Threat Actors Revive 20-Year-Old Tactic | Several CVEs in Microsoft's Feb. Security Update Require Prompt Attention

"Right-to-left override" spoofing aimed at Microsoft 365 users shows how attackers improve old methods to stay ahead of defenders. [TechWeb]( Follow Dark Reading: [RSS]( February 10, 2022 LATEST SECURITY NEWS & COMMENTARY [Threat Actors Revive 20-Year-Old Tactic in Microsoft 365 Phishing Attacks]( Recent attacks involving so-called "right-to-left override" spoofing aimed at Microsoft 365 users show how attackers sometimes modify and improve old methods to try and stay one step ahead of defenders. [Experts: Several CVEs from Microsoft's February Security Update Require Prompt Attention]( Microsoft's release of relatively sparse vulnerability information makes it difficult for organizations to prioritize mitigation efforts, security experts say. [Linux Malware on the Rise]( Ransomware, cryptojacking, and a cracked version of the penetration-testing tool Cobalt Strike have increasingly targeted Linux in multicloud infrastructure, report states. [Vulnerability Scanning Triples, Leading to Two-Thirds Fewer Flaws]( Companies are scanning more applications for vulnerabilities — and more often. [Russian APT Steps Up Malicious Cyber Activity in Ukraine]( Actinium/Gameredon's attacks are another reminder of why organizations need to pay additional scrutiny to systems in the region. [China-Linked Group Attacked Taiwanese Financial Firms for 18 Months]( The Antlion group, also known as Pirate Panda and Tropic Trooper, has shifted to targeting mainly Taiwan, using custom backdoors against financial organizations. [Log4j and the Role of SBOMs in Reducing Software Security Risk]( Enterprises are spending a pittance on securing their software supply chain, which makes COTS software dangerous — vulnerabilities can be "hidden" in open source components. [Cyber Terrorism Is a Growing Threat & Governments Must Take Action]( With its benefits of deniability, relatively low costs, and the ability to attack from anywhere, cyber terrorism will increasingly threaten civilians everywhere. [Want to Be an Ethical Hacker? Here's Where to Begin]( By utilizing these resources, beginner hackers can find their specific passions within the cybersecurity space and eventually make their own mark in the ethical hacking profession. [Expert Insights: Training the Data Elephant in the AI Room]( Be aware of the risk of inadvertent data exposure in machine learning systems. [Hackers Went Wild in 2021 — Every Company Should Do These 5 Things in 2022]( Practical steps companies can take to defend their critical infrastructure and avoid the financial and reputational damage that could result from a breach. [Name That Edge Toon: Head of the Table]( Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Why Security Pros Are Frustrated With Cloud Security]( As companies shift more operations to the cloud, a shortfall in security talent and too much security data wastes more than half of the time spent on security issues, a survey finds. [The 3 Most Common Causes of Data Breaches in 2021]( Phishing, smishing, and business email compromise continue to do their dirty work. [Log4j: Getting From Stopgap Remedies to Long-Term Solutions]( This pervasive vulnerability will require continued care and attention to fully remediate and detect permutations. Here are some ways to get started. [MORE]( EDITORS' CHOICE [Mac Malware-Dropping Adware Gets More Dangerous]( The authors of UpdateAgent have tweaked it yet again — for the fifth time in less than 18 months. LATEST FROM THE EDGE [7 Red Flags That Can Stop Your Company From Becoming a Unicorn]( Investors and venture capitalists share the reasons that make them turn away from investing in your security tech. LATEST