Dark Reading ![]() |
---|
ICYMI: A Microsoft Warning, Follina, Atlassian, and More |
Dark Reading's digest of the other don't-miss stories of the week, including YouTube account takeovers and a sad commentary on cyber-pro hopelessness. |
OpenSea NFT Marketplace Faces Insider Hack |
OpenSea warns users that they are likely to be targeted in phishing attacks after a vendor employee accessed and downloaded its email list. |
Time Constraints Hamper Security Awareness Programs |
Even as more attacks target humans, lack of dedicated staff, relevant skills, and time are making it harder to develop a security-aware and engaged workforce, SANS says. |
Criminals Use Deepfake Videos to Interview for Remote Work |
The latest evolution in social engineering could put fraudsters in a position to commit insider threats. |
DragonForce Malaysia Releases LPE Exploit, Threatens Ransomware |
The hacktivist group is ramping up its activities and ready to assault governments and businesses with escalating capabilities. |
When It Comes to SBOMs, Do You Know the Ingredients in Your Ingredients£ |
Transitive dependencies can complicate the process of developing software bills of materials. |
Microsoft Going Big on Identity with the Launch of Entra |
With more staff working remotely, identity, authentication, and access (IAA) has never been more important. Microsoft has a new response. |
Google: Hack-for-Hire Groups Present a Potent Threat |
Cyber mercenaries in countries like India, Russia, and the UAE are carrying out data theft and hacking missions for a wide range of clients across regions, a couple of new reports said. |
18 Zero-Days Exploited So Far in 2022 |
It didn't have to be this way: So far 2022's tranche of zero-days shows too many variants of previously patched security bugs, according Google Project Zero. |
API Security Losses Total Billions, But It's Complicated |
A recent analysis of breaches involving application programming interfaces (APIs) arrives at some eye-popping damage figures, but which companies are most affected, and in what ways£ |
Exchange Servers Backdoored Globally by SessionManager |
Malicious ISS module exploitation is the latest trend among threat actors targeting Exchange servers, analysts say. |
Study Reveals Traditional Data Security Tools Have a 60% Failure Rate Against Ransomware and Extortion |
Titaniam’s ‘State of Data Exfiltration & Extortion Report’ also finds that while over 70% of organizations had heavy investments in prevention, detection, and backup solutions, the majority of victims ended up giving into attackers' demands. |
A Fintech Horror Story: How One Company Prioritizes Cybersecurity |
A password link that didn't expire leads to the discovery of exposed personal information at a payments service. |
NXM Announces Platform That Protects Space Infrastructure and IoT Devices From Cyberattacks |
NXM Autonomous Security protects against network-wide device hacks and defends against critical IoT vulnerabilities. |
Critical ManageEngine ADAudit Plus Vulnerability Allows Network Takeover, Mass Data Exfiltration |
An unauthenticated remote code execution vulnerability found in Zoho’s compliance tool could leave organizations exposed to an information disclosure catastrophe, new analysis shows. |
Zero-Days Aren't Going Away Anytime Soon & What Leaders Need to Know |
There were a record number of zero-day attacks last year, but some basic cyber-hygiene strategies can help keep your organization more safe. |
Patch Now: Linux Container-Escape Flaw in Azure Service Fabric |
Microsoft is urging organizations that don't have automatic updates enabled to update to the latest version of Linux Server Fabric to thwart the "FabricScape" cloud bug. |
ZuoRAT Hijacks SOHO Routers From Cisco, Netgear |
The malware has been in circulation since 2020, with sophisticated, advanced malicious actors taking advantage of the vulnerabilities in SOHO routers as the work-from-home population expands rapidly. |
Broken Authentication Vuln Threatens Amazon Photos Android App |
The now-patched bug allows an attacker to gain full access to a user's Amazon files. |
How to Master the Kill Chain Before Your Attackers Do |
In the always-changing world of cyberattacks, preparedness is key. |
What's Your AppSec Personality£ |
It's time to decide which role to play to best serve your organization's security needs: an auditor, a lawyer, or a developer. |
Cyberattacks via Unpatched Systems Cost Orgs More Than Phishing |
External attacks focused on vulnerabilities are still the most common ways that companies are successfully attacked, according to incident data. |
Shifting the Cybersecurity Paradigm From Severity-Focused to Risk-Centric |
Embrace cyber-risk modeling and ask security teams to pinpoint the risks that matter and prioritize remediation efforts. |
5 Surprising Cyberattacks AI Stopped This Year |
See how these novel, sophisticated, or creative threats used techniques such as living off the land to evade detection from traditional defensive measures — but were busted by AI. |
Kaspersky Reveals Phishing Emails That Employees Find Most Confusing |
