Microsoft Disrupts Large-Scale BEC Campaign | Ransomware Group Claiming Connection to REvil Gang Surfaces

[TechWeb]( Follow Dark Reading: [RSS]( June 17, 2021 LATEST SECURITY NEWS & COMMENTARY [Microsoft Disrupts Large-Scale BEC Campaign Across Web Services]( Attackers had used the cloud-based infrastructure to target mailboxes and add forwarding rules to learn about financial transactions. [New Ransomware Group Claiming Connection to REvil Gang Surfaces]( "Prometheus" is the latest example of how the ransomware-as-a-service model is letting new gangs scale up operations quickly. [VPN Attacks Surged in First Quarter]( But volume of malware, botnet, and other exploit activity declined because of the Emotet botnet takedown. [Ransomware Operators' Strategies Evolve as Attacks Rise]( Security researchers find ransomware operators rely less on email and more on criminal groups for initial access into target networks. [Trickbot Investigation Shows Details of Massive Cybercrime Effort]( Nearly a score of cybercriminals allegedly worked together to create the Trickbot malware and deploy it against more than a million users, an unsealed indictment claims. [Thousands of VMware vCenter Servers Remain Open to Attack Over the Internet]( Three weeks after company disclosed two critical vulnerabilities in the workload management utility, many organizations have not patched the technology yet, security vendor says. [The Workforce Shortage in Cybersecurity Is a Myth]( What we really have is an automation-in-the-wrong-place problem. [Colonial Pipeline Cyberattack Proves a Single Password Isn't Enough]( Since the attack, it's been revealed that it was down to a single password. Yes, ransomware needs to be on your radar -- but a focus on credentials is vital. [Details Emerge on How Gaming Giant EA Was Hacked]( Hacking group stole source code to FIFA 21 and the company's Frostbite engine. [Cyber Analytics Database Exposed 5 Billion Records Online]( In an ironic twist, Cognyte's data alerts customers to third-party data exposures. [JBS CEO Says Company Paid $11M in Ransom]( The decision to pay attackers was a difficult one, CEO Andre Nogueira said in a statement. [Name That Toon: Sight Unseen]( Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card. [MORE NEWS & COMMENTARY]( HOT TOPICS [How President Biden Can Better Defend the US From Russian Hacks]( Wilson Center cybersecurity expert Meg King pinpoints five ambitious steps the administration should take, including a comprehensive national data breach notification protocol. [Many Mobile Apps Intentionally Using Insecure Connections for Sending Data]( A new analysis of iOS and Android apps released to Apple's and Google's app stores over the past five years found many to be deliberately breaking HTTPS protections. [Deepfakes Are on the Rise, but Don't Panic Just Yet]( Deepfakes will likely give way to deep suspicion, as users try to sort legitimate media from malicious. [MORE]( EDITORS' CHOICE [11 Cybersecurity Vendors to Watch in 2021]( The cybersecurity landscape continues to spawn new companies and attract new investments. Here is just a sampling of what the industry has to offer. [Know Thy Enemy: Fighting Half-Blind Against Ransomware Won't Work]( We lack reliable, representative, actionable data about ransomware's actual scope, scale, and impact. The Ransom Incident Response Network could change that. LATEST FROM THE EDGE [Is an Attacker Living Off Your Land?]( Living-off-the-land attacks pose significant risks to organizations and, on top of that, are difficult to detect. Learn the basics about how these attacks operate and ways to limit their damage. Tech Resources - [2021 Application Security Statistics Report Vol.2]( - [The State of Endpoint Security]( - [Tech Insights: Detecting and Preventing Insider Data Leaks]( - [Stop Malicious Bots For Good: How Better Bot Management Maximizes Your ROI]( - [How DevOps Delivers on User Experience with Observability]( - [2021 Digital Transformation Report]( - [The Underground Economy: The Dark Web and the Rise in Sophisticated Attacks]( [ACCESS TECH LIBRARY NOW]( - [Smarter Security Automation for Streamlined SecOps]( A shortage of skilled IT security professionals has given rise to a whole new class of technology and practices designed to automate repetitive and time-consuming tasks in security operations. But which tasks can enterprises safely automate? How does emerging automation ... - [Threat Deception: Tricking Attackers for Fun and Defense]( [MORE WEBINARS]( FEATURED REPORTS - [Tech Insights: Detecting and Preventing Insider Data Leaks]( - [Improving Security by Moving Beyond VPN]( [MORE REPORTS]( CURRENT ISSUE [The State of Cybersecurity Incident Response]( [DOWNLOAD THIS ISSUE]( [SUBSCRIBE NOW]( [BACK ISSUES]( | [MUST READS]( | [TECH DIGEST]( PRODUCTS & RELEASES [Zscaler 2021 'Exposed' Report Reveals Corporate & Cloud Infrastructures More at Risk Than Ever From Expanded Attack Surfaces]( [QOMPLX Announces Post-Merger Board of Directors]( [MITRE and Prelude Announce Partnership to Offer Advanced Cybersecurity for Small and Midsized Organizations]( [Nokia Deepfield: DDoS Attacks Originate From Fewer Than 50 Hosting Companies]( [Myota Announces $3.65M Series A2 Funding for the Company's Enterprise Information Protection SaaS Platform]( [Netacea Creates Bot Management Open Source Framework]( [MITRE and Prelude Announce Partnership to Offer Advanced Cybersecurity for Small and Midsized Organizations]( [Immersive Labs Raises $75M to Accelerate Data Platform for Analyzing and Unlocking Cyber Skills Across Large Organizations]( [MORE PRODUCTS & RELEASES]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech 303 Second St., Suite 900 South Tower, San Francisco, CA 94107 To update your profile, change your e-mail address, or unsubscribe, [click here.]( To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:customerservice_informationhub@techweb.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2021]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:customerservice_informationhub@techweb.com)