Patch Now: Second SolarWinds Critical Bug in Web Help Desk

The disclosure of CVE-2024-28987 means that, in two weeks, there have been two critical bugs and corresponding patches for SolarWinds' less-often-discussed IT help desk software. [TechWeb]( Follow Dark Reading: [RSS]( August 26, 2024 LATEST SECURITY NEWS & COMMENTARY [Patch Now: Second SolarWinds Critical Bug in Web Help Desk]( The disclosure of CVE-2024-28987 means that, in two weeks, there have been two critical bugs and corresponding patches for SolarWinds' less-often-discussed IT help desk software. [Constantly Evolving MoonPeak RAT Linked to North Korean Spying]( The malware is a customized variant of the powerful open source XenoRAT information stealing malware often deployed by Kimsuky and other DPRK APTs. [NIST Hands Off Post-Quantum Cryptography Work to Cyber Teams]( The release of new NIST quantum-proof cryptography standards signals it's time for cybersecurity teams to get serious about preparing for the rise of quantum threats. [Liverpool Fans Take English Premier League Title for Ticket Scams]( Ticket scams are costing football fans close to £200 a season, on average, according to a report. [C-Suite Involvement in Cybersecurity Is Little More Than Lip Service]( Collaboration with security teams, making cybersecurity a core principle of business strategy, and investing in defenses better position organizations to thwart threats and ensure business continuity. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [NSA Issues Tips for Better Logging, Threat Detection in LotL Incidents]( The guidance is part of a coordinated, global effort to eradicate living-off-the-land techniques used against critical infrastructure. [Why End of Life for Applications Is the Beginning of Life for Hackers]( In the next year, more than 35,000 applications will move to end-of-life status. To manage risk effectively, we need to plan ahead. [Infostealers Waltz Through macOS to Grab Crypto Wallets, Browser Creds]( Ironically, Macs' lower risk profile may make them more susceptible to any given threat than the average Windows or Linux system. [Critical Thinking AI in Cybersecurity: A Stretch or a Possibility?]( It might still sound far-fetched to say AI can develop critical thinking skills and help us make decisions in the cybersecurity industry. But we're not far off. [MORE]( PRODUCTS & RELEASES [Pluralsight Releases Courses to Help Cyber Pros Defend Against Volt Typhoon Hacker Group]( [Malicious Links, AI-Enabled Tools, and Attacks on SMBs Among Top Cybersecurity Threats in H1 Mimecast Global Threat Intelligence Report]( [IBM SkillsBuild Cybersecurity and Data Analytics Certificates to be Deployed in Community College Systems]( [New ISAGCA Report Explores Zero-Trust Outcomes in OT Cybersecurity]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Slack Patches AI Bug That Let Attackers Steal Data From Private Channels]( A prompt injection flaw in the AI feature of the workforce collaboration suite makes malicious queries of data sources appear legitimate. LATEST FROM THE EDGE [The Silver Bullet of MFA Was Never Enough]( There is no such thing as a silver bullet in cybersecurity. No, not even multifactor authentication. LATEST FROM DR TECHNOLOGY [Researchers Highlight How Poisoned LLMs Can Suggest Vulnerable Code]( CodeBreaker technique can create code samples that poison the output of code-completing large language models, resulting in vulnerable — and undetectable — code suggestions. LATEST FROM DR GLOBAL [India's Critical Infrastructure Suffers Spike in Cyberattacks]( The financial and government sectors have come under increasing attacks in India, with the Reserve Bank of India (RBI) warning banks to double down on cybersecurity. WEBINARS - [Harnessing the Power of Automation to Boost Enterprise Cybersecurity]( - [How to Evaluate Hybrid-Cloud Network Policies and Enhance Security]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Purple AI Datasheet]( - [Generative AI Gifts]( - [5 Essential Insights into Generative AI for Security Leaders]( - [The Future of Passwords and the Passwordless Evolution]( - [How to Use Threat Intelligence to Mitigate Third-Party Risk]( - [Boston Beer Company Transforms OT Security & Reduces Costs]( - [The Future of Audit, Risk, and Compliance: Exploring AI's Transformative Impact, Use Cases, and Risks]( [View More White Papers >>]( FEATURED REPORTS - [Threat Hunting's Evolution:From On-Premises to the Cloud]( - [State of Enterprise Cloud Security]( - [Managing Third-Party Risk Through Situational Awareness]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=125341&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_08.26.24&sp_cid=54832&utm_content=DR_NL_Dark%20Reading%20Daily_08.26.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#6d If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)