Supernova Malware Actors Masqueraded as Remote Workers to Access Breached Network

[TechWeb]( Follow Dark Reading: [RSS]( April 23, 2021 LATEST SECURITY NEWS & COMMENTARY [Supernova Malware Actors Masqueraded as Remote Workers to Access Breached Network]( China-based Spiral group is believed to be behind year-long attack, which exploited a flaw in SolarWinds Orion technology to drop a Web shell. [University Suspends Project After Researchers Submitted Vulnerable Linux Patches]( A Linux maintainer pledges to stop taking code submissions from the University of Minnesota after a research team purposely submitted vulnerabilities to show software supply chain weaknesses. [Nearly Half of All Malware Is Concealed in TLS-Encrypted Communications]( Forty-six percent of all malware uses the cryptographic protocol to evade detection, communicate with attacker-controlled servers, and to exfiltrate data, new study shows. [Looking for Greater Security Culture? Ask an 8-Bit Plumber]( After 40 years of navigating catastrophes, video game character Mario can help us with a more intelligent approach to DevOps and improving security culture. [Improving the Vulnerability Reporting Process With 5 Steps]( Follow these tips for an effective and positive experience for both the maintainer and external vulnerability reporter. [Name That Toon: Greetings, Earthlings]( Caption time! Come up with something out of this world for Dark Reading's latest contest, and our panel of experts will reward the winner with a $25 Amazon gift card. [Prometei Botnet Adds New Twist to Exchange Server Attacks]( Attackers are using the well-known Microsoft Exchange Server flaw to add machines to a cryptocurrency botnet, researchers say. [New CISA Advisories Warn of ICS Vulnerabilities]( The vulnerabilities exist in Cscape control system application programming software and the Mitsubishi Electric GOT. [MORE NEWS & COMMENTARY]( HOT TOPICS [Attackers Heavily Targeting VPN Vulnerabilities]( Threat actors like attacking the technology because they provide a convenient entry point to enterprise networks. [Nation-State Attacks Force a New Paradigm: Patching as Incident Response]( IT no longer has the luxury of thoroughly testing critical vulnerability patches before rolling them out. [7 Old IT Things Every New InfoSec Pro Should Know]( Beneath all those containers and IoT devices, there's a rich patchwork of gear, protocols, and guidelines that have been holding it together since before you were born. Knowledge of those fundamentals is growing more valuable, not less. [MORE]( EDITORS' CHOICE [10 Free Security Tools at Black Hat Asia 2021]( Researchers are set to demonstrate a plethora of tools for conducting pen tests, vulnerability assessments, data forensics, and a wide range of other use cases. [Pulse Secure VPN Flaws Exploited to Target US Defense Sector]( China-linked attackers have used vulnerabilities in the Pulse Secure VPN appliance to attack US Defense Industrial Base networks. LATEST FROM THE EDGE [The CISO Life Is Half as Good]( Lora Vaughn was at a crossroads -- and that was before mandated pandemic lockdowns came into play. Here's her story of how life got sweeter after she stepped away from the CISO job. Tech Resources - [What Elite Threat Hunters See That Others Miss: Case Study]( - [How to Optimize Your Windows 10 Defense Strategy]( - [Top Threats to Cloud Computing: The Egregious 11]( - [SANS Institute Survey: The State of Cloud Security]( - [WhiteHat Professional Services Package]( - [Dark Reading Report: Battle for the Endpoint]( - [ITSM for the Enterprise - What Makes it Work?]( [ACCESS TECH LIBRARY NOW]( - [Making XDR Work in Your Enterprise - Dark Reading]( In this Dark Reading webinar, experts discuss the real-life implementation issues surrounding emerging detection and response technologies. You'll learn how these emerging technologies can be integrated with your existing cybersecurity tools, and how XDR technology might affect your cybersecurity operations ... - [Keys to Better Cyber Risk Assessment]( At this Dark Reading webinar, learn about the costs associated with today's threats and data breaches, how to measure current threats, and how to quantify the risks to your organization, so that you can implement the tools and processes to ... [MORE WEBINARS]( FEATURED REPORTS - [Improving Security by Moving Beyond VPN]( - [Accelerate Threat Resolutions with DNS]( [MORE REPORTS]( CURRENT ISSUE [2021 Top Enterprise IT Trends]( [DOWNLOAD THIS ISSUE]( [SUBSCRIBE NOW]( [BACK ISSUES]( | [MUST READS]( | [TECH DIGEST]( PRODUCTS & RELEASES [Netacea Releases "Buying Bad Bots Wholesale: The Genesis Market" Report]( [Mimecast Report: 61% of Organizations Were Infected with Ransomware in 2020]( [Trend Micro Revamps Partner Program]( [TeamViewer Survey: Businesses Prepare for Post-Pandemic 'Hybrid' Workforce with New Policies, Tech Infrastructure]( [Deep Instinct Receives $100 Million in Series D Funding]( [MORE PRODUCTS & RELEASES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech 303 Second St., Suite 900 South Tower, San Francisco, CA 94107 To update your profile, change your e-mail address, or unsubscribe, [click here.]( To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:customerservice_informationhub@techweb.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2021]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:customerservice_informationhub@techweb.com)