Follow Dark Reading:
 June 30, 2022
LATEST SECURITY NEWS & COMMENTARY
ZuoRAT Hijacks SOHO Routers From Cisco, Netgear
The malware has been in circulation since 2020, with sophisticated, advanced malicious actors taking advantage of the vulnerabilities in SOHO routers as the work-from-home population expands rapidly.
'Raccoon Stealer' Scurries Back on the Scene After Hiatus
Researchers this week said they had observed criminals using a new and improved version of the prolific malware, barely three months after its authors announced they were quitting.
China-Backed APT Pwns Building-Automation Systems With ProxyLogon
The previously unknown state-sponsored group is compromising industrial targets with the ShadowPad malware before burrowing deeper into networks.
New Vulnerability Database Catalogs Cloud Security Issues
Researchers have created a new community website for reporting and tracking security issues in cloud platforms and services — plus fixes for them where available.
Only 3% of Open Source Software Bugs Are Actually Attackable, Researchers Say
A new study says 97% of open source vulnerabilities linked to software supply chain risks are not attackable — but is "attackability" the best method for prioritizing bugs?
Ransomware Volume Nearly Doubles 2021 Totals in a Single Quarter
Like a hydra, every time one ransomware gang drops out (REvil or Conti), plenty more step up to fill the void (Black Basta).
LockBit 3.0 Debuts With Ransomware Bug Bounty Program
LockBit 3.0 promises to 'Make Ransomware Great Again!' with a side of cybercrime crowdsourcing.
Facebook Business Pages Targeted via Chatbot in Data-Harvesting Campaign
The clever, interactive phishing campaign is a sign of increasingly complex social-engineering attacks, researchers warn.
How to Master the Kill Chain Before Your Attackers Do
In the always-changing world of cyberattacks, preparedness is key.
A WAF Is Not a Free Lunch: Teaching the Shift-Left Security Mindset
Developers need to think like WAF operators for security. Start with secure coding and think of Web application firewalls not as a prophylactic but as part of the secure coding test process.
It's a Race to Secure the Software Supply Chain — Have You Already Stumbled?
If you haven't properly addressed the issue, you're already behind. But even if you've had a false start, it's never too late to get back up.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
7 Steps to Stronger SaaS Security
Continuous monitoring is key to keeping up with software-as-a-service changes, but that's not all you'll need to get better visibility into your SaaS security.

Chinese APT Group Likely Using Ransomware Attacks as Cover for IP Theft
Bronze Starlight’s use of multiple ransomware families and its victim-targeting suggest there’s more to the group’s activities than just financial gain, security vendor says.

How to Find New Attack Primitives in Microsoft Azure
Abuse primitives have a longer shelf life than bugs and zero-days and are cheaper to maintain. They're also much harder for defenders to detect and block.

MORE
EDITORS' CHOICE
Patch Now: Linux Container-Escape Flaw in Azure Service Fabric
Microsoft is urging organizations that don't have automatic updates enabled to update to the latest version of Linux Server Fabric to thwart the "FabricScape" cloud bug.
LATEST FROM THE EDGE

Federal, State Agencies' Aid Programs Face Synthetic Identity Fraud
Balancing public service with fraud prevention requires rule revisions and public trust.
LATEST FROM DR TECHNOLOGY

Reinventing How Farming Equipment Is Remotely Controlled and Tracked
Farmers are incorporating high-tech solutions like IoT and drones to address new challenges facing agriculture.
WEBINARS
  • Building and Maintaining Security at the Network Edge

    Advances in networking and new technologies have expanded the possibilities of deploying applications at the network edge. These edge devices bring with them their own security management challenges and risks. How do you scale your security to manage the sheer ...

  • Outsourcing Cybersecurity: A Decision Maker's Guide

    When it comes to cybersecurity, very few enterprises have all the skills and resources they need on staff. On today's market, your enterprise can outsource a wide variety of cyber tasks, from penetration testing to security monitoring to incident response. ...
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
PRODUCTS & RELEASES
Kaspersky Reveals Phishing Emails That Employees Find Most Confusing
Thrive Acquires DSM
Johnson Controls Acquires Tempered Networks to Bring Zero Trust Cybersecurity to Connected Buildings
Palo Alto Networks Bolsters Its Cloud Native Security Offerings With Out-of-Band WAAS
Synopsys Completes Acquisition of WhiteHat Security
MORE PRODUCTS & RELEASES
CURRENT ISSUE

Improving Enterprise Cybersecurity With XDR
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2022  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us