Researchers had discovered that Microsoft's original mitigation steps for the so-called "ProxyNotShell" flaws was easily bypassed.
Follow Dark Reading:
 October 06, 2022
LATEST SECURITY NEWS & COMMENTARY
Microsoft Updates Mitigation for Exchange Server Zero-Days
Researchers had discovered that Microsoft's original mitigation steps for the so-called "ProxyNotShell" flaws was easily bypassed.
First 72 Hours of Incident Response Critical to Taming Cyberattack Chaos
Responding to cyberattacks is extraordinarily stressful, but better planning, frequent practice, and the availability of mental health services can help IR professionals, a survey finds.
RatMilad Spyware Scurries onto Enterprise Android Phones
A novel mobile malware found lurking behind a phone-spoofing app is being distributed via Telegram and a dedicated website, in a broad operation to monitor corporate victims.
Vice Society Publishes LA Public School Student Data, Psych Evals
After a flat refusal to pay the ransom, Los Angeles Unified School District's stolen data has been dumped on the Dark Web by a ransomware gang.
Microsoft Confirms Pair of Blindsiding Exchange Zero-Days, No Patch Yet
The "ProxyNotShell" security vulnerabilities can be chained for remote code execution and total takeover of corporate email platforms.
CISA: Multiple APT Groups Infiltrate Defense Organization
Advanced attackers gained access to Microsoft Exchange services, conducted searches of email, and used an open source toolkit to collect data from the network for nearly a year.
Reshaping the Threat Landscape: Deepfake Cyberattacks Are Here
It's time to dispel notions of deepfakes as an emergent threat. All the pieces for widespread attacks are in place and readily available to cybercriminals, even unsophisticated ones.
Relentless Russian Cyberattacks on Ukraine Raise Important Policy Questions
Microsoft cybersecurity executive John Hewie explained cyberwar developments and what they mean for Western democratic policy going forward.
Dangerous New Attack Technique Compromising VMware ESXi Hypervisors
China-based threat actor used poisoned vSphere Installation Bundles to deliver multiple backdoors on systems, security vendor says.
Former NSA Employee Faces Death Penalty for Selling Secrets
Suspect allegedly thought he was swapping secrets with a foreign government for crypto — but the contact turned out to be an FBI agent.
Capital One Phish Showcases Growing Bank-Brand Targeting Trend
Capital One lures leveraged the bank's new partnership with Authentify, showing that phishers watch the headlines, and take advantage.
How AWS, Cisco, Netflix & SAP Are Approaching Cybersecurity Awareness Month
This year's theme is "See Yourself in Cyber," and these security folks are using the month to reflect on the personal factor in cybersecurity.
Ransomware 3.0: The Next Frontier
Attackers are already circling back to reselling stolen data instead of — and in addition to — extortion.
With the Software Supply Chain, You Can't Secure What You Don't Measure
Reports to the National Vulnerability Database jumped in 2022, but we should pay just as much attention to the flaws that are not being reported to NVD, including those affecting the software supply chain.
Workforce Data Privacy in the Modern Work Era
It takes culture as well as individual and corporate responsibilities to ensure workforce data privacy and compliance.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Why the US Should Help Secure Mexican Infrastructure — and What It Gets in Return
Call it cross-border enlightened self-interest: As one of the US's premier trade partners and closest neighbors, what's bad for Mexico is bad for the US.

Expert Insights: How to Protect Sensitive Machine-Learning Training Data Without Borking It
Another element of ML security is the data used to train the machine learning system itself.

Why Don't CISOs Trust Their Employees?
Executives fear "malicious insiders" as top cyber threat to companies, research shows. Reasonable steps to secure and monitor systems may prevent reputational damage but are not enough.

MORE
EDITORS' CHOICE
7 IoT Devices That Make Security Pros Cringe
A look at everything from truly dumb smart devices to cool-looking IoT tech with huge cybersecurity and privacy implications.
LATEST FROM THE EDGE

3 Reasons Why BEC Scams Work in Real Estate
Identity verification could be the key to fighting back and building trust in an industry beset with high-stakes fraud.
LATEST FROM DR TECHNOLOGY

Intel Hardens Confidential Computing With Project Amber Updates
The chip giant has developed new features and services to make it tougher for malicious hackers and insiders to access sensitive data from applications in the cloud.
WEBINARS
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
PRODUCTS & RELEASES
More Than 30% of All Malicious Attacks Target Shadow APIs
Organizations Finding the Need for New Approaches on the Cybersecurity Front, CompTIA research reveals
Veristor Partners with SANS Security Awareness to Deliver Employee Security Awareness Training
Aryaka Delivers Zero-Trust WAN Based on Unified SASE Architecture
YouMail, Inc. and WMC Global Partner to Deliver Voice and SMS Phishing Disruption Services
Israel Cybersecurity Enterprise (ICE) Teams with CybeReady to Deliver World-Class Security Training
Safous Adds Browser Isolation to Its Zero-Trust Network Access Service
Cyera Survey Finds One in Three Respondents Want to Minimize Cloud Data Risk
Eclypsium Raises Series B to Protect Digital Supply Chain As Attacks Grow
MORE PRODUCTS & RELEASES
CURRENT ISSUE

How Machine Learning, AI & Deep Learning Improve Cybersecurity
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2022  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us