DHS Orders Pipeline Operators to Report Cyberattacks | Microsoft 365: Most Common Threat Vectors

[TechWeb]( Follow Dark Reading: [RSS]( June 03, 2021 LATEST SECURITY NEWS & COMMENTARY [DHS Orders Pipeline Operators to Report Cyberattacks, Review Security Posture]( On the heels of the Colonial Pipeline attack, the US Department of Homeland Security aims to force a reticent industry to improve its ability to detect and respond to cybersecurity attacks. [Microsoft 365: Most Common Threat Vectors & Defensive Tips]( Security pros discuss the most typical ways attackers leverage Microsoft 365 and share their guidance for defenders. [Chinese APT Groups Continue to Pound Away on Pulse Secure VPNs]( Security vendor says it has observed threat groups using a set of 16 tools specifically designed to attack Pulse Secure devices since April 2020. [New Barebones Ransomware Strain Surfaces]( The authors of Epsilon Red have offloaded many tasks that are usually integrated into the ransomware -- such as Volume Shadow Copy deletion -- to PowerShell scripts. [US Seizes Attacker Domains Used in USAID Phishing Campaign]( The move follows last week's disclosure of an ongoing attack designed to mimic emails from the US Agency for International Development. [Prevention Is the Only Cure: The Dangers of Legacy Systems]( Prolonged exposure to poorly managed legacy IT devices proves time and time again the familiar adage: What can go wrong will go wrong. [Return to Basics: Email Security in the Post-COVID Workplace]( As we reimagine the post-pandemic workplace, we must also reevaluate post-pandemic email security practices. [Most Mobile Apps Can Be Compromised in 15 Minutes or Less]( In the name of releasing apps quickly and delivering a smooth user experience, mobile app security is often given short shrift. ['Have I Been Pwned' Code Base Now Open Source]( Founder Troy Hunt also announces the platform will receive compromised passwords the FBI finds in its investigations. [Google Discovers New Rowhammer Attack Technique]( Researchers publish the details of a new Rowhammer vulnerability called "Half-Double" that exploits increasingly smaller DRAM chips. [MORE NEWS & COMMENTARY]( HOT TOPICS [Processor Morphs Its Architecture to Make Hacking Really Hard]( Researchers create a processor that uses encryption to modify its memory architecture during runtime, making it very difficult for hackers to exploit memory-based vulnerabilities. [How Are Cyber Insurance Companies Assessing Ransomware Risk?]( From limiting claims payments to tying payments to policyholders' actions, the cyber insurance industry is in "a very dynamic place right now," says Corvus Insurance CEO Phil Edmundson. [3 SASE Misconceptions to Consider]( SASE is all the rage, promising things IT leaders have long dreamed about, but a purist approach may create consequences. [MORE]( EDITORS' CHOICE [Let's Stop Blaming Employees for Our Data Breaches]( Assuming employees want to steal trade secrets pits them against your security teams, creates stress and reduces productivity. [Cybersecurity Group Hopes to Push 30 More National Priorities]( The Cyberspace Solarium Commission worked with legislators and the Trump administration to get 27 recommendations implemented in policy last year. It's aiming for 30 more in 2021. LATEST FROM THE EDGE [A Wrench and a Screwdriver: Critical Infrastructure's Last, Best Lines of Defense?]( Critical infrastructure's cybersecurity problems are complex, deep-rooted, and daunting. Addressing them won't be easy...but it isn't impossible. Tech Resources - [2021 Application Security Statistics Report Vol.2]( - [The State of Endpoint Security]( - [Tech Insights: Detecting and Preventing Insider Data Leaks]( - [Stop Malicious Bots For Good: How Better Bot Management Maximizes Your ROI]( - [Assessing Cybersecurity Risk in Today's Enterprises]( - [The Essential Guide to XDR]( - [Are We Cyber-Resilient? The Key Question Every Organization Must Answer]( [ACCESS TECH LIBRARY NOW]( - [Smarter Security Automation for Streamlined SecOps]( A shortage of skilled IT security professionals has given rise to a whole new class of technology and practices designed to automate repetitive and time-consuming tasks in security operations. But which tasks can enterprises safely automate? How does emerging automation ... - [Ransomware Resilience and Response Playbook]( When ransomware locks up your business's critical data and essential gear, panic can set in fast-which just makes you more vulnerable. But questions abound: is this a ransomworm that's going to spread to other endpoints? Are the attackers going to ... [MORE WEBINARS]( FEATURED REPORTS - [Tech Insights: Detecting and Preventing Insider Data Leaks]( - [Improving Security by Moving Beyond VPN]( [MORE REPORTS]( CURRENT ISSUE [2021 Top Enterprise IT Trends]( [DOWNLOAD THIS ISSUE]( [SUBSCRIBE NOW]( [BACK ISSUES]( | [MUST READS]( | [TECH DIGEST]( PRODUCTS & RELEASES [New Global Rackspace Technology Survey Underscores Business Benefits of Modernizing Applications to Improve Customer Experience]( [Broadcom Announces Adaptive Protection]( [IBM Selects Six School Districts to Receive a Total of $3 Million in Education Security Preparedness Grants]( [Sumo Logic Signs Definitive Agreement to Acquire Sensu to Extend Open Source Strategy]( [Cyber Readiness Institute Launches First Cybersecurity Certification Program for Small and Medium-sized Business Leaders]( [New Farsight Security Study Examines DNS Network Traffic Volumes For Over 300 Top Second-Level Domains During Pandemic]( [Axio Helping Organizations Protect Themselves Against Ransomware]( [MORE PRODUCTS & RELEASES]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech 303 Second St., Suite 900 South Tower, San Francisco, CA 94107 To update your profile, change your e-mail address, or unsubscribe, [click here.]( To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:customerservice_informationhub@techweb.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2021]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:customerservice_informationhub@techweb.com)