Vanity URLs Could Be Spoofed for Social Engineering Attacks Attackers could abuse the vanity subdomains of popular cloud services such as Box.com, Google, and Zoom to mask attacks in phishing campaigns.
Cyber-Espionage Attack Drops Post-Exploit Malware Framework on Microsoft Exchange Servers IceApple's 18 separate modules include those for data exfiltration, credential harvesting, and file and directory deletion, CrowdStrike warns.
On Air With Dark Reading News Desk at Black Hat Asia 2022 This year's Black Hat Asia is hybrid, with some sessions broadcast on the virtual platform and others live on stage in Singapore. News Desk is available on-demand with prerecorded interviews.
Microsoft Simplifies Security Patching Process for Exchange Server Delivering hotfixes and system updates separately will allow manual patching without requiring elevated permissions, Microsoft said.
NSA Warns Managed Service Providers Are Now Prime Targets for Cyberattacks International cybersecurity authorities issue guidance to help information and communications service providers secure their networks.
The Danger of Online Data Brokers Enterprises should consider online data brokers as part of their risk exposure analysis if they don't already do so.
Breaking Down the Strengthening American Cybersecurity Act New federal cybersecurity rules will set timelines for critical infrastructure sector organizations — those in chemical, manufacturing, healthcare, defense contracting, energy, financial, nuclear, or transportation — to report ransomware payments and cyberattacks to CISA. All parties have to comply for it to work and help protect assets.
Novel Nerbian RAT Lurks Behind Faked COVID Safety Emails Malicious emails with macro-enabled Word documents are spreading a never-before-seen remote-access Trojan, researchers say.
