Vulnerable configurations, software flaws, and exposed Web services allow hackers to find exploitable weaknesses in companies' perimeters in just hours, not days.
| | | LATEST SECURITY NEWS & COMMENTARY | | Most Attackers Need Less Than 10 Hours to Find Weaknesses Vulnerable configurations, software flaws, and exposed Web services allow hackers to find exploitable weaknesses in companies' perimeters in just hours, not days. Microsoft Looks to Enable Practical Zero-Trust Security With Windows 11 With the update, Microsoft adds features to allow easier deployment of zero-trust capabilities. Considering the 1.3 billion global Windows users, the support could make a difference. Fast Company CMS Hack Raises Security Questions The company's website remains offline after hackers used its compromised CMS to send out racist messages. Chaos Malware Resurfaces With All-New DDoS & Cryptomining Modules The previously identified ransomware builder has veered in an entirely new direction, targeting consumers and business of all sizes by exploiting known CVEs through brute-forced and/or stolen SSH keys. FBI Helping Australian Authorities Investigate Massive Optus Data Breach: Reports Initial reports suggest a basic security error allowed the attacker to access the company's live customer database via an unauthenticated API. BlackCat/ALPHV Gang Adds Wiper Functionality as Ransomware Tactic Using its "Exmatter" tool to corrupt rather than encrypt files signals a new direction for financially motivated cybercrime activity, researchers say. Fake Sites Siphon Millions of Dollars in 3-Year Scam A crime syndicate based in Russia steals millions of dollars from credit card companies using fake dating and porn sites on hundreds of domains to rack up fraudulent charges. Malicious Apps With Millions of Downloads Found in Apple App Store, Google Play The ongoing ad fraud campaign can be traced back to 2019, but recently expanded into the iOS ecosystem, researchers say. Despite Recession Jitters, M&A Dominates a Robust Cybersecurity Market Funding has been somewhat lower than last year, but investment remains healthy, analysts say, amid thirst for cloud security in particular. App Developers Increasingly Targeted via Slack, DevOps Tools Slack, Docker, Kubernetes, and other applications that allow developers to collaborate have become the latest vector for software supply chain attacks. Cyberattackers Compromise Microsoft Exchange Servers via Malicious OAuth Apps Cybercriminals took control of enterprise Exchange Servers to spread large amounts of spam aimed at signing people up for bogus subscriptions. Developer Leaks LockBit 3.0 Ransomware-Builder Code Code could allow other attackers to develop copycat versions of the malware, but it could help researchers understand the threat better as well. Time to Change Our Flawed Approach to Security Awareness Defend against phishing attacks with more than user training. Measure users' suspicion levels along with cognitive and behavioral factors, then build a risk index and use the information to better protect those who are most vulnerable. 4 Data Security Best Practices You Should Know There are numerous strategies to lessen the possibility and effects of a cyberattack, but doing so takes careful planning and targeted action. Should Hacking Have a Code of Conduct? For white hats who play by the rules, here are several ethical tenets to consider. Microsoft Rolls Out Passwordless Sign-on for Azure Virtual Desktop Azure says cloud-native single sign-on with a passwordless option is most-requested new AVD feature in the product's history. CISA: Zoho ManageEngine RCE Bug Is Under Active Exploit The bug allows unauthenticated code execution on the company's firewall products, and CISA says it poses "significant risk" to federal government. MORE NEWS / MORE COMMENTARY | | |
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
