In Microsoft's lightest Patch Tuesday update of the year so far, several security vulnerabilities stand out as must-patch, researchers warn.
Follow Dark Reading:
 September 15, 2022
LATEST SECURITY NEWS & COMMENTARY
Microsoft Quashes Actively Exploited Zero-Day, Wormable Critical Bugs
In Microsoft's lightest Patch Tuesday update of the year so far, several security vulnerabilities stand out as must-patch, researchers warn.
TeamTNT Hits Docker Containers via 150K Malicious Cloud Image Pulls
Honeypot activity exposed two credentials that the threat actor is using to host and distribute malicious container images, security vendor says.
SparklingGoblin Updates Linux Version of SideWalk Backdoor in Ongoing Cyber Campaign
Researchers link the APT to an attack on a Hong Kong university, which compromised multiple key servers using advanced Linux malware.
Attackers Exploit Zero-Day WordPress Plug-in Vulnerability in BackupBuddy
The critical flaw in BackupBuddy is one of thousands of security issues reported in recent years in products that WordPress sites use to extend functionality.
Microsoft, Cloud Providers Move to Ban Basic Authentication
Microsoft moves ahead with a plan to sunset basic authentication, and other providers are moving — or have moved — to requiring more secure authentication as well. Is your company ready?
Vulnerability Exploits, Not Phishing, Are the Top Cyberattack Vector for Initial Compromise
A slew of Microsoft Exchange vulnerabilities (including ProxyLogon) fueled a surge in attacks targeting software flaws in 2021, but the trend has continued this year.
Lorenz Ransomware Goes After SMBs via Mitel VoIP Phone Systems
The ransomware gang has been seen exploiting a Mitel RCE flaw discovered in VoIP devices in April (and patched in July) to perform double-extortion attacks.
LockBit, ALPHV & Other Ransomware Gang Leak Sites Hit by DDoS Attacks
A sweeping effort to prevent a raft of targeted cybercrime groups from posting ransomware victims' data publicly is hampering their operations, causing outages.
Cisco Data Breach Attributed to Lapsus$ Ransomware Group
Analysis shows attackers breached employee credentials with voice phishing and were preparing a ransomware attack against Cisco Systems.
Monti, the New Conti: Ransomware Gang Uses Recycled Code
A new group, Monti, appears to have used leaked Conti code, TTPs, and infrastructure approaches to launch its own ransomware campaign.
Name That Toon: Shiver Me Timbers!
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
Why Ports Are at Risk of Cyberattacks
More docked ships bring a new challenge. The longer a ship is docked, the more vulnerable the port is to a cyberattack.
To Ease the Cybersecurity Worker Shortage, Broaden the Candidate Pipeline
With enough passion, intelligence, and effort, anyone can be a successful cybersecurity professional, regardless of education or background.
Everything You Need To Know About BlackCat (AlphaV)
A relative newcomer to the ransomware scene, the BlackCat group quickly gained notoriety and may be associated with other APT groups like Conti and DarkSide.
5 Keys to Better Key Management
From analyzing your company's risk profile to knowing where keys are stored and who can access them, prioritize key clean-up and management. Make compliance an outcome and develop a risk management strategy.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Darktrace Shares Plunge After Thoma Bravo Acquisition Falls Apart
No agreement could be reached on terms of a firm offer, the provider of AI-based cybersecurity products says.

Security Awareness Training Must Evolve to Align With Growing E-Commerce Security Threats
Users must continually be made aware of new threats, including attacks targeting shipping, the supply chain, email, and hybrid workers.

Business Security Starts With Identity
How identity-centric security can support business objectives.

MORE
EDITORS' CHOICE
Attackers Can Compromise Most Cloud Data in Just 3 Steps
An analysis of cloud services finds that known vulnerabilities typically open the door for attackers, while insecure cloud architectures allow them to gain access to the crown jewels.
LATEST FROM THE EDGE

Zane Lackey: 'Technology Is the Easy Bit'
Security Pro File: The DevOps evangelist and angel investor shares his expertise with the next generation of startups. If you're lucky, maybe he'll even share his Lagavulin.
LATEST FROM DR TECHNOLOGY

A Pragmatic Response to the Quantum Threat
You certainly don't need to panic, but you do need to form a plan to prepare for the post-quantum reality.
WEBINARS
  • Using Zero Trust to Protect Remote and Home Workers

    When COVID-19 hit, many organizations attempted to implement Zero Trust environments to protect their data from online threats presented by unsecured home office equipment. But these efforts were often temporary and not particularly effective. In this webinar, experts offer a ...

  • Emerging Cyber Vulnerabilities That Every Enterprise Should Know About

    Every day, black hat attackers and white hat researchers are discovering new security vulnerabilities in widely-used systems and applications that might be exploited to compromise your data. Are you aware of the newest-and potentially most impactful-vulnerabilities that have been discovered/...
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
PRODUCTS & RELEASES
Cybersecurity Awareness Campaigns: How Effective Are They in Changing Behavior?
Opus Security Emerges from Stealth with $10M in Funding for Cloud SecOps and Remediation Processes
Gartner Survey Shows 75% of Organizations Are Pursuing Security Vendor Consolidation in 2022
Arcserve Independent Global Study Finds Businesses Still Losing Mission-Critical Company Data
Google Completes Acquisition of Mandiant
SaaS Alerts Secures $22M Investment from Insight Partners to Scale SaaS Security Monitoring and Response Platform
MORE PRODUCTS & RELEASES
CURRENT ISSUE

The State of Supply Chain Threats
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2022  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us