In Microsoft's lightest Patch Tuesday update of the year so far, several security vulnerabilities stand out as must-patch, researchers warn.
| | | LATEST SECURITY NEWS & COMMENTARY | | Microsoft Quashes Actively Exploited Zero-Day, Wormable Critical Bugs In Microsoft's lightest Patch Tuesday update of the year so far, several security vulnerabilities stand out as must-patch, researchers warn. TeamTNT Hits Docker Containers via 150K Malicious Cloud Image Pulls Honeypot activity exposed two credentials that the threat actor is using to host and distribute malicious container images, security vendor says. SparklingGoblin Updates Linux Version of SideWalk Backdoor in Ongoing Cyber Campaign Researchers link the APT to an attack on a Hong Kong university, which compromised multiple key servers using advanced Linux malware. Attackers Exploit Zero-Day WordPress Plug-in Vulnerability in BackupBuddy The critical flaw in BackupBuddy is one of thousands of security issues reported in recent years in products that WordPress sites use to extend functionality. Microsoft, Cloud Providers Move to Ban Basic Authentication Microsoft moves ahead with a plan to sunset basic authentication, and other providers are moving — or have moved — to requiring more secure authentication as well. Is your company ready? Vulnerability Exploits, Not Phishing, Are the Top Cyberattack Vector for Initial Compromise A slew of Microsoft Exchange vulnerabilities (including ProxyLogon) fueled a surge in attacks targeting software flaws in 2021, but the trend has continued this year. Lorenz Ransomware Goes After SMBs via Mitel VoIP Phone Systems The ransomware gang has been seen exploiting a Mitel RCE flaw discovered in VoIP devices in April (and patched in July) to perform double-extortion attacks. LockBit, ALPHV & Other Ransomware Gang Leak Sites Hit by DDoS Attacks A sweeping effort to prevent a raft of targeted cybercrime groups from posting ransomware victims' data publicly is hampering their operations, causing outages. Cisco Data Breach Attributed to Lapsus$ Ransomware Group Analysis shows attackers breached employee credentials with voice phishing and were preparing a ransomware attack against Cisco Systems. Monti, the New Conti: Ransomware Gang Uses Recycled Code A new group, Monti, appears to have used leaked Conti code, TTPs, and infrastructure approaches to launch its own ransomware campaign. Name That Toon: Shiver Me Timbers! Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. Why Ports Are at Risk of Cyberattacks More docked ships bring a new challenge. The longer a ship is docked, the more vulnerable the port is to a cyberattack. To Ease the Cybersecurity Worker Shortage, Broaden the Candidate Pipeline With enough passion, intelligence, and effort, anyone can be a successful cybersecurity professional, regardless of education or background. Everything You Need To Know About BlackCat (AlphaV) A relative newcomer to the ransomware scene, the BlackCat group quickly gained notoriety and may be associated with other APT groups like Conti and DarkSide. 5 Keys to Better Key Management From analyzing your company's risk profile to knowing where keys are stored and who can access them, prioritize key clean-up and management. Make compliance an outcome and develop a risk management strategy. MORE NEWS / MORE COMMENTARY | | |
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
