"Right-to-left override" spoofing aimed at Microsoft 365 users shows how attackers improve old methods to stay ahead of defenders.
Follow Dark Reading:
 February 10, 2022
LATEST SECURITY NEWS & COMMENTARY
Threat Actors Revive 20-Year-Old Tactic in Microsoft 365 Phishing Attacks
Recent attacks involving so-called "right-to-left override" spoofing aimed at Microsoft 365 users show how attackers sometimes modify and improve old methods to try and stay one step ahead of defenders.
Experts: Several CVEs from Microsoft's February Security Update Require Prompt Attention
Microsoft's release of relatively sparse vulnerability information makes it difficult for organizations to prioritize mitigation efforts, security experts say.
Linux Malware on the Rise
Ransomware, cryptojacking, and a cracked version of the penetration-testing tool Cobalt Strike have increasingly targeted Linux in multicloud infrastructure, report states.
Vulnerability Scanning Triples, Leading to Two-Thirds Fewer Flaws
Companies are scanning more applications for vulnerabilities — and more often.
Russian APT Steps Up Malicious Cyber Activity in Ukraine
Actinium/Gameredon's attacks are another reminder of why organizations need to pay additional scrutiny to systems in the region.
China-Linked Group Attacked Taiwanese Financial Firms for 18 Months
The Antlion group, also known as Pirate Panda and Tropic Trooper, has shifted to targeting mainly Taiwan, using custom backdoors against financial organizations.
Log4j and the Role of SBOMs in Reducing Software Security Risk
Enterprises are spending a pittance on securing their software supply chain, which makes COTS software dangerous — vulnerabilities can be "hidden" in open source components.
Cyber Terrorism Is a Growing Threat & Governments Must Take Action
With its benefits of deniability, relatively low costs, and the ability to attack from anywhere, cyber terrorism will increasingly threaten civilians everywhere.
Want to Be an Ethical Hacker? Here's Where to Begin
By utilizing these resources, beginner hackers can find their specific passions within the cybersecurity space and eventually make their own mark in the ethical hacking profession.
Expert Insights: Training the Data Elephant in the AI Room
Be aware of the risk of inadvertent data exposure in machine learning systems.
Hackers Went Wild in 2021 — Every Company Should Do These 5 Things in 2022
Practical steps companies can take to defend their critical infrastructure and avoid the financial and reputational damage that could result from a breach.
Name That Edge Toon: Head of the Table
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Why Security Pros Are Frustrated With Cloud Security
As companies shift more operations to the cloud, a shortfall in security talent and too much security data wastes more than half of the time spent on security issues, a survey finds.

The 3 Most Common Causes of Data Breaches in 2021
Phishing, smishing, and business email compromise continue to do their dirty work.

Log4j: Getting From Stopgap Remedies to Long-Term Solutions
This pervasive vulnerability will require continued care and attention to fully remediate and detect permutations. Here are some ways to get started.

MORE
EDITORS' CHOICE

Mac Malware-Dropping Adware Gets More Dangerous
The authors of UpdateAgent have tweaked it yet again — for the fifth time in less than 18 months.
LATEST FROM THE EDGE

7 Red Flags That Can Stop Your Company From Becoming a Unicorn
Investors and venture capitalists share the reasons that make them turn away from investing in your security tech.
LATEST FROM DR TECHNOLOGY

8 Security Dinosaurs and What Filled Their Footprints
Security technology has to evolve as new threats emerge and defenses improve. Here is a look back at the old breeds that are dying out.
Tech Resources
ACCESS TECH LIBRARY NOW

  • Strategies For Securing Your Supply Chain

    Recent attacks like the zero-day Log4j vulnerability have brought new scrutiny to cyber threats from suppliers and enterprise trading partners. But what does an effective supply-chain security strategy look like? How can you ensure that customers, suppliers, contractors, and ...

  • Best Practices for Extending Identity & Access Management to the Cloud

    Managing and securing user credentials was never easy, and now that they are scattered across cloud platforms, software-as-a-service tools, mobile devices, and on-premises systems, the task has become even more complex. With adversaries increasingly targeting their attention to credential theft, ...
MORE WEBINARS
FEATURED REPORTS
MORE REPORTS
CURRENT ISSUE

How Enterprises Are Assessing Cybersecurity Risk in Today's Environment
DOWNLOAD THIS ISSUE SUBSCRIBE NOW
BACK ISSUES | MUST READS | TECH DIGEST
PRODUCTS & RELEASES
Auth0 Credential Guard Detects Breached Passwords to Prevent Account Takeover
Qualys Launches Context XDR
InterVision Unveils Ransomware Protection as a Service
DeepSurface Security Secures $4.5M for Business Expansion
SecurityScorecard Acquires LIFARS
Mandiant Bolsters SaaS Platform With Integration of New Attack Surface Management Module
Tenable Launches Suite of New Features to Cloud-Native Application Security Platform
Research From Quantum and ESG Reveals Top Challenges in Data Management
Menlo Security Finds Cloud Migration and Remote Work Gives Rise to New Era of Malware, Highly Evasive Adaptive Threats (HEAT)
MORE PRODUCTS & RELEASES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To update your profile, change your e-mail address, or unsubscribe, click here.
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2022  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us