Zimbra RCE Vuln Under Attack Needs Immediate Patching

The bug gives attackers a way to run arbitrary code on affected servers and take control of them. [TechWeb]( Follow Dark Reading: [RSS]( October 02, 2024 LATEST SECURITY NEWS & COMMENTARY [Zimbra RCE Vuln Under Attack Needs Immediate Patching]( The bug gives attackers a way to run arbitrary code on affected servers and take control of them. [Cyberattackers Use HR Targets to Lay More_Eggs Backdoor]( The FIN6 group is the likely culprit behind a spear-phishing campaign that demonstrates a shift in tactics, from targeting job seekers to going after those who hire. [Gov't, Judicial IT Systems Beset by Access Control Bugs]( Poor permission controls and user input validation is endemic to the platforms that protect Americans' legal, medical, and voter data. [LockBit Associates Arrested, Evil Corp Bigwig Outed]( A global operation cuffed four LockBit suspects and offered more details into the org chart of Russia's infamous Evil Corp cybercrime gang. [Infrastructure vs. Runtime — Where Are Your Priorities?]( Amid the noise of new solutions and buzzwords, understanding the balance between securing infrastructure and implementing runtime security is key to crafting an effective cloud strategy. [(Sponsored Article) 7 Preventable Mistakes Even Top Security Teams Make]( Even the most seasoned security operations centers have bad habits that increase organizational inefficiencies, burnout, and risk. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Overtaxed State CISOs Struggle With Budgeting, Staffing]( CISOs for US states face the same kinds of challenges those at private companies do: lots of work to handle, but not necessarily enough money or people to handle it sufficiently well. [Treat Your Enterprise Data Like a Digital Nomad]( By combining agility with compliance, and security with accessibility, businesses will treat their data as a well-prepared traveler, ready for any adventure. [DoJ Charges 3 Iranian Hackers in Political 'Hack & Leak' Campaign]( The cyberattackers allegedly stole information from US campaign officials only to turn around and weaponize it against unfavored candidates. [Sloppy Entra ID Credentials Attract Hybrid Cloud Ransomware]( Microsoft warns that ransomware group Storm-0501 has shifted from buying initial access to leveraging weak credentials to gain on-premises access before moving laterally to the cloud. [MORE]( PRODUCTS & RELEASES [Kevin Mandia Joins Expel's Board of Directors]( [Palo Alto Networks and Deloitte Expand Strategic Alliance Globally]( [Apono Raises $15.5M Series A Funding for AI-driven, Least Privilege Solution Set]( [Darktrace Announces Formal Completion of its Acquisition by Thoma Bravo]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Calif. Gov. Vetoes AI Safety Bill Aimed at Big Tech Players]( Critics viewed the bill as seeking protections against nonrealistic "doomsday" fears, but most stakeholders agree that oversight is needed in the GenAI space. LATEST FROM THE EDGE [Normalizing Security Culture: You Don't Have to Get Ready If You Stay Ready]( Prioritizing security as a critical element to an organization's effectiveness and success will reduce the risk of incidents, while benefiting the whole team and the organization's reputation. LATEST FROM DR TECHNOLOGY [Dragos Expands ICS Platform With New Acquisition]( The addition of Network Perception will provide Dragos with enhanced network visibility, compliance and segmentation analytics to the Dragos OT cybersecurity platform. LATEST FROM DR GLOBAL [UAE, Saudi Arabia Become Plum Cyberattack Targets]( Hacktivism-related DDoS attacks have risen 70% in the region, most often targeting the public sector, while stolen data and access offers dominate the Dark Web. WEBINARS - [Get In Tune with Your Cloud Cyber Resilience Strategy]( - [10 Emerging Vulnerabilities Every Enterprise Should Know]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Insider Risk Programs: 3 Truths and a Lie]( - [Product Review: Trend Vision One Cloud Security]( - [IDC White Paper: The Peril and Promise of Generative AI in Application Security]( - [Gartner Magic Quadrant for Application Security Testing]( - [A CISO's Guide to Geopolitics and CyberSecurity]( - [5 Essential Insights into Generative AI for Security Leaders]( - [How to Use Threat Intelligence to Mitigate Third-Party Risk]( [View More White Papers >>]( FEATURED REPORTS - [Managing Third-Party Risk Through Situational Awareness]( - [2024 InformationWeek US IT Salary Report]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=126037&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_10.02.24&sp_cid=55270&utm_content=DR_NL_Dark%20Reading%20Daily_10.02.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#01 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)