Collaborate to Help Businesses Secure Operational Technology Environments]( [Peters and Braun Introduce Bipartisan Bill to Bolster Government's Cybersecurity Capabilities]( [Amy Farrow Joins Infoblox As Chief Information Officer]( [F5 Welcomes Samir Sherif As New Chief Information Security Officer]( [Managed Ransomware Detect & Respond (RDR) Offering From Zyston]( [Nozomi Networks Delivers Multi-Spectrum Wireless Security Sensor for Global OT and IoT Environments]( [National Cybersecurity Alliance Announces 2024 Data Privacy Week]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Microsoft Falls Victim to Russia-Backed 'Midnight Blizzard' Cyberattack]( Russian state-sponsored threat actor Nobelium used a basic password-spray attack to breach Microsoft corporate email accounts, including for execs. LATEST FROM THE EDGE [AI Gives Defenders the Advantage in Enterprise Defense]( A panel of CISOs acknowledged that artificial intelligence has boosted the capabilities of threat actors, but enterprise defenders are actually benefiting more from the technology. LATEST FROM DR TECHNOLOGY [Researchers Map AI Threat Landscape, Risks]( With the rush to adopt large language models, companies have not thought through all of the security implications to their businesses. Two groups of researchers tackle the questions. LATEST FROM DR GLOBAL [Magecart Adds Middle East Retailers to Long List of Victims]( Cybercriminals who conspire to put credit-card skimmers on e-commerce sites have hit some large vendors in the region. WEBINARS - [API Security: Protecting Your Application's Attack Surface]( - [Top Cloud Security Threats Targeting Enterprises]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Threat Terrain of the Modern Factory: Survey of Programmable Assets and Robot Software]( - [Pixelle's OT Security Triumph with Security Inspection]( - [IT Zero Trust vs. OT Zero Trust: It's all about Availability]( - [Buyer's Guide: Choosing a True DevSecOps Solution for Your Apps on AWS]( - [Understanding AI Models to Future-Proof Your AppSec Program]( - [Increase Speed and Accuracy with AI Driven Static Analysis Auditing]( - [The Need for a Software Bill of Materials]( [View More White Papers >>]( FEATURED REPORTS - [The State of Supply Chain Threats]( - [How to Deploy Zero Trust for Remote Workforce Security]( - [What Ransomware Groups Look for in Enterprise Victims]( Ransomware attackers cast a wide net -- they just care about causing damage, making money, and gaining new victims. That means no organization is automatically immune to attack just because of its size or industry. Organizations need to take steps ... [View More Dark Reading Reports >>]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=120773&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly_01.25.24&sp_cid=51635&utm_content=DR_NL_Dark%20Reading%20Weekly_01.25.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#9c If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)