More Ivanti VPN Zero-Days Fuel Attack Frenzy as Patches Finally Roll

Both China-backed APTs and ordinary cyberattackers have seized on a pair of Ivanti VPN bugs for global exploitation. [TechWeb]( Follow Dark Reading: [RSS]( February 01, 2024 LATEST SECURITY NEWS & COMMENTARY [More Ivanti VPN Zero-Days Fuel Attack Frenzy as Patches Finally Roll]( Both China-backed APTs and ordinary cyberattackers have seized on a pair of Ivanti VPN bugs for global exploitation. [Ransomware Groups Gain Clout With False Attack Claims]( Technica? Europcar? Cybercriminals are increasingly bluffing about ransomware attacks, and the cybersecurity community is helping by spreading their lies. [Fulton County Suffers Power Outages as Cyberattack Continues]( County services have come to a halt and are not expected to resume until next week; no threat actor has yet been identified. ['Leaky Vessels' Cloud Bugs Allow Container Escapes Globally]( The four security vulnerabilities are found in Docker and beyond, and one affecting runC affects essentially every cloud-native developer worldwide. [Johnson Controls Ransomware Cleanup Costs Top $27M and Counting]( JCI's latest SEC filing notes that its smart-factory installations weren't compromised, allaying physical security fears. [Looted RIPE Credentials for Sale on the Dark Web]( A monitoring exercise identified user details in 716 compromised RIPE NCC accounts, plus other valuable credentials belonging to those victims. [Recognizing Security as a Strategic Component of Business]( In today's environments, security can be a revenue enabler, not just a cost center. Organizations should take advantage of the opportunities. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS ['Cactus' Ransomware Strikes Schneider Electric]( Schneider's Sustainability division, which provides software and consulting services to enterprises, was felled by cybercriminals in mid-January. [Ivanti Zero-Day Patches Delayed as 'KrustyLoader' Attacks Mount]( The RCE/auth bypass bugs in Connect Secure VPNs have gone unpatched for 20 days as state-sponsored groups continue to backdoor Ivanti gear. [Solving the Cybersecurity Skills Gap With Racial Inclusivity]( Addressing the growing demand for cybersecurity professionals is also an opportunity to create a more racially inclusive workforce. [Top 3 Data Breaches of 2023, and What Lies Ahead in 2024]( Take a look at last year's most impactful data breaches and what companies can do to protect themselves going forward. [MORE]( PRODUCTS & RELEASES [Aim Security Raises $10M to Secure Generative AI Enterprise Adoption]( [Incognia Secures $31M to Meet Demand for Proactive Approach to Fraud Prevention]( [Forcepoint Federal Rebrands As Everfox to Reflect New Era of Defense-Grade Cybersecurity]( [Cohesity Research Reveals Most Companies Pay Millions in Ransoms]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Feds Reportedly Try to Disrupt 'Volt Typhoon' Attack Infrastructure]( The China-linked threat actor's attacks on US critical infrastructure organizations have alarmed American intelligence officials, Reuters says. LATEST FROM THE EDGE [Hook Younger Users With Cybersecurity Education Designed for Them]( Security should not be treated as one-size-fits all, and that is doubly true when it comes to security awareness education. Training should be customized by age, learning styles, and preferred media if it is to be effective. LATEST FROM DR TECHNOLOGY [Managing Identity Across Clouds Critical to Enterprise Security]( Privileged access management (PAM) is notoriously difficult to deploy and companies' increasing use of cloud has made it even more complex. LATEST FROM DR GLOBAL [Dubai Cyber Force Names First Accredited Companies]( The initiative has named the first eight companies approved to cyber-secure the Dubai government. WEBINARS - [Securing the Software Development Life Cycle from Start to Finish]( - [DevSecOps: The Smart Way to Shift Left]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Threat Terrain of the Modern Factory: Survey of Programmable Assets and Robot Software]( - [The OT Zero Trust Handbook: Implementing the 4 Cornerstones of OT Security]( - [2023 Snyk AI-Generated Code Security Report]( - [Migrations Playbook for Saving Money with Snyk + AWS]( - [Buyer's Guide: Choosing a True DevSecOps Solution for Your Apps on AWS]( - [2023 Software Supply Chain Attack Report]( - [Understanding AI Models to Future-Proof Your AppSec Program]( [View More White Papers >>]( FEATURED REPORTS - [Passwords Are Passe: Next Gen Authentication Addresses Today's Threats]( - [The State of Supply Chain Threats]( - [What Ransomware Groups Look for in Enterprise Victims]( Ransomware attackers cast a wide net -- they just care about causing damage, making money, and gaining new victims. That means no organization is automatically immune to attack just because of its size or industry. Organizations need to take steps ... [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=120947&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_02.01.24&sp_cid=51748&utm_content=DR_NL_Dark%20Reading%20Daily_02.01.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#04 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)