Threat Actors Revive 20-Year-Old Tactic | Several CVEs in Microsoft's Feb. Security Update Require Prompt Attention

Click here to subscribe to Informationweek.com

Categories: Services | Professionals Business goods Financially Kantoor Marketing Retail Retail Industry Machines Age: 14 until 18 year 19 until 30 year 31 until 64 years

2 years ago

Html
Text

"Right-to-left override" spoofing aimed at Microsoft 365 users shows how attackers improve old methods to stay ahead of defenders.

Follow Dark Reading:

February 10, 2022

LATEST SECURITY NEWS & COMMENTARY

Threat Actors Revive 20-Year-Old Tactic in Microsoft 365 Phishing Attacks Recent attacks involving so-called "right-to-left override" spoofing aimed at Microsoft 365 users show how attackers sometimes modify and improve old methods to try and stay one step ahead of defenders. Experts: Several CVEs from Microsoft's February Security Update Require Prompt Attention Microsoft's release of relatively sparse vulnerability information makes it difficult for organizations to prioritize mitigation efforts, security experts say. Linux Malware on the Rise Ransomware, cryptojacking, and a cracked version of the penetration-testing tool Cobalt Strike have increasingly targeted Linux in multicloud infrastructure, report states. Vulnerability Scanning Triples, Leading to Two-Thirds Fewer Flaws Companies are scanning more applications for vulnerabilities — and more often. Russian APT Steps Up Malicious Cyber Activity in Ukraine Actinium/Gameredon's attacks are another reminder of why organizations need to pay additional scrutiny to systems in the region. China-Linked Group Attacked Taiwanese Financial Firms for 18 Months The Antlion group, also known as Pirate Panda and Tropic Trooper, has shifted to targeting mainly Taiwan, using custom backdoors against financial organizations. Log4j and the Role of SBOMs in Reducing Software Security Risk Enterprises are spending a pittance on securing their software supply chain, which makes COTS software dangerous — vulnerabilities can be "hidden" in open source components. Cyber Terrorism Is a Growing Threat & Governments Must Take Action With its benefits of deniability, relatively low costs, and the ability to attack from anywhere, cyber terrorism will increasingly threaten civilians everywhere. Want to Be an Ethical Hacker? Here's Where to Begin By utilizing these resources, beginner hackers can find their specific passions within the cybersecurity space and eventually make their own mark in the ethical hacking profession. Expert Insights: Training the Data Elephant in the AI Room Be aware of the risk of inadvertent data exposure in machine learning systems. Hackers Went Wild in 2021 — Every Company Should Do These 5 Things in 2022 Practical steps companies can take to defend their critical infrastructure and avoid the financial and reputational damage that could result from a breach. Name That Edge Toon: Head of the Table Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card. MORE NEWS / MORE COMMENTARY


HOT TOPICS
Why Security Pros Are Frustrated With Cloud Security As companies shift more operations to the cloud, a shortfall in security talent and too much security data wastes more than half of the time spent on security issues, a survey finds. The 3 Most Common Causes of Data Breaches in 2021 Phishing, smishing, and business email compromise continue to do their dirty work. Log4j: Getting From Stopgap Remedies to Long-Term Solutions This pervasive vulnerability will require continued care and attention to fully remediate and detect permutations. Here are some ways to get started. MORE

EDITORS' CHOICE
Mac Malware-Dropping Adware Gets More Dangerous The authors of UpdateAgent have tweaked it yet again — for the fifth time in less than 18 months. LATEST FROM THE EDGE
7 Red Flags That Can Stop Your Company From Becoming a Unicorn Investors and venture capitalists share the reasons that make them turn away from investing in your security tech. LATEST FROM DR TECHNOLOGY
8 Security Dinosaurs and What Filled Their Footprints Security technology has to evolve as new threats emerge and defenses improve. Here is a look back at the old breeds that are dying out.

Tech Resources

Mitigate the Risk of Ransomware Attacks Against Critical Infrastructure The Case for Zero-Trust Access for the Industrial Internet of Things (IIoT) DAST to the Future Vantage Inspect Next Gen SAST Extended Detection and Response (XDR) - Beginner's Guide SANS 2021 Top New Attacks and Threat Report The Top Emerging Trends in Cryptography for 2022

ACCESS TECH LIBRARY NOW

Strategies For Securing Your Supply Chain

Recent attacks like the zero-day Log4j vulnerability have brought new scrutiny to cyber threats from suppliers and enterprise trading partners. But what does an effective supply-chain security strategy look like? How can you ensure that customers, suppliers, contractors, and ...

Best Practices for Extending Identity & Access Management to the Cloud

Managing and securing user credentials was never easy, and now that they are scattered across cloud platforms, software-as-a-service tools, mobile devices, and on-premises systems, the task has become even more complex. With adversaries increasingly targeting their attention to credential theft, ...

MORE WEBINARS

FEATURED REPORTS

How Enterprises Are Assessing Cybersecurity Risk in Today's Environment Zero Trust in Real Life

MORE REPORTS

CURRENT ISSUE

How Enterprises Are Assessing Cybersecurity Risk in Today's Environment
DOWNLOAD THIS ISSUE	SUBSCRIBE NOW
BACK ISSUES \| MUST READS \| TECH DIGEST

PRODUCTS & RELEASES

Auth0 Credential Guard Detects Breached Passwords to Prevent Account Takeover Qualys Launches Context XDR InterVision Unveils Ransomware Protection as a Service DeepSurface Security Secures $4.5M for Business Expansion SecurityScorecard Acquires LIFARS Mandiant Bolsters SaaS Platform With Integration of New Attack Surface Management Module Tenable Launches Suite of New Features to Cloud-Native Application Security Platform Research From Quantum and ESG Reveals Top Challenges in Data Management Menlo Security Finds Cloud Migration and Remote Work Gives Rise to New Era of Malware, Highly Evasive Adaptive Threats (HEAT) MORE PRODUCTS & RELEASES

Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA

To update your profile, change your e-mail address, or unsubscribe, click here.

To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.

Thoughts about this newsletter? Give us feedback.

Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:

If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.

We take your privacy very seriously. Please review our Privacy Statement.

Share on

Other newsletters from Informationweek.com

Privacy Regulations Changing - Are You Prepared? Informationweek.com
7 hours ago
Fancy Bear 'Nearest Neighbor' Attack Uses Nearby Wi-Fi Network Informationweek.com
20 hours ago
Tell Us About Security in Application Development Informationweek.com
21 hours ago

More newsletters from Informationweek.com

Related newsletters

View other categories

Services | Professionals Business goods Financially Kantoor Marketing Retail Retail Industry Machines