Results from phishing simulation campaigns highlight the five most effective types of phishing email. |
Facebook Business Pages Targeted via Chatbot in Data-Harvesting Campaign |
The clever, interactive phishing campaign is a sign of increasingly complex social-engineering attacks, researchers warn. |
Google Analytics Continues to Lose SEO Visibility as Bans Continue |
Google Analytics has been found to be in violation of GDPR privacy laws by Italy — the third country to ban it. |
'Raccoon Stealer' Scurries Back on the Scene After Hiatus |
Researchers this week said they had observed criminals using a new and improved version of the prolific malware, barely three months after its authors announced they were quitting. |
China-Backed APT Pwns Building-Automation Systems With ProxyLogon |
The previously unknown state-sponsored group is compromising industrial targets with the ShadowPad malware before burrowing deeper into networks. |
RSA 2022: Omdia Research Take Aways |
The RSA conference in San Francisco always feels like drinking from a fire hose but especially this year at the first in-person RSA since the pandemic began. |
Atlassian Confluence Exploits Peak at 100K Daily |
Swarms of breach attempts against the Atlassian Confluence vulnerability are likely to continue for years, researchers say, averaging 20,000 attempts daily as of this week. |
Can Zero-Knowledge Cryptography Solve Our Password Problems£ |
Creating temporary keys that are not stored in central repositories and time out automatically could improve security for even small businesses. |
A WAF Is Not a Free Lunch: Teaching the Shift-Left Security Mindset |
Developers need to think like WAF operators for security. Start with secure coding and think of Web application firewalls not as a prophylactic but as part of the secure coding test process. |
Ransomware Volume Nearly Doubles 2021 Totals in a Single Quarter |
Like a hydra, every time one ransomware gang drops out (REvil or Conti), plenty more step up to fill the void (Black Basta). |
How to Find New Attack Primitives in Microsoft Azure |
Abuse primitives have a longer shelf life than bugs and zero-days and are cheaper to maintain. They're also much harder for defenders to detect and block. |
New Vulnerability Database Catalogs Cloud Security Issues |
Researchers have created a new community website for reporting and tracking security issues in cloud platforms and services — plus fixes for them where available. |
NIST Finalizes macOS Security Guidance |
NIST SP800-219 introduces the macOS Security Compliance Project (mSCP) to assist organizations with creating security baselines and defining controls to protect macOS endpoints. |
Federal, State Agencies' Aid Programs Face Synthetic Identity Fraud |
Balancing public service with fraud prevention requires rule revisions and public trust. |
LockBit 3.0 Debuts With Ransomware Bug Bounty Program |
LockBit 3.0 promises to 'Make Ransomware Great Again!' with a side of cybercrime crowdsourcing. |
Shadow IT Spurs 1 in 3 Cyberattacks |
Cerby platform emerges from stealth mode to let users automate security for applications outside of the standard IT purview. |
Thrive Acquires DSM |
DSM is now the third acquisition by Thrive in Florida in the past six months. |
It's a Race to Secure the Software Supply Chain — Have You Already Stumbled£ |
If you haven't properly addressed the issue, you're already behind. But even if you've had a false start, it's never too late to get back up. |
Threat Intelligence Services Are Universally Valued by IT Staff |
Most of those surveyed are concerned about AI-based attacks and deepfakes but suggest that their organizations are ready. |
Why We're Getting Vulnerability Management Wrong |
Security is wasting time and resources patching low or no risk bugs. In this post, we examine why security practitioners need to rethink vulnerability management. |
APT Groups Swarming on VMware Servers with Log4Shell |
CISA tells organizations running VMware servers without Log4Shell mitigations to assume compromise. |
Only 3% of Open Source Software Bugs Are Actually Attackable, Researchers Say |
A new study says 97% of open source vulnerabilities linked to software supply chain risks are not attackable — but is "attackability" the best method for prioritizing bugs£ |
7 Steps to Stronger SaaS Security |
Continuous monitoring is key to keeping up with software-as-a-service changes, but that's not all you'll need to get better visibility into your SaaS security. |
The Cybersecurity Talent Shortage Is a Myth |
We have a tech innovation problem, not a staff retention (or recruitment) problem. |
Without Conti on the Scene, LockBit 2.0 Leads Ransomware Attacks |
Analysts say an 18% drop in ransomware attacks seen in May is likely fleeting, as Conti actors regroup. |
Chinese APT Group Likely Using Ransomware Attacks as Cover for IP Theft |
Bronze Starlight’s use of multiple ransomware families and its victim-targeting suggest there’s more to the group’s activities than just financial gain, security vendor says. |
Johnson Controls Acquires Tempered Networks to Bring Zero Trust Cybersecurity to Connected Buildings |
