"HavanaCrypt" is also using a command-and-control server that is hosted on a Microsoft Hosting Service IP address, researchers say.
Follow Dark Reading:
 July 14, 2022
LATEST SECURITY NEWS & COMMENTARY
Fake Google Software Updates Spread New Ransomware
"HavanaCrypt" is also using a command-and-control server that is hosted on a Microsoft Hosting Service IP address, researchers say.
Microsoft Issues Fixes for 84 Vulnerabilities: Here's What to Patch Now
July's security update included fixes for one actively exploited flaw, more than 30 bugs in Azure Site Recovery, and four privilege escalation bugs in Windows Print Spooler.
Researchers Devise New Speculative Execution Attacks Against Some Intel, AMD CPUs
"Retbleed" bypasses a commonly used mechanism for protecting against a certain kind of side-channel attack.
China's Tonto Team APT Ramps Up Spy Operations Against Russia
In a significant spike of activity, the state-sponsored group is going after intelligence on Russian government agencies.
Don't Have a COW: Containers on Windows and Other Container-Escape Research
Several pieces of Black Hat USA research will explore container design weaknesses and escalation of privilege attacks that can lead to container escapes.
New Phishing Attacks Shame, Scare Victims into Surrendering Twitter, Discord Credentials
Scams pressure victims to "resolve an issue that could impact their status, business."
Inside NIST's 4 Crypto Algorithms for a Post-Quantum World
With the world potentially less than a decade away from breaking current encryption around critical data, researchers weigh in on planning for the post-quantum world.
Buggy 'Log in With Google' API Implementation Opens Crypto Wallets to Account Takeover
Improper implementations of authentication APIs at a global crypto wallet service provider could have resulted in the loss of account control — and millions of dollars — from personal and business accounts.
Zero Trust Bolsters Our National Defense Against Rising Cyber Threats
The Colonial Pipeline and JBS attacks, among others, showed us our national resilience is only as strong as public-private sector collaboration.
Understanding the Omdia Threat Detection Data Life Cycle
Data quality is key in an effective TDIR solution. Omdia's threat detection data life cycle highlights the considerations for effective data-driven threat detection.
Diversity in Cybersecurity: Fostering Gender-Inclusive Teams That Perform Better
Proactive steps in recruiting women to cybersecurity teams, along with policies focused on diversity, equity, and inclusion, help make cybersecurity teams more effective. Addressing specific barriers that female candidates face will make those teams more inclusive and more representative.
How Confidential Computing Locks Down Data, Regardless of Its State
Whether data's in motion, at rest, or in use, confidential computing makes moving workloads to the public cloud safer, and can enhance data security in other deployments.
Keep Humans in the Loop in SOC Operations
Machine learning and automation can help free up security pros for higher-value tasks.
MacOS Bug Could Let Malicious Code Break Out of Application Sandbox
Microsoft reveals now-fixed flaw in Apple's App Sandbox controls could allow attackers to escalate device privileges and deploy malware.
Microsoft: 10,000 Orgs Targeted in Phishing Attack That Bypasses Multifactor Authentication
The massive phishing campaign does not exploit a vulnerability in MFA. Instead, it spoofs an Office 365 authentication page to steal credentials.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
ICYMI: Critical Cisco RCE Bug, Microsoft Breaks Down Hive, SHI Cyberattack
Dark Reading's digest of the other don't-miss stories of the week, including a new ransomware targeting QNAP gear, and a destructive attack against the College of the Desert that lingers on.

5 Traits That Differentiate CISOs From CIROs
Chief information risk officers must have a keen understanding of — and interaction with — the business.

3 Golden Rules of Modern Third-Party Risk Management
It's time to expand the approach of TPRM solutions so risk management is more effective in the digital world.

MORE
EDITORS' CHOICE
Microsoft Reverses Course on Blocking Office Macros by Default
Security experts criticize company for reversing course, albeit temporarily, on a decision it made just this February to block macros in files downloaded from the Internet.
LATEST FROM THE EDGE

Accessible Cybersecurity Awareness Training Reduces Your Risk of Cyberattack
If you're not teaching all of your employees proper security hygiene, you are leaving the door open to risk. Close that door by providing accessible training.
LATEST FROM DR TECHNOLOGY

Evolving Beyond the Password: Vanquishing the Password
Using WebAuthn, physical keys, and biometrics, organizations can adopt more advanced passwordless MFA and true passwordless systems.

WEBINARS
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
PRODUCTS & RELEASES
Omdia: Sustainability Ranks Top on Data Center Operators’ Agendas Despite Cost and Reliability Barriers
Deloitte Launches Zero Trust Access, a New Managed Security Service
Privitar Announces Kormoon Acquisition, Extending Data Privacy and Provisioning Capabilities
New Research Reveals 93% of Organizations Surveyed Have Had Failed IIoT/OT Security Projects
US Government and QuSecure Orchestrate First-Ever Post-Quantum Encryption Communication over a Government Network
Exostar Empowers SMBs with Enhanced, Low-Cost, Easy-to-Use Microsoft 365 and CMMC 2.0 Solutions
Core Security by HelpSystems Introduces New Ransomware Simulator
MORE PRODUCTS & RELEASES
CURRENT ISSUE

Improving Enterprise Cybersecurity With XDR
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2022  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us