Attackers Heavily Targeting VPN Vulnerabilities

[TechWeb]( Follow Dark Reading: [RSS]( April 22, 2021 LATEST SECURITY NEWS & COMMENTARY [Attackers Heavily Targeting VPN Vulnerabilities]( Threat actors like attacking the technology because they provide a convenient entry point to enterprise networks. [Zero-Day Flaws in SonicWall Email Security Tool Under Attack]( Three zero-day vulnerabilities helped an attacker install a backdoor, access files and emails, and move laterally into a target network. [Business Email Compromise Costs Businesses More Than Ransomware]( Ransomware gets the headlines, but business paid out $1.8 billion last year to resolve BEC issues, according to an FBI report. [How to Attack Yourself Better in 2021]( Social engineering pen testing is just one step in preventing employees from falling victim to cybercriminals. [Rapid7 Acquires Velociraptor Open Source Project]( The company plans to use Velociraptor's technology and insights to build out its own incident response capabilities. [Justice Dept. Creates Task Force to Stop Ransomware Spread]( One goal of the group is to take down the criminal ecosystem that enables ransomware, officials say. [MORE NEWS & COMMENTARY]( HOT TOPICS [Microsoft Uses Machine Learning to Predict Attackers' Next Steps]( Researchers build a model to attribute attacks to specific groups based on tactics, techniques, and procedures, and then figure out their next move. [Bolstering Our Nation's Defenses Against Cybersecurity Attacks]( Shawn Henry, former Executive Assistant Director of the FBI and current CrowdStrike president of services and CSO, shares the top three cybersecurity priorities that the Biden administration needs to address. [6 Tips for Managing Operational Risk in a Downturn]( Many organizations adjust their risk appetite in an economic downturn, as risk is expanded to include supplier and customer insolvency, not to mention cash-flow changes. [MORE]( EDITORS' CHOICE [7 Security Strategies as Employees Return to the Office]( More sooner than later, employees will be making their way back to the office. Here's how security pros can plan for the next new normal. [Attackers Compromised Code-Checking Vendor's Tool for Two Months]( A script used to upload sensitive reports-with access to credentials and datastores-likely sent information on hundreds, possibly thousands, of companies to attackers. LATEST FROM THE EDGE [7 Old IT Things Every New InfoSec Pro Should Know]( Beneath all those containers and IoT devices, there's a rich patchwork of gear, protocols, and guidelines that have been holding it together since before you were born. Knowledge of those fundamentals is growing more valuable, not less. Tech Resources - [What Elite Threat Hunters See That Others Miss: Case Study]( - [How to Optimize Your Windows 10 Defense Strategy]( - [Top Threats to Cloud Computing: The Egregious 11]( - [SANS Institute Survey: The State of Cloud Security]( - [A New Take on Cloud Shared Responsibility]( - [IDC Market Share: How the Network Is Used to Unmask the Adversary]( - [Simplify Your Application Security]( [ACCESS TECH LIBRARY NOW]( - [Making XDR Work in Your Enterprise - Dark Reading]( In this Dark Reading webinar, experts discuss the real-life implementation issues surrounding emerging detection and response technologies. You'll learn how these emerging technologies can be integrated with your existing cybersecurity tools, and how XDR technology might affect your cybersecurity operations ... - [Keys to Better Cyber Risk Assessment]( At this Dark Reading webinar, learn about the costs associated with today's threats and data breaches, how to measure current threats, and how to quantify the risks to your organization, so that you can implement the tools and processes to ... [MORE WEBINARS]( FEATURED REPORTS - [Improving Security by Moving Beyond VPN]( - [Accelerate Threat Resolutions with DNS]( [MORE REPORTS]( CURRENT ISSUE [2021 Top Enterprise IT Trends]( [DOWNLOAD THIS ISSUE]( [SUBSCRIBE NOW]( [BACK ISSUES]( | [MUST READS]( | [TECH DIGEST]( PRODUCTS & RELEASES [Mandiant Advantage Expands SaaS platform with New Mandiant Automated Defense Module]( [Cynet Activates Competitive Replacement Program for Customers Migrating to Cynet 360 XDR Platform]( [Former Google Security Execs Join Red Canary]( [MORE PRODUCTS & RELEASES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech 303 Second St., Suite 900 South Tower, San Francisco, CA 94107 To update your profile, change your e-mail address, or unsubscribe, [click here.]( To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:customerservice_informationhub@techweb.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2021]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:customerservice_informationhub@techweb.com)