An RCE vulnerability in all versions of the popular Confluence collaboration platform can be abused in credential harvesting, cyber espionage, and network backdoor attacks.
Follow Dark Reading:
 June 09, 2022
LATEST SECURITY NEWS & COMMENTARY
Actively Exploited Atlassian Zero-Day Bug Allows Full System Takeover
A remote code execution (RCE) vulnerability in all versions of the popular Confluence collaboration platform can be abused in credential harvesting, cyber espionage, and network backdoor attacks.
An Emerging Threat: Attacking 5G Via Network Slices
A successful attack against 5G networks could disrupt critical infrastructure, manipulate sensor data, or even cause physical harm to humans.
Black Basta Ransomware Targets ESXi Servers in Active Campaign
The new ransomware strain Black Basta is now actively targeting VMware ESXi servers in an ongoing campaign, encrypting files inside a targeted volumes folder.
Mandia: Keep 'Shields Up' to Survive the Current Escalation of Cyberattacks
As Mandiant CEO Kevin Mandia's company prepares to become part of Google, the incident response company continues to investigate many of the most critical cyber incidents.
Cybersecurity M&A Activity Shows No Signs of Slowdown
But valuations have dropped — and investors are paying closer attention to revenues and profitability, industry analysts say.
US Sanctions Force Evil Corp to Change Tactics
The threat actor behind the notorious Dridex campaign has switched from using its exclusive credential-harvesting malware to a ransomware-as-a-service model, to make attribution harder.
RSAC Opens With Message of Transformation
Cybersecurity needs to shift its thinking ahead of the next disruption, RSA's CEO said during the opening 2022 conference keynote.
Communication Is Key to CISO Success
A panel of CISOs at the RSA Conference outlined what a successful first 90-day plan looks like, and it boiled down to effective communication and listening.
Are You Ready for a Breach in Your Organization's Slack Workspace?
A single compromised Slack account can easily be leveraged to deceive other users and gain additional access to other users and multiple Slack channels.
Fighting Follina: Application Vulnerabilities and Detection Possibilities
Although organizations should perform proper risk analysis and patch as soon as practical after there's a fix for this vulnerability, defenders still have options before that's released.
Enterprise Security Around the Dinner Table
Enterprise cybersecurity awareness training has evolved to include informal lessons for employees' family members, and it has many benefits.
Building America's Cybersecurity Infrastructure
The government is putting the right skills and expertise in place to fight the rising cyber threat.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Why Network Object Management Is Critical for Managing Multicloud Network Security
If you want your IT and security administrators to get buried in trivial workloads and productivity bottlenecks, having poor network object management is a great way to accomplish that.

How Do We Secure Our Cities From Attack?
Physical access matters in keeping people and buildings safe. Points to consider when establishing a physical security protocol are ways to lock down an area to keep people safe, approaches to communicate clear safety directions, and access control.

7 NFT Scams That Could Be Targeting Your Brand
Brands should be vigilant to ensure sites and listings promoting NFTs for sale are legitimate and not being used as an instrument by fraudsters to swindle customers.

MORE
EDITORS' CHOICE

Multilevel Extortion: DeadBolt Ransomware Targets Internet-Facing NAS Devices
The innovative ransomware targets NAS devices, has a multitiered payment and extortion scheme as well as a flexible configuration, and takes a heavily automated approach.
LATEST FROM THE EDGE

10 No-BS Tips for Building a Diverse and Dynamic Security Team
Advice from women and nonbinary security leaders on creating well-rounded security teams, stronger CISO leadership, and a more resilient industry.
LATEST FROM DR TECHNOLOGY

Talon Grasps Victory at a Jubilant RSAC Innovation Sandbox
Spirits were high at the return of the in-person contest, which kicked off by bringing last year's virtual event winner on stage.
Tech Resources
ACCESS TECH LIBRARY NOW

  • Outsourcing Cybersecurity: A Decision Maker's Guide

    When it comes to cybersecurity, very few enterprises have all the skills and resources they need on staff. On today's market, your enterprise can outsource a wide variety of cyber tasks, from penetration testing to security monitoring to incident response. ...

  • Implementing Zero Trust in Your Enterprise

    Attackers have shown time and again that perimeter security is no longer enough to keep them out. The concept of internal users and outsiders doesn't work in network defense when attackers use credential theft and lateral movement to pretend they ...
MORE WEBINARS
FEATURED REPORTS
  • Practical Network Security Approaches for a Multicloud, Hybrid IT World

    The report covers areas enterprises should focus on for their multicloud/hybrid cloud security strategy: -increase visibility over the environment -learning cloud-specific skills -relying on established security frameworks -re-architecting the network

  • Rethinking Endpoint Security in a Pandemic and Beyond

    IT security teams are expending the concept of "endpoint security" as companies adjust to a distributed workforce. How much responsibility will enterprise IT take for the security of personal devices such as printers. How will they manage identities across multiple ...
MORE REPORTS
CURRENT ISSUE

Improving Enterprise Cybersecurity With XDR
DOWNLOAD THIS ISSUE SUBSCRIBE NOW
BACK ISSUES | MUST READS | TECH DIGEST
PRODUCTS & RELEASES
Cybersecurity Industry Leaders Launch Campaign to Close the Cybersecurity Talent Gap
CISA Challenges Partners and Public to Push for 'More Than a Password' in New Social Media Campaign
CyberRatings.org Announces Test on Cloud Network Firewall
Research Reveals 75% of CISOs Are Worried Too Many Application Vulnerabilities Leak Into Production, Despite a Multi-Layered Security Approach
Optiv Launches Cyber Recovery Solution Focused on Protection and Rapid Recovery
Forescout Announces Intent to Acquire Cysiv to Deliver Data-Powered Threat Detection and Response
BigID Introduces Cloud Data Security On Demand
Fortinet Unveils New Digital Risk Protection Offering
Bugcrowd Expands Pen Testing Solutions with New Platform Services
MORE PRODUCTS & RELEASES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To update your profile, change your e-mail address, or unsubscribe, click here.
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2022  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us