Johnson Controls will roll out the Tempered Networks platform across deployments of its OpenBlue AI-enabled platform. |
ShiftLeft: Focus On 'Attackability' To Better Prioritize Vulnerabilities |
ShiftLeft's Manish Gupta join Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to talk about looking at vulnerability management through the lens of "attackability." |
Pair of Brand-New Cybersecurity Bills Become Law |
Bipartisan legislation allows cybersecurity experts to work across multiple agencies and provides federal support for local governments. |
The Rise, Fall, and Rebirth of the Presumption of Compromise |
The concept might make us sharp and realistic, but it's not enough on its own. |
Reinventing How Farming Equipment Is Remotely Controlled and Tracked |
Farmers are incorporating high-tech solutions like IoT and drones to address new challenges facing agriculture. |
Cyberattackers Abuse QuickBooks Cloud Service in 'Double-Spear' Campaign |
Malicious invoices coming from the accounting software's legitimate domain are used to harvest phone numbers and carry out fraudulent credit-card transactions. |
Palo Alto Networks Bolsters Its Cloud Native Security Offerings With Out-of-Band WAAS |
Latest Prisma Cloud platform updates help organizations continuously monitor and secure web applications with maximum flexibility. |
How APTs Are Achieving Persistence Through IoT, OT, and Network Devices |
To prevent these attacks, businesses must have complete visibility into, and access and management over, disparate devices. |
80% of Legacy MSSP Users Planning MDR Upgrade |
False positives and staff shortages are inspiring a massive managed detection and response (MDR) services migration, research finds. |
MetaMask Crypto-Wallet Theft Skates Past Microsoft 365 Security |
The credential-phishing attack leverages social engineering and brand impersonation techniques to lead users to a spoofed MetaMask verification page. |
Organizations Battling Phishing Malware, Viruses the Most |
Organizations may not frequently encounter malware targeting cloud systems or networking equipment, but the array of malware they do encounter just occasionally is no less disruptive or damaging. That is where the focus needs to be. |
Microsoft 365 Users in US Face Raging Spate of Attacks |
A voicemail-themed phishing campaign is hitting specific industry verticals across the country, bent on scavenging credentials that can be used for a range of nefarious purposes. |
Synopsys Completes Acquisition of WhiteHat Security |
Addition of WhiteHat Security provides Synopsys with SaaS capabilities and dynamic application security testing (DAST) technology. |
Aqua Security Collaborates With Center for Internet Security to Create Guide for Software Supply Chain Security |
In addition, Aqua Security unveiled a new open source tool, Chain-Bench, for auditing the software supply chain to ensure compliance with the new CIS guidelines. |
Neustar Security Services Launches Public UltraDNS Health Check Site |
Open service generates free report detailing potential gaps in compliance, configuration, and security for a user’s multiple domain names. |
Russia's APT28 Launches Nuke-Themed Follina Exploit Campaign |
Researchers have spotted the threat group, also known as Fancy Bear and Sofacy, using the Windows MSDT vulnerability to distribute information stealers to users in Ukraine. |
Fresh Magecart Skimmer Attack Infrastructure Flagged by Analysts |
Don't sleep on Magecart attacks, which security teams could miss by relying solely on automated crawlers and sandboxes, experts warn. |
Getting a Better Handle on Identity Management in the Cloud |
Treat identity management as a first-priority problem, not something to figure out later while you get your business up and running in the cloud. |
Tanium Partners With ScreenMeet to Enable Employees to Securely Connect to Their Remote Desktops |
Partnership lets users access one-click ScreenMeet sessions from the Tanium platform. |
Zscaler and AWS Expand Relationship |
Zscaler also announced innovations built on Zscaler’s Zero Trust architecture and AWS. |
Zscaler Launches Posture Control Solution |
Enables DevOps and security teams to prioritize and remediate risks in cloud-native applications earlier in the development life cycle. |
Zscaler Adds New AI/ML Capabilities for the Zscaler Zero Trust Exchange |
Organizations can strengthen their network defense with a number of intelligent security innovations. |
Evolving Beyond the Password: Vanquishing the Password |
Using WebAuthn, physical keys, and biometrics, organizations can adopt more advanced passwordless MFA and true passwordless systems. (Part 2 of 2) |
The Risk of Multichannel Phishing Is on the Horizon |
The cybersecurity community is buzzing with concerns of multichannel phishing attacks, particularly on smishing and business text compromise, as hackers turn to mobile to launch attacks. |
GitHub's MFA Plans Should Spur Rest of Industry to Raise the Bar |
We as industry leaders should be building on what individual platforms like GitHub are doing in two critical ways: demanding third parties improve security and creating more interoperable architectures. |
