A critical VMware bug tracked as CVE-2022-22954 continues to draw cybercriminal moths to its remote code-execution flame, with recent attacks focused on botnets and Log4Shell.
Follow Dark Reading:
 May 19, 2022
LATEST SECURITY NEWS & COMMENTARY
Critical VMware Bug Exploits Continue, as Botnet Operators Jump In
A critical VMware bug tracked as CVE-2022-22954 continues to draw cybercriminal moths to its remote code-execution flame, with recent attacks focused on botnets and Log4Shell.
Phishing Attacks for Initial Access Surged 54% in Q1
For the first time in a year, security incidents involving email compromises surpassed ransomware incidents, a new analysis shows.
MITRE Creates Framework for Supply Chain Security
System of Trust includes data-driven metrics for evaluating the integrity of software, services, and suppliers.
Google Cloud Aims to Share Its Vetted Open Source Ecosystem
The online giant analyzes, patches, and maintains its own versions of open source software, and now the company plans to give others access to its libraries and components as a subscription.
Open Source Security Gets $30M Boost From Industry Heavy Hitters
Maintainers of open source software (OSS) will gain additional security tools for their own projects, while the developers who use OSS — and about 97% of software does — will gain more data on security.
Log4Shell Exploit Threatens Enterprise Data Lakes, AI Poisoning
A brand-new attack vector lays open enterprise data lakes, threatening grave consequences for AI use cases like telesurgery or autonomous cars.
US Cyber Director: Forging a Cybersecurity Social Contract Is Not Optional
In a Black Hat Asia keynote fireside chat, US national cyber director Chris Inglis outlined his vision of an effective cybersecurity public-private partnership strategy.
Name That Toon: Knives Out
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
How Mobile Networks Have Become a Front in the Battle for Ukraine
Since 2014's annexation of Crimea, Ukrainian mobile operators have taken multiple, proactive steps to defend networks in the country and ensure their resilience.
Needs Improvement: Scoring Biden's Cyber Executive Order
One year after it was issued, has President Biden's Cyber Executive Order had an impact?
Me, My Digital Self, and I: Why Identity Is the Foundation of a Decentralized Future
A decentralized future is a grand ideal, but secure management of private keys is the prerequisite to ensure the integrity of decentralized applications and services.
How Threat Actors Are a Click Away From Becoming Quasi-APTs
As demonstrated in Ukraine and elsewhere, the battlefield for today's warriors extends to the virtual realm with cyber warfare.
US Agrees to International Electronic Cybercrime Evidence Swap
The Budapest Convention is a multinational coalition that agrees to share electronic evidence across international jurisdictions to track down cybercriminals.
iPhones Open to Attack Even When Off, Researchers Say
Wireless chips that run when the iPhone iOS is shut down can be exploited.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
5 Years That Altered the Ransomware Landscape
WannaCry continues to be a reminder of the challenges that organizations face dealing with the ransomware threat.

Mastering the New CISO Playbook
How can you safeguard your organization amid global conflict and uncertainty?

How to Create a Cybersecurity Mentorship Program
As the talent shortage rages on, companies have found mentorship programs to be one of the best ways to obtain the security skills they need to develop their existing teams.

MORE
EDITORS' CHOICE

How to Turn a Coke Can Into an Eavesdropping Device
Cyber-researchers are testing the bounds of optical attacks with a technique that allows attackers to recover voice audio from meetings if there are shiny, lightweight objects nearby.
LATEST FROM THE EDGE

Threat Actors Are Stealing Data Now to Decrypt When Quantum Computing Comes
The technique, called store-now, decrypt later (SNDL), means organizations need to prepare now for post-quantum cryptography.
LATEST FROM DR TECHNOLOGY

Enhancing DLP With Natural Language Understanding for Better Email Security
Natural language understanding is well-suited for scanning enterprise email to detect and filter out spam and other malicious content. Armorblox introduces a data loss prevention service to its email security platform using NLU.

Tech Resources
ACCESS TECH LIBRARY NOW

  • Harnessing the Power of Security Automation

    With many organizations pinched for both dollars and manpower, security and IT teams are turning to a new class of technology and practices designed to automate repetitive and time-consuming tasks in security operations. How can companies truly unleash the potential ...

  • Building an Effective Active Directory Security Strategy

    For cyber criminals, Microsoft's Active Directory is a treasure trove of user identity and system access. But while Active Directory is a potential attack vector, it can also play a crucial role in enterprise cyber defenses. In this webinar, experts ...

MORE WEBINARS
FEATURED REPORTS
MORE REPORTS
CURRENT ISSUE
DOWNLOAD THIS ISSUE SUBSCRIBE NOW
BACK ISSUES | MUST READS | TECH DIGEST
PRODUCTS & RELEASES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To update your profile, change your e-mail address, or unsubscribe, click here.
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.