'PerSwaysion' Phishing Campaign Still Ongoing, and Pervasive

[TechWeb]( Follow Dark Reading: [RSS]( November 19, 2021 LATEST SECURITY NEWS & COMMENTARY ['PerSwaysion' Phishing Campaign Still Ongoing, and Pervasive]( Research shows that multiple attack groups have been using the Microsoft file-sharing service - leveraging phishing kit for much longer than previously thought. [Microsoft Exchange Server Flaws Now Exploited for BEC Attacks]( Attackers also are deploying ProxyShell and abusing the vulnerabilities in stealthier manner, researchers say. [North Korean Hacking Group Targets Diplomats, Forgoes Malware]( The TA406 group uses credential harvesting to target diplomats and policy experts in the United States, Russia, China, and South Korea, rarely resorting to malware. [Swarm Intelligence May Be Just the Ticket for Improved Network & Device Security]( Based on the reaction of a single insect in a swarm, messages are passed along peer to peer, and an entire environment can respond without a central leader processing data and giving orders. [California Pizza Kitchen Suffers Data Breach]( Personal data, including Social Security numbers, of more than 100K employees exposed. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [How to Negotiate With Ransomware Attackers]( Security researchers investigate the ransom negotiation process to create strategies businesses can use if they face an attack. [Open Source Project Aims to Detect Living-Off-the-Land Attacks]( The machine learning classifier from Adobe can determine whether system commands are malicious and classify them using a variety of tags useful for security analysts. [How to Navigate the Mitigation of Deepfakes]( Deepfakes are already several steps ahead of the technology that can detect and warn us about them. [MORE]( EDITORS' CHOICE [Is XDR Overhyped?]( Security experts weigh in on the value and pitfalls of extended detection and response (XDR), offering consideration and advice on this growing new category. LATEST FROM THE EDGE [Addressing the Low-Code Security Elephant in the Room]( The danger of anyone being able to spin up new applications is that few are thinking about security. Here's why everyone is responsible for the security of low-code/no-code applications. LATEST FROM DR TECHNOLOGY [Search CT Logs for Misconfigured SSL Certificates]( Security defenders can run these queries against Certificate Transparency logs to identify misconfigured SSL certificates before they can be used by adversaries to map out attacks. Tech Resources - [2021 Ransomware Threat Report]( - [2021 Cyberthreat Defense Report]( - [How to Plan for Endpoint Security Against Ever-evolving Cyberthreats]( - [Architects Guide to Zero Trust Network Access]( - [Simple Solutions for Continuous Visibility to Active Directory Exposures & Live Attacks]( - [Identity Detection & Response (IDR) as a Solution for Identity-Based Attacks]( - [Understanding the Most Common Lateral Movement Attack Tactics]( [ACCESS TECH LIBRARY NOW]( - [Cybersecurity Forecast 2022: Snowpocalypse or cloudy with a chance of rain?]( Does the year ahead hold significant promise for IT and Security teams, or does the upheaval caused by COVID-19 and the spike in cyberattacks continue well into 2022? As threat actors continue to evolve, what should security teams look out for ... - [Protecting Enterprise Data from Malicious Insiders]( It's a sad truth: not all employees are nice. Corporate espionage, sabotage and other security incidents could be committed or aided by any insider with something to gain. How do you know when a once-trustworthy employee is about to do ... [MORE WEBINARS]( FEATURED REPORTS - [10 Hot Talks From Black Hat USA 2021]( - [The State of Malware Threats]( [MORE REPORTS]( CURRENT ISSUE [How Data Breaches Affect the Enterprise]( [DOWNLOAD THIS ISSUE]( [SUBSCRIBE NOW]( [BACK ISSUES]( | [MUST READS]( | [TECH DIGEST]( PRODUCTS & RELEASES [Two Iranian Nationals Charged for Cyber-Enabled Disinformation and Threat Campaign Designed to Influence the 2020 US Presidential Election]( [Artificial Intelligence and Machine Learning, Cloud Computing, and 5G Will Be the Most Important Technologies in 2022, Says New IEEE Study]( [GBG Announces It Has Agreed to Acquire Acuant]( [CISA Releases Incident and Vulnerability Response Playbooks to Strengthen Cybersecurity for Federal Civilian Agencies]( [MORE PRODUCTS & RELEASES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech 303 Second St., Suite 900 South Tower, San Francisco, CA 94107 To update your profile, change your e-mail address, or unsubscribe, [click here.]( To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:customerservice_informationhub@techweb.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2021]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:customerservice_informationhub@techweb.com)