80% of Firms Suffered Identity-Related Breaches in Last 12 Months |
With almost every business experiencing growth in human and machine identities, firms have made securing those identities a priority. |
Risk Disconnect in the Cloud |
New Cloud Security Alliance (CSA) and Google Cloud study shows many enterprises struggle to measure and manage risk in their cloud workloads. |
Linux Foundation Announces Open Programmable Infrastructure Project to Drive Open Standards for New Class of Cloud Native Infrastructure |
Data Processing and Infrastructure Processing Units – DPU and IPU – are changing the way enterprises deploy and manage compute resources across their networks. |
7 Ways to Avoid Worst-Case Cyber Scenarios |
In the wake of devastating attacks, here are some of the best techniques and policies a company can implement to protect its data. |
VPNs Persist Despite Zero-Trust Fervor |
Most organizations still rely on virtual private networks for secure remote access. |
China-Linked ToddyCat APT Pioneers Novel Spyware |
ToddyCat's Samurai and Ninja tools are designed to give attackers persistent and deep access on compromised networks, security vendor says. |
RIG Exploit Kit Replaces Raccoon Stealer Trojan With Dridex |
After the Raccoon Stealer Trojan disappeared, the RIG Exploit Kit seamlessly adopted Dridex for credential theft. |
Gartner: Regulation, Human Costs Will Create Stormy Cybersecurity Weather Ahead |
Experts tell teams to prepare for more regulation, platform consolidation, management scrutiny, and attackers with the ability to claim human casualties. |
Why Financial Institutions Must Double Down on Open Source Investments |
Open source is here to stay, and it's imperative that CIOs have a mature, open source engagement strategy, across consumption, contribution, and funding as a pillar of digital transformation. |
Evolving Beyond the Password: It's Time to Up the Ante |
While there's an immediate need to improve MFA adoption, it's also critical to move to more advanced and secure passwordless frameworks, including biometrics. (Part 1 of 2) |
BRATA Android Malware Evolves Into an APT |
The BRATA Android banking Trojan is evolving into a persistent threat with a new phishing technique and event-logging capabilities. |
Reducing Risk With Zero Trust |
Zero trust isn’t just about authentication. Organizations can combine identity data with business awareness to address issues such as insider threat. |
56 Vulnerabilities Discovered in OT Products From 10 Different Vendors |
Deep-dive study unearthed security flaws that could allow remote code execution, file manipulation, and malicious firmware uploads, among other badness. |
AI Is Not a Security Silver Bullet |
AI can help companies more effectively identify and respond to threats, as well as harden applications. |
Open Source Software Security Begins to Mature |
Only about half of firms have an open source software security policy in place to guide developers in the use of components and frameworks, but those that do exhibit better security. |
Capital One Attacker Exploited Misconfigured AWS Databases |
After bragging in underground forums, the woman who stole 100 million credit applications from Capital One has been found guilty. |
Feds Take Down Russian 'RSOCKS' Botnet |
RSOCKS commandeered millions of devices in order to offer proxy services used to mask malicious traffic. |
Name That Toon: Cuter Than a June Bug |
Feeling creative£ Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. |
DDoS Attacks Delay Putin Speech at Russian Economic Forum |
A Kremlin spokesman said that the St. Petersburg International Economic Forum accreditation and admissions systems were shut down by a DDoS attack. |
Credential Sharing as a Service: The Hidden Risk of Low-Code/No-Code |
Low-code/no-code platforms allow users to embed their existing user identities within an application, increasing the risk of credentials leakage. |
Security Lessons From Protecting Live Events |
Security defenders working for large venues and international events need to be able to move at machine speed because they have a limited time to detect and recover from attacks. The show must go on, always. |
The Cybersecurity Diversity Gap: Advice for Organizations Looking to Thrive |
Companies need to fill some of the 3.5 million empty cybersecurity seats with workers who bring different experiences, perspectives, and cultures to the table. Cut a few doors and windows into the security hiring box. |
Ransomware and Phishing Remain IT's Biggest Concerns |
Security teams — who are already fighting off malware challenges — are also facing renewed attacks on cloud assets and remote systems. |
WordPress Plug-in Ninja Forms Issues Update for Critical Bug |
The code injection vulnerability is being actively exploited in the wild, researchers say. |
DeadBolt Ransomware Actively Targets QNAP NAS Devices — Again |
The QNAP network-connected devices, used to store video surveillance footage, are a juicy target for attackers, experts warn. |