Notorious Spyware Tool Found Hiding Beneath Four Layers of Obfuscation

[TechWeb]( Follow Dark Reading: [RSS]( September 29, 2021 LATEST SECURITY NEWS & COMMENTARY [Notorious Spyware Tool Found Hiding Beneath Four Layers of Obfuscation]( FinFisher (aka FinSpy) surveillance software now goes to extreme lengths to duck analysis and discovery, researchers found in a months-long investigation. [75K Email Inboxes Hit in New Credential Phishing Campaign]( Attacker used a legitimate — but likely deprecated — domain to sneak malicious emails past security filters, vendor says. [Most Large Enterprises Fail to Protect Their Domain Names]( Of the largest 2,000 companies in the world, 81% fail to take simple security measures, such as locking their domain with the registrar, leaving them open to domain shenanigans. [Modern Security Breaches Demand Diligent Planning and Executive Support]( Teams that remain reactive will always be on the back foot — take an active stance. [Washington's New Cyber Focus Raises the Bar for IT Pros Across Supply Chains]( Rather than fight against tighter security regulations, MSPs and IT pros should step up to lead conversations about the future of their industry. [NSA, CISA Issue Guidelines for Selecting and Securing VPNs]( Joint document includes configuration recommendations for hardening VPNs, and recommendations on how to select the most secure ones. [US Extradites CardPlanet Operator Back to Russia]( Russian national Aleksi Burkov was sentenced to nine years in prison for his operation of two websites facilitating payment card fraud. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [6 Lessons From Major Data Breaches This Year]( Though many incidents stemmed from familiar security failures, they served up — or resurfaced — some important takeaways. [Primer: Microsoft Active Directory Security for AD Admins]( Nearly all AD environments are vulnerable to identity attack paths -- a powerful, widespread, and difficult-to-detect attack technique. But we didn't say impossible. Here's how admins can stop them. [10 Ways to Avoid Zero-Trust Failure]( Here are the prerequisites to have in order before getting past the zero-trust gate. [MORE]( EDITORS' CHOICE [CISA: Wide Exploitation of New VMware vCenter Server Flaw Likely]( Attackers can use the vulnerability to remotely execute arbitrary code. [How to Get Started With Zero Trust in a SaaS Environment]( Given current business conditions and the prevalence of SaaS technologies, now is the time to take steps toward zero trust. LATEST FROM THE EDGE [7 Ways to Thwart Malicious Insiders]( Malicious insider incidents may be less frequent than inadvertent user missteps, but they can cost organizations big time. Tech Resources - [The State of Cloud]( - [Zero Trust and the Power of Isolation for Threat Prevention]( - [Digital Transformation and Data Security]( - [The Transition to Empowered Enterprise Authentication]( - [SUNBURST: Mapping Malicious Activity Using Farsight Historical Passive DNS]( - [Run and Transform]( - [How Securing the Data Lifecycle Can Transform Your Data Protection Program]( [ACCESS TECH LIBRARY NOW]( - [Defense Strategies to Combat Sophisticated Ransomware and Multi-Vector Attacks]( To defend themselves effectively, companies need to detect ransomware attacks early, gather the intelligence to understand the attack and prevent attacks from occurring in the future. In this webinar, Shailesh Athalye, EVP Product Management will discuss ransomware trends, defensive maneuvers ... - [Ten Hot Talks from Black Hat 2021]( The annual Black Hat USA 2021 in Las Vegas featured a full slate of cybersecurity researchers presenting. They offered up discoveries about new critical security vulnerabilities, new threats, and new security tools that enterprise defenders need to know about as they ... [MORE WEBINARS]( FEATURED REPORTS - [Enterprise Cybersecurity Plans in a Post-Pandemic World]( As the COVID-19 pandemic eases, IT security threats and the challenges involved in responding to them are trending upward. Security leaders expect that cyberattacks like ransomware, phishing, and malware will increase even as the pandemic eventually recedes. Download the Dark ... - [The State of Malware Threats]( [MORE REPORTS]( CURRENT ISSUE [Enterprise Cybersecurity Plans in a Post-Pandemic World]( [DOWNLOAD THIS ISSUE]( [SUBSCRIBE NOW]( [BACK ISSUES]( | [MUST READS]( | [TECH DIGEST]( PRODUCTS & RELEASES [Master Lock Introduces New Bluetooth ProSeries Padlocks]( [BloodyStealer: Advanced New Trojan Targets Accounts of Popular Online Gaming Platforms]( [Zero Trust Comes to Industry's Broadest Cybersecurity Platform]( [Telos, Splunk, stackArmor, AWS Announce FASTTR Initiative to Accelerate Compliance]( [Aunalytics Unveils Secure Managed Services with Integrated Security]( [MORE PRODUCTS & RELEASES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech 303 Second St., Suite 900 South Tower, San Francisco, CA 94107 To update your profile, change your e-mail address, or unsubscribe, [click here.]( To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:customerservice_informationhub@techweb.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2021]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:customerservice_informationhub@techweb.com)