Thanks to a 24-year-old security vulnerability tracked as CVE-2023-50387, attackers could stall DNS servers with just a single malicious packet, effectively taking out wide swaths of the Internet. [TechWeb]( Follow Dark Reading:
[RSS](
February 21, 2024 LATEST SECURITY NEWS & COMMENTARY ['KeyTrap' DNS Bug Threatens Widespread Internet Outages](
Thanks to a 24-year-old security vulnerability tracked as CVE-2023-50387, attackers could stall DNS servers with just a single malicious packet, effectively taking out wide swaths of the Internet.
[Misconfigured Custom Salesforce Apps Expose Corporate Data](
Enterprises typically use the Java-like programming language to customize their Salesforce instances, but attackers are hunting for vulnerabilities in the apps.
[Meta Disrupts 8 Spyware Firms, 3 Fake News Networks](
While furiously trying to put out one fire â fake news â the social media giant is dealing with another growing threat: spies for hire.
[Global Law Enforcement Disrupts LockBit Ransomware Gang](
Operation Cronos, a collab between authorities in the US, Canada, UK, Europe, Japan, and Australia â seizes data and website associated with the prolific cybercriminal organization and its affiliates.
[New Wave of 'Anatsa' Banking Trojans Targets Android Users in Europe](
Users have already downloaded droppers for the malware from Google's official Play store more than 100,000 times since last November.
[Google's Cloud Run Service Spreads Several Bank Trojans](
A surging bank malware campaign abuses Google Cloud Run and targets Latin America, with indications that it's hitting other regions as well, researchers warn.
[Joomla XSS Bugs Open Millions of Websites to RCE](
Improper content filtering in a core function allows multiple paths to exploitation for CVE-2024-21726.
[Wyze Cameras Allow Accidental User Spying](
About 13,000 users received camera images and feeds that weren't theirs. This cyber incident takes place only five months after the company experienced a similar issue and failed to be transparent with users about the issues it was facing.
[Cyber Insurance Needs to Evolve to Ensure Greater Benefit](
A catastrophic cyber event hasn't yet come to pass, but vast amounts of personal data have been compromised. We need to be prepared for worst-case scenarios.
[Iranian APTs Dress Up as Hacktivists for Disruption, Influence Ops](
Iran has taken a page from the Russian playbook: Passing off military groups as civilians for the sake of PR and plausible deniability.
[Median Ransomware Demands Grow to $600K a Pop](
The now-disrupted LockBit gang outpaced its competitors in volume in 2023, as ransom amounts spiked 20% year-over-year.
[(Sponsored Article) Security Via Consensus: Developing the CIS Benchmarksâ¢](
Understand the CIS Benchmarks'⢠community-consensus development process that helps ensure they provide comprehensive guidance on Internet security. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [NSO Group Adds 'MMS Fingerprinting' Zero-Click Attack to Spyware Arsenal]( The purveyor of the infamous Pegasus mobile spyware now has a new method for obtaining critical information from target iPhones and other mobile devices.
[Name That Toon: Keys to the Kingdom]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
[Like Seat Belts and Airbags, 2FA Must Be Mandatory ASAP]( One of the worst hacks in history demonstrated that any online service must force its users to adopt at least two-factor authentication. This must be applied everywhere ASAP as a public safety measure. [MORE]( PRODUCTS & RELEASES [Critical Software Vulnerabilities Impacting Credit Unions Discovered by LMG Security Researcher]( [Surge in 'Hunter-Killer' Malware Uncovered by Picus Security]( [JumpCloud's Q1 2024 SME IT Trends Report Reveals AI Optimism Tempered by Security Concerns]( [Vectra AI Launches Global, 24x7 Open MXDR Service Built to Defend Against Hybrid Attacks]( [Somos, Inc. Protects Businesses' IoT Assets With the Availability of SomosID](
[MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [CISO Corner: CIO Convergence, 10 Critical Security Metrics & Ivanti Fallout](
Also in this issue: Mideast investment, new FCC breach notification rules, and how Dark Reading readers use GenAI tools in their cybersecurity apparatus. LATEST FROM THE EDGE [Library Cyber-Defenses Are Falling Down](
Librarians are being asked to defend themselves online against sophisticated and complex attacks. Itâs an unequal fight. LATEST FROM DR TECHNOLOGY [AI-Generated Patches Could Ease Developer, Operations Workload](
Using information from a common technique for finding vulnerabilities, Google's Gemini can currently produce patches for 15% of such bugs. And it's not the only way to help automate bug fixing. LATEST FROM DR GLOBAL [Hacked Iraqi Voter Information Found for Sale Online](
A 21.58GB database of stolen personal voter data from Iraq's Independent High Electoral Commission (IHEC) may have been the result of a supply chain attack. WEBINARS - [Making Sense of Security Operations Data](
- [Securing the Software Development Life Cycle from Start to Finish]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [A Solution Guide to Operational Technology Cybersecurity](
- [Strengthen Microsoft Defender with MDR](
- [Fortinet Named a Leader in the Forrester Wave: Zero Trust Edge (ZTE) Solutions](
- [Zero Trust Access For Dummies, 2nd Fortinet Special Edition](
- [Migrations Playbook for Saving Money with Snyk + AWS](
- [2023 Software Supply Chain Attack Report](
- [Understanding AI Models to Future-Proof Your AppSec Program]( [View More White Papers >>]( FEATURED REPORTS - [Industrial Networks in the Age of Digitalization](
- [How Enterprises Assess Their Cyber-Risk](
- [How to Deploy Zero Trust for Remote Workforce Security]( [View More Dark Reading Reports >>]( Dark Reading Daily
-- Published By [Dark Reading](
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.](
Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com)
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=121424&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_02.21.24&sp_cid=52082&utm_content=DR_NL_Dark%20Reading%20Daily_02.21.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#23
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)