A PRC-aligned actor used a trio of custom malware to take advantage of inherent weaknesses in edge appliances.
Follow Dark Reading:
 June 16, 2023
LATEST SECURITY NEWS & COMMENTARY
Critical Barracuda ESG Zero-Day Linked to Novel Chinese APT
A PRC-aligned actor used a trio of custom malware to take advantage of inherent weaknesses in edge appliances.
'Shampoo' ChromeLoader Variant Difficult to Wash Out
A new version of the infamous browser extension is spreading through files on websites offering pirated wares and leverages unique persistence mechanisms.
Russian APT 'Cadet Blizzard' Behind Ukraine Wiper Attacks
Microsoft says Cadet Blizzard wielded a custom wiper malware in the weeks leading up to Russia's invasion of Ukraine, and it remains capable of wanton destruction.
LockBit Affiliate Arrested, as Extortion Totals Reach $91M Since 2020
A third perp has been fingered, but CISA warns that LockBit variants continue to be a major threat on a global scale.
Free Training's Role in Cybersecurity
It's easy to find free training in cybersecurity, but is free the best option for entering the field?
Borderless Data vs. Data Sovereignty: Can They Co-Exist?
Organizations that remain compliant with data-sovereignty regulations while enabling cross-border data sharing gain significant competitive advantage because they can make quick, agile, and informed decisions.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Microsoft Fixes 69 Bugs, but None Are Zero-Days
The June 2023 Patch Tuesday security update included fixes for a bypass for two previously addressed issues in Microsoft Exchange and a critical elevation of privilege flaw in SharePoint Server.

XSS Vulnerabilities Found in Microsoft Azure Cloud Services
Microsoft quickly issued patches for the two security issues, which could allow unauthorized access to cloud sessions.

How Popular Messaging Tools Instill a False Sense of Security
It's time to include messaging tool security in your cloud security program. Good first steps include tightening filter parameters on Slack and Teams.

Researchers Report First Instance of Automated SaaS Ransomware Extortion
The attack highlights growing interest among threat actors to target data from software-as-a-service providers.

MORE
EDITORS' CHOICE
Russian APT 'Cadet Blizzard' Behind Ukraine Wiper Attacks
Microsoft says Cadet Blizzard wielded a custom wiper malware in the weeks leading up to Russia's invasion of Ukraine, and it remains capable of wanton destruction.
LATEST FROM THE EDGE

How Do I Protect My API Keys From Appearing in Search Results?
A few lines of code can help you prevent accidental exposure, manage sensitive information, and maintain different configurations for various environments.
LATEST FROM DR GLOBAL

Angola Marks Technology Advancements With Cybersecurity Academy Plans
The academy is meant to ensure a safe and strong telecommunication service and information technologies for Angola's citizens, the president said.
LATEST FROM DR TECHNOLOGY

HashiCorp Expands PAM, Secrets Management Capabilities
The new privileged access management and secrets management capabilities tackles access issues and secret sprawl across the cloud environment.
WEBINARS
  • Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy

    Threat intelligence -- collecting data about broad trends in online attacks -- helps security teams improve their defenses by identifying online exploits that have the potential to hit their organizations and to prioritize their security resources accordingly. But how should ...

  • Mastering Endpoint Security: The Power of Least Privilege

    Join us at one of our upcoming live and interactive events we will explore the critical role of least privilege in endpoint security, how it helps to systematically strengthen organization's security posture, and provides a solid foundation for endpoint security ...
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
  • How to Use Threat Intelligence to Mitigate Third-Party Risk

    The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ...

  • Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks

    The most profound change to enterprise security with the rise of remote work is the way endpoint security has moved from last line of defense to being on the frontline. The user's endpoint is the first device attackers encounter, making ...

  • How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment

    Concerns over API security and low-code/no-code use added to an already-full plate of application security challenges for many organizations over the last year. IT and security decision-makers are deeply concerned about compromises resulting from vulnerabilities in the software supply ...
View More Dark Reading Reports >>
PRODUCTS & RELEASES
Keytos Uncovers 15,000 Vulnerable Subdomains per Month in Azure Using Cryptographic Certificates
Coalition Releases Security Vulnerability Exploit Scoring System
Action1 Announces $20M Investment in Its Patch Management Platform
Vulcan Cyber Is a Launch Partner for Wiz Integrations (WIN) Platform
Thales Proposes to Acquire Tesserent, Expanding its Global Cybersecurity Leadership
MORE PRODUCTS & RELEASES
CURRENT ISSUE

How to Use Threat Intelligence to Mitigate Third-Party Risk
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2023  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us