Microsoft Disrupts Large-Scale BEC Campaign Across Web Services

[TechWeb]( Follow Dark Reading: [RSS]( June 16, 2021 LATEST SECURITY NEWS & COMMENTARY [Microsoft Disrupts Large-Scale BEC Campaign Across Web Services]( Attackers had used the cloud-based infrastructure to target mailboxes and add forwarding rules to learn about financial transactions. [Thousands of VMware vCenter Servers Remain Open to Attack Over the Internet]( Three weeks after company disclosed two critical vulnerabilities in the workload management utility, many organizations have not patched the technology yet, security vendor says. [Security Experts Scrutinize Apple, Amazon IoT Networks]( Both companies have done their due diligence in creating connected-device networks, but the pervasiveness of the devices worries some security researchers. [What Industrial Control System Vulnerabilities Can Teach Us About Protecting the Supply Chain]( Older technologies used in industrial and critical infrastructure leave the sector highly vulnerable to attack, but organizations can take steps to better protect themselves. [How Does the Government Buy Its Cybersecurity?]( The federal government is emphasizing cybersecurity regulation, education, and defense strategies this year. [Andariel Group Targets South Korean Entities in New Campaign]( Andariel, designated as a sub-group of the Lazarus Group APT, has historically targeted South Korean organzations. [Deloitte Buys Terbium Labs to Expand Threat Intel Capabilities]( Terbium Labs' products and services will become part of Deloitte's Detect & Respond lineup, the company confirms. [MORE NEWS & COMMENTARY]( HOT TOPICS [Required MFA Is Not Sufficient for Strong Security: Report]( Attackers and red teams find multiple ways to bypass poorly deployed MFA in enterprise environments, underscoring how redundancy and good design are still required. [What to Know About Updates to the PCI Secure Software Standard]( New requirements add 50 controls covering five control objectives. Here's a high-level look at each objective. [Ransomware Is Not the Problem]( Arbitrarily powerful software -- applications, operating systems -- is a problem, as is preventing it from running on enterprise systems. [MORE]( EDITORS' CHOICE [11 Cybersecurity Vendors to Watch in 2021]( The cybersecurity landscape continues to spawn new companies and attract new investments. Here is just a sampling of what the industry has to offer. [Know Thy Enemy: Fighting Half-Blind Against Ransomware Won't Work]( We lack reliable, representative, actionable data about ransomware's actual scope, scale, and impact. The Ransom Incident Response Network could change that. LATEST FROM THE EDGE [How President Biden Can Better Defend the US From Russian Hacks]( Wilson Center cybersecurity expert Meg King pinpoints five ambitious steps the administration should take, including a comprehensive national data breach notification protocol. Tech Resources - [2021 Application Security Statistics Report Vol.2]( - [The State of Endpoint Security]( - [Tech Insights: Detecting and Preventing Insider Data Leaks]( - [Stop Malicious Bots For Good: How Better Bot Management Maximizes Your ROI]( - [Must-Read Research: Why Sustainable 5G Networks are a 150-Year-Old Problem]( - [Future Proofing Your Network for 5G]( - [Threat Intel Challenges in Health Care]( [ACCESS TECH LIBRARY NOW]( - [Smarter Security Automation for Streamlined SecOps]( A shortage of skilled IT security professionals has given rise to a whole new class of technology and practices designed to automate repetitive and time-consuming tasks in security operations. But which tasks can enterprises safely automate? How does emerging automation ... - [Threat Deception: Tricking Attackers for Fun and Defense]( [MORE WEBINARS]( FEATURED REPORTS - [Tech Insights: Detecting and Preventing Insider Data Leaks]( - [Improving Security by Moving Beyond VPN]( [MORE REPORTS]( CURRENT ISSUE [The State of Cybersecurity Incident Response]( [DOWNLOAD THIS ISSUE]( [SUBSCRIBE NOW]( [BACK ISSUES]( | [MUST READS]( | [TECH DIGEST]( PRODUCTS & RELEASES [MITRE and Prelude Announce Partnership To Offer Advanced Cybersecurity for Small and Mid-sized Organizations]( [Nokia Deepfield: DDoS Attacks Originate From Fewer Than 50 Hosting Companies]( [QOMPLX Announces Post-Merger Board of Directors]( [MORE PRODUCTS & RELEASES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech 303 Second St., Suite 900 South Tower, San Francisco, CA 94107 To update your profile, change your e-mail address, or unsubscribe, [click here.]( To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:customerservice_informationhub@techweb.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2021]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:customerservice_informationhub@techweb.com)