US Formally Attributes SolarWinds Attack to Russia | Attackers Heavily Targeting VPN Vulnerabilities

[TechWeb]( Follow Dark Reading: [RSS]( April 22, 2021 LATEST SECURITY NEWS & COMMENTARY [US Formally Attributes SolarWinds Attack to Russian Intelligence Agency]( Treasury Department slaps sanctions on IT security firms that it says supported Russia's Foreign Intelligence Service carry out the attacks. [Pulse Secure VPN Flaws Exploited to Target US Defense Sector]( China-linked attackers have used vulnerabilities in the Pulse Secure VPN appliance to attack US Defense Industrial Base networks. [Nearly Half of All Malware Is Concealed in TLS-Encrypted Communications]( Forty-six percent of all malware uses the cryptographic protocol to evade detection, communicate with attacker-controlled servers, and to exfiltrate data, new study shows. [Attackers Heavily Targeting VPN Vulnerabilities]( Threat actors like attacking the technology because they provide a convenient entry point to enterprise networks. [White House Scales Back Response to SolarWinds & Exchange Server Attacks]( Lessons learned from the Unified Coordination Groups will be used to inform future response efforts, a government official says. [Security Gaps in IoT Access Control Threaten Devices and Users]( Researchers spot problems in how IoT vendors delegate device access across multiple clouds and users. [How the Biden Administration Can Make Digital Identity a Reality]( A digital identity framework is the answer to the US government's cybersecurity dilemma. [Lazarus Group Uses New Tactic to Evade Detection]( Attackers conceal malicious code within a BMP file to slip past security tools designed to detect embedded objects within images. [Attackers Test Weak Passwords in Purple Fox Malware Attacks]( Researchers share a list of passwords that Purple Fox attackers commonly brute force when targeting the SMB protocol. [Name That Toon: Greeting, Earthlings]( Caption time! Come up with something out of this world for Dark Reading's latest contest, and our panel of experts will reward the winner with a $25 Amazon gift card. [MORE NEWS & COMMENTARY]( HOT TOPICS [Attackers Compromised Code-Checking Vendor's Tool for Two Months]( A script used to upload sensitive reports-with access to credentials and datastores-likely sent information on hundreds, possibly thousands, of companies to attackers. [SolarWinds: A Catalyst for Change & a Cry for Collaboration]( Cybersecurity is more than technology or safeguards like zero trust; mostly, it's about collaboration. [Beware the Bug Bounty]( In recent months, bug-bounty programs have shifted from mitigating risk to inadvertently creating new liabilities for customers and vendors. [MORE]( EDITORS' CHOICE [10 Free Security Tools at Black Hat Asia 2021]( Researchers are set to demonstrate a plethora of tools for conducting pen tests, vulnerability assessments, data forensics, and a wide range of other use cases. [2020 Changed Identity Forever; What's Next?]( For all the chaos the pandemic caused, it also sparked awareness of how important an identity-centric approach is to securing today's organizations. LATEST FROM THE EDGE [7 Old IT Things Every New InfoSec Pro Should Know]( Beneath all those containers and IoT devices, there's a rich patchwork of gear, protocols, and guidelines that have been holding it together since before you were born. Knowledge of those fundamentals is growing more valuable, not less. Tech Resources - [What Elite Threat Hunters See That Others Miss: Case Study]( - [How to Optimize Your Windows 10 Defense Strategy]( - [Top Threats to Cloud Computing: The Egregious 11]( - [Lessons Learned Investigating the SUNBURST Software Supply Chain Attack]( - [Gartner: Hype Cycle for Security Operations]( - [The 2021 Threat Hunting Report]( - [ITSM for the Enterprise - What Makes it Work?]( [ACCESS TECH LIBRARY NOW]( - [Making XDR Work in Your Enterprise - Dark Reading]( In this Dark Reading webinar, experts discuss the real-life implementation issues surrounding emerging detection and response technologies. You'll learn how these emerging technologies can be integrated with your existing cybersecurity tools, and how XDR technology might affect your cybersecurity operations ... - [Keys to Better Cyber Risk Assessment]( At this Dark Reading webinar, learn about the costs associated with today's threats and data breaches, how to measure current threats, and how to quantify the risks to your organization, so that you can implement the tools and processes to ... [MORE WEBINARS]( FEATURED REPORTS - [Improving Security by Moving Beyond VPN]( - [Accelerate Threat Resolutions with DNS]( [MORE REPORTS]( CURRENT ISSUE [2021 Top Enterprise IT Trends]( [DOWNLOAD THIS ISSUE]( [SUBSCRIBE NOW]( [BACK ISSUES]( | [MUST READS]( | [TECH DIGEST]( PRODUCTS & RELEASES [Netacea Releases "Buying Bad Bots Wholesale: The Genesis Market" Report]( [Mandiant Advantage Expands SaaS platform with New Mandiant Automated Defense Module]( [Former Google Security Execs Join Red Canary]( [Cynet Activates Competitive Replacement Program for Customers Migrating to Cynet 360 XDR Platform]( [Sift Streamlines Digital Trust & Safety Suite to Protect Merchants Against the Fraud Economy]( [MITRE Engenuity Announces Results from Evaluating Enterprise Security Products Against Cybercrime Threats]( [Zerto Announces General Availability of Zerto for Kubernetes and New Public Cloud Capabilities]( [Zscaler Advances Zero Trust Security for the Digital Business]( [MORE PRODUCTS & RELEASES]( [MORE PRODUCTS & RELEASES]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech 303 Second St., Suite 900 South Tower, San Francisco, CA 94107 To update your profile, change your e-mail address, or unsubscribe, [click here.]( To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:customerservice_informationhub@techweb.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2021]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:customerservice_informationhub@techweb.com)