Dark Reading Daily -- June 19, 2023

Follow Dark Reading:

June 19, 2023

LATEST SECURITY NEWS & COMMENTARY

Third MOVEit Transfer Vulnerability Disclosed by Progress Software

MOVEit has created a patch to fix the issue and urges customers to take action to protect their environments, as Cl0p attacks on the service continue to mount.

Killnet Threatens Imminent SWIFT, World Banking Attacks

The DDoS collective claims to be teaming up with ReVIL and Anonymous Sudan for destructive financial attacks in retaliation for US aid in Ukraine, but the partnerships (and danger) are far from verified.

Attackers Create Synthetic Security Researchers to Steal IP

Threat groups created a fake security company, "High Sierra," with faux exploits and fake profiles for security researchers on GitHub and elsewhere, aiming to get targets to install their malware.

Cybercrime Doesn't Take a Vacation

Organizations need to prepare for security threats as summer holidays approach.

HashiCorp Expands PAM, Secrets Management Capabilities

The new privileged access management and secrets management capabilities tackles access issues and secret sprawl across the cloud environment.

MORE NEWS / MORE COMMENTARY


HOT TOPICS
'Shampoo' ChromeLoader Variant Difficult to Wash Out A new version of the infamous browser extension is spreading through files on websites offering pirated wares and leverages unique persistence mechanisms. Russian APT 'Cadet Blizzard' Behind Ukraine Wiper Attacks Microsoft says Cadet Blizzard wielded a custom wiper malware in the weeks leading up to Russia's invasion of Ukraine, and it remains capable of wanton destruction. Free Training's Role in Cybersecurity It's easy to find free training in cybersecurity, but is free the best option for entering the field? Borderless Data vs. Data Sovereignty: Can They Co-Exist? Organizations that remain compliant with data-sovereignty regulations while enabling cross-border data sharing gain significant competitive advantage because they can make quick, agile, and informed decisions. MORE

EDITORS' CHOICE

Critical Barracuda ESG Zero-Day Linked to Novel Chinese APT

A PRC-aligned actor used a trio of custom malware to take advantage of inherent weaknesses in edge appliances.

LATEST FROM THE EDGE

The Infrastructure Security Engineer Is a Unicorn Among Thoroughbreds

This new role safeguarding cloud deployments requires an exceedingly rare set of technical and soft skills.

LATEST FROM DR GLOBAL

Dodgy Microlending Apps Stalk MEA Users, Highlighting Cyber Maturity Gaps

Mobile users in the Middle East and Africa often download moneylending apps that ask for excessive permissions — an all too common issue in an area where mobile-only is the norm and cyber awareness is low.

LATEST FROM DR TECHNOLOGY

Getting Over the DNS Security Awareness Gap

To properly secure DNS infrastructure, organizations need strong security hygiene around DNS infrastructure and records management as well as closely monitoring and filtering DNS traffic.

WEBINARS

Finding the Right Role for Identity and Access Management in Your Enterprise
End user credentials are essential to enabling your employees to gain access to the data and applications they need. Those credentials are also one of the most prized targets that attackers hope to gain. To enable user access and prevent ...
Secrets to a Successful Managed Security Service Provider Relationship
Sometimes, the security team you have just isn't enough. To help keep up with security threats 24/7 - and to bolster skills the team may not have -- many enterprises are working with managed security service providers (MSSPs) and security providers ...

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
Everything You Need to Know About DNS Attacks
How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment
Concerns over API security and low-code/no-code use added to an already-full plate of application security challenges for many organizations over the last year. IT and security decision-makers are deeply concerned about compromises resulting from vulnerabilities in the software supply ...

View More Dark Reading Reports >>

PRODUCTS & RELEASES

Security LeadHER Wraps Groundbreaking Inaugural Conference for Women in Security

Coalition Releases Security Vulnerability Exploit Scoring System

Keytos Uncovers 15,000 Vulnerable Subdomains per Month in Azure Using Cryptographic Certificates

Action1 Announces $20M Investment in Its Patch Management Platform

MORE PRODUCTS & RELEASES

CURRENT ISSUE

How to Use Threat Intelligence to Mitigate Third-Party Risk
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES

Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA

To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.

Thoughts about this newsletter? Give us feedback.

Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:

If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.

We take your privacy very seriously. Please review our Privacy Statement.

How to Use Threat Intelligence to Mitigate Third-Party Risk