A proof-of-concept exploit allows remote compromises of Spring Web applications.
Follow Dark Reading:
 March 31, 2022
LATEST SECURITY NEWS & COMMENTARY
Zero-Day Vulnerability Discovered in Java Spring Framework
A proof-of-concept exploit allows remote compromises of Spring Web applications.
Nation-State Hackers Ramp Up Ukraine War-Themed Attacks
Among them is the operator of the Ghostwriter misinformation campaign, with a new browser-in-browser phishing technique, according to Google's research team.
Log4j Attacks Continue Unabated Against VMware Horizon Servers
Threat actors are exploiting the vulnerability to drop Web shells and cryptominers, security vendor says.
Indictment of Russian National Offers Glimpse Into Methodical Targeting of Energy Firm
Evgeny Viktorovich Gladkikh tried to cause catastrophic damage to Saudi oil refinery in 2017 via the Triton/Trisis malware, the US has alleged.
Russian Nationals Indicted for Epic Triton/Trisis and Dragonfly Cyberattacks on Energy Firms
Four Russian government employees were charged by the DoJ for attack campaigns targeting hundreds of energy sector companies and organizations in 135 countries, including the US.
Biden Requests Nearly $11B for Federal Cybersecurity Spending
The administration's 2023 IT budget for civilian agencies includes $500 million more for CISA.
Zero-Day Surge Led to More Rapid Exploitation of Bugs in 2021
New vulnerability study shows how "attacker economies of scale" have shaped the risk landscape.
HR Alone Can't Solve the Great Resignation
Here's how IT teams and decision-makers can step up to support the workforce. Creating a culture of feedback and introducing automation can mitigate burnout, inspire employees, and reduce turnover.
Vodafone Portugal: The Attack on Brand Reputations and Public Confidence Through Cybercrime
Companies must prepare effective, data-driven threat-response strategies as they monitor for reputational risks as well as cyberattacks.
How Security Complexity Is Being Weaponized
As environments grow noisier, it becomes easier for attackers to intentionally create distractions.
What the Conti Ransomware Group Data Leak Tells Us
Knowing the inner workings of Conti will not only help ransomware negotiators but also help organizations to better handle a ransomware attack when it happens.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Exploring the Intersection of Physical Security and Cybersecurity
Residential, commercial, and public buildings are getting smarter; fitting them with a network of connected systems allows buildings to regulate their environment, save energy, and be more secure.

Cybercriminals Fighting Over Cloud Workloads for Cryptomining
Whether compromising misconfigured cloud infrastructure or taking advantage of free-tier cloud development platforms, attackers see a vast pool of workloads to use for cryptomining.

Security's Life Cycle Isn't the Developers' Life Cycle
Whether it's PCI-DSS, SSDLC, or GDPR, the criteria that security standards expect businesses to uphold are neither realistic or feasible.

MORE
EDITORS' CHOICE

Pandemic Leaves Firms Scrambling for Cybersecurity Specialists
Companies have trouble retaining workers, with almost two-thirds of business reporting unfilled positions and massive unmet demand for technical cybersecurity professionals, study shows.
LATEST FROM THE EDGE

Could Gaming Close the Cyberskills Gap?
The Wicked6 hackathon helps women to develop their professional cybersecurity skills while networking and playing games.
LATEST FROM DR TECHNOLOGY

Understanding Private 5G LANs in the Enterprise
As the technology matures and costs begin to drop, 5G LAN looks more like a realistic replacement for corporate Wi-Fi networks.
Tech Resources
ACCESS TECH LIBRARY NOW

  • Protecting Industrial Control Systems from Modern Threats

    A 2021 attack on an industrial control system (ICS) at a water treatment plant in a small town in Florida raised eyebrows and surfaced new fears about the risks these kind of systems face. Unfortunately, many ICS systems are working on ...

  • Rethinking Asset Management to Improve Enterprise Security

    One common reason behind many enterprise security breaches is that attackers found a system, application, or device that security teams didn't know they had. Attackers can tamper with these unknown systems to make them look legitimate, and security defenders may ...
MORE WEBINARS
FEATURED REPORTS
  • How Enterprises Plan to Address Endpoint Security Threats in a Post-Pandemic World

    Dark Reading's 2022 Endpoint Security Report examines how IT and cybersecurity professionals are grappling with the impact of pandemic-related changes on endpoint security strategies. The report explores how they are building their endpoint security defenses, and provides insight on what organizations ...

  • How Data Breaches Affect the Enterprise

    Many organizations report that major impacts have declined significantly compared with a year ago, suggesting that many have gotten better at containing breach fallout. Download this report to delve more into this timely topic.
MORE REPORTS
CURRENT ISSUE

Rethinking Endpoint Security in a Pandemic and Beyond
DOWNLOAD THIS ISSUE SUBSCRIBE NOW
BACK ISSUES | MUST READS | TECH DIGEST
PRODUCTS & RELEASES
Cloud Security Architecture Needs to Be Strategic, Realistic, and Based on Risk
CriticalStart Releases Enhanced Capabilities for Microsoft 365 Defender
Cyera Launches From Stealth With $60M to Identify, Secure, and Remediate Cloud Data Security Risks
WiCyS Members Now Have Access to Cyber Defense Challenge Through Target
Darktrace AI Stops Cyberattack Exploiting Log4j Vulnerability at Global Financial Services Provider
Red Canary's Annual Threat Detection Report Reveals Top Threats and Techniques Targeting Most Organizations
MORE PRODUCTS & RELEASES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To update your profile, change your e-mail address, or unsubscribe, click here.
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2022  |   Informa Tech  |   Privacy Statement  |   Terms & Conditions  |  Contact Us