CISA Warns of Ongoing Attacks Targeting ProxyShell Vulnerabilities

[TechWeb]( Follow Dark Reading: [RSS]( August 25, 2021 LATEST SECURITY NEWS & COMMENTARY [CISA Warns of Ongoing Attacks Targeting ProxyShell Vulnerabilities]( Cybercriminals are actively exploiting ProxyShell vulnerabilities CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207. Here's what to do about this. [FBI Issues Advisory on 'OnePercent' Ransomware Group]( The threat actor has been targeting US companies in dual extortion attacks since fall of last year. [Business Management Firms Have the Least Secure Web Apps]( Almost three-quarters of Web applications for businesses that handle accounting, auditing, finances, and operations have critical vulnerabilities every day of the year. [4 Steps Organizations Can Take to Increase Diversity in Cybersecurity]( Cultivating a diverse cybersecurity workforce requires a multipronged approach. Here are key steps organizations can take to increase diversity and grow the cybersecurity talent pipeline. [The New Secret Weapon in Breach Detection: Math and Data Science]( It's time for organizations across industries to use math and data science to assess the probabilities of a breach. Here's how. [Researchers Share Common Tactics of ShinyHunters Threat Group]( Intel 471 researchers break down common tactics and techniques of the data-stealing group behind many big breaches. [WhatsApp Modification Seen Distributing Triada Trojan]( A modified version of WhatsApp for Android is installing a Trojan designed to deliver malicious payloads, launch ads, and intercept SMS messages. [MORE NEWS & COMMENTARY]( HOT TOPICS [Ransomware Attacker Offers Employees a Cut if They Install DemonWare on Their Organization's Systems]( Researchers went undercover and posed as willing "insider threats" to expose and study an unusual hybrid BEC-style social engineering-ransomware scheme. [How to Maintain Accountability in a Hybrid Environment]( Even as organizations diversify their IT environments, adding more cloud storage, the mainframe plays a critical role. Here are four key strategies for locking down the mainframe to secure the core of your business. [US Census Bureau Failed Breach Response, Watchdog Says]( The January 2020 compromise did not succeed but highlighted significant deficiencies in the security operations of the federal agency tasked with an accurate count of the population. [MORE]( EDITORS' CHOICE [7 Tips for Securing the Software Development Environment]( Recent attacks have highlighted the need for organizations to pay closer attention to the hardware, software, and networks used in software development. [Attackers Increasingly Target Linux in the Cloud]( Linux is widely used in containerized environments, giving rise to significant attention from attackers. LATEST FROM THE EDGE [6 Client-Side Security Concerns Enterprises Should Care About]( Enterprises have to decide whether to take into account the security of end-customers' devices when building out the application experience, or even whether the application allows or denies access depending on the device. [Threat Protection: The REvil Ransomware]( What does DNS activity look like surrounding the REvil/Sodinokibi ransomware threat? Tech Resources - [Guide to Enabling a Work from Anywhere Organization]( - [Run and Transform: Micro Focus + Jaguar Racing]( - [Powering Digital Transformation]( - [The Top 10 Threats of Data Sprawl and How to Mitigate Them]( - [The Top 5 Fails of DLP]( - [Five Reasons to Protect your VPN with Multi-Factor Authentication]( - [Passwordless: The Future of Authentication]( [ACCESS TECH LIBRARY NOW]( - ["The New Normal" of Supply Chain Security]( In this webinar, experts discuss potential vulnerabilities in the new supply chain, and potential threats from online attackers. They also discuss the impact of these changes on compliance with industry and regulatory rules that govern the supply chain. You'll learn ... - [WATCH NOW>>Outsource Security Without Inviting Risk and Wasting Money]( In this webinar, experts offer advice on how to effectively use third-party service providers, how to choose a provider that fits your requirements, and how to ensure the third-party provider is meeting your security requirements. [MORE WEBINARS]( FEATURED REPORTS - [Enterprise Cybersecurity Plans in a Post-Pandemic World]( As the COVID-19 pandemic eases, IT security threats and the challenges involved in responding to them are trending upward. Security leaders expect that cyberattacks like ransomware, phishing, and malware will increase even as the pandemic eventually recedes. Download the Dark ... - [How Enterprises Are Developing Secure Applications]( [MORE REPORTS]( CURRENT ISSUE [Enterprise Cybersecurity Plans in a Post-Pandemic World]( [DOWNLOAD THIS ISSUE]( [SUBSCRIBE NOW]( [BACK ISSUES]( | [MUST READS]( | [TECH DIGEST]( PRODUCTS & RELEASES [FusionAuth Introduces Advanced Threat Detection to Help Safeguard User Identity]( [New Data-Driven Study Reveals 40% of SaaS Data Access Is Unmanaged, Creating Significant Insider and External Threats to Global Organizations]( [Upstream Security Raises $62M in Series C Financing Round]( [Cameyo Introduces Secure Cloud Tunneling to Further Reduce the Attack Surface for Remote & Hybrid Work]( [MORE PRODUCTS & RELEASES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech 303 Second St., Suite 900 South Tower, San Francisco, CA 94107 To update your profile, change your e-mail address, or unsubscribe, [click here.]( To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:customerservice_informationhub@techweb.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2021]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:customerservice_informationhub@techweb.com)