A veritable grab bag of tools used to access critical infrastructure networks are wildly insecure, and they’re blobbing together to create a widening attack surface.
Автор: Becky Bracken, Senior Editor, Dark Reading
Gallup Addresses XSS Bugs in Website
Researchers flagged a pair of Gallup site XSS vulnerabilities.
Gallup Poll Bugs Open Door to Election Misinformation
Researchers flagged a pair of Gallup polling site XSS vulnerabilities that could have allowed malicious actors to execute arbitrary code, access sensitive data, or take over a victim account.
Commercial Spyware Use Roars Back Despite Sanctions
Vendors of mercenary spyware tools used by nation-states to track citizens and enemies have gotten savvy about evading efforts to limit their use.
CCTV Zero-Day Exposes Critical Infrastructure to Mirai Botnet
CISA warned about the RCE zero-day vulnerability in AVTECH IP cameras in early August, and now vulnerable systems are being used to spread malware.
News Desk 2024: Hacking Microsoft Copilot Is Scary Easy
As enterprises in the world embrace Microsoft’s AI assistant, researcher Michael Bargury warns its security is lacking. Check out his News Desk interview during Black Hat USA.
NIST Hands Off Post-Quantum Cryptography Work to Cyber Teams
The release of new NIST quantum-proof cryptography standards signals it’s time for cybersecurity teams to get serious about preparing for the rise of quantum threats.
Fallout from Faulty Friday CrowdStrike Update Persists
Historic IT outage expected to spur regulatory scrutiny, soul-searching over "monoculture" of IT infrastructure — and cyberattack threats.
Sizable Chunk of SEC Charges Against SolarWinds Tossed Out of Court
Judge dismisses claims against SolarWinds for actions taken after its systems had been breached, but allows the case to proceed for alleged misstatements prior to the incident.