CISA: AWS, Microsoft 365 Accounts Under Androxgh0st Attack | Patch ASAP: Atlassian Bug Allows Unauthenticated RCE

Cyberattackers are targeting Apache webservers and websites using the popular Laravel Web application framework in order to steal credentials for the apps [TechWeb]( Follow Dark Reading: [RSS]( January 18, 2024 LATEST SECURITY NEWS & COMMENTARY [CISA: AWS, Microsoft 365 Accounts Under Active 'Androxgh0st' Attack]( Cyberattackers are targeting Apache webservers and websites using the popular Laravel Web application framework in order to steal credentials for the apps. [Patch ASAP: Max-Critical Atlassian Bug Allows Unauthenticated RCE]( Rated at a CVSS score of 10, the bug is as bad as it gets, allowing remote cyberattackers unfettered access to corporate environments. [Ivanti Zero-Day Exploits Skyrocket Worldwide; No Patches Yet]( Anyone who hasn't mitigated two zero-day security bugs in Ivanti VPNs may already be compromised by a Chinese nation-state actor. [Ivanti Researchers Report Two Critical Zero-Day Vulnerabilities]( Patches will be available in late January and February, but until then, customers must take mitigation measures. [SEC X Account Hack Draws Senate Outrage]( Senators from both parties called the Securities and Exchange Commission's lack of MFA "inexcusable" and demand investigation into the regulator's cybersecurity lapse. [Volt Typhoon Ramps Up Malicious Activity Against Critical Infrastructure]( The Chinese state-sponsored APT has compromised as many as 30% of Cisco legacy routers on a SOHO botnet that multiple threat groups use. [CISA Adds 9.8 'Critical' Microsoft SharePoint Bug to its KEV Catalog]( It's a tale as old as time: an old, long-since patched vulnerability that remains actively exploited. [War or Cost of Doing Business? Cyber Insurers Hashing Out Exclusions]( Following a settlement over Merck's $700 million claims over NotPetya damages, questions remain about what constitutes an act of war for cyber-insurance policies. [Africa, Middle East Lead Peers in Cybersecurity, but Lag Globally]( Both regions score above average compared to similar sized economies, but investing in updated technologies and patching processes would help cyber resilience globally. [Name That Toon: Cast Adrift]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. [Your Cybersecurity Budget Is a Horse's Rear End]( Are historical budget constraints limiting your cybersecurity program? Don't let old saws hold you back. It's time to revisit your budget with revolutionary future needs front of mind. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Anti-Ransomware Coalition Bound to Fail Without Key Adjustments]( International pledge to reject ransomware demands misses the most important way to combat cybercrime: prevention. [Strength in Numbers: The Case for Whole-of-State Cybersecurity]( WoS cybersecurity creates a united front for governments to defend against threat actors, harden security postures, and protect constituents who depend on services. [Hospitals Must Treat Patient Data and Health With Equal Care]( All companies are under the data privacy compliance gun — but healthcare companies have a target on their backs. [MORE]( PRODUCTS & RELEASES [ESET Launches New Managed Detection and Response (MDR) Service for Small and Midsize Businesses]( [Salt Security Delivers API Posture Governance Engine]( [Intel 471 Appoints Technology Veteran, Sonja Tsiridis, Chief Technology Officer]( [Accenture and SandboxAQ Collaborate to Help Organizations Protect Data]( [Savvy Launches Identity-First Security Offering to Combat Toxic Combinations Driving SaaS Risk]( [Claroty Welcomes Former US National Cyber Director Chris Inglis to Advisory Board]( [Former Secretary of State Mike Pompeo Joins Cyabra Board of Directors]( [Mimecast Announces New CEO]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Google Chrome Zero-Day Bug Under Attack, Allows Code Injection]( The first Chrome zero-day bug of 2024 adds to a growing list of actively exploited vulnerabilities found in Chromium and other browser technologies. LATEST FROM THE EDGE [Lock Down the Software Supply Chain With 'Secure by Design']( As zero days and complex networks create gaps for cyberattacks, software developers and agencies such as CISA look to secure by design for building in defenses. [Zero Trust, AI, Capital Markets Drive Consolidation in Cloud Security]( Companies that quickly shifted to cloud-native operations are looking for greater visibility and protection — and AI benefits — while an uncertain economic future has venture capitalists looking toward safety. LATEST FROM DR GLOBAL [Hyundai MEA X Account Hacked, Followed by Crypto Promotion]( Attackers hit more X accounts to promote Overworld Bitcoin registration. WEBINARS - [DevSecOps: The Smart Way to Shift Left]( - [Tips for Managing Cloud Security in a Hybrid Environment]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Threat Terrain of the Modern Factory: Survey of Programmable Assets and Robot Software]( - [IT Zero Trust vs. OT Zero Trust: It's all about Availability]( - [2023 Snyk AI-Generated Code Security Report]( - [2023 Software Supply Chain Attack Report]( - [Increase Speed and Accuracy with AI Driven Static Analysis Auditing]( - [The Need for a Software Bill of Materials]( - [The Developers Guide to API Security]( [View More White Papers >>]( FEATURED REPORTS - [Passwords Are Passe: Next Gen Authentication Addresses Today's Threats]( - [What Ransomware Groups Look for in Enterprise Victims]( Ransomware attackers cast a wide net -- they just care about causing damage, making money, and gaining new victims. That means no organization is automatically immune to attack just because of its size or industry. Organizations need to take steps ... - [How to Use Threat Intelligence to Mitigate Third-Party Risk]( The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ... [View More Dark Reading Reports >>]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=120542&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly_01.18.24&sp_cid=51470&utm_content=DR_NL_Dark%20Reading%20Weekly_01.18.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#b8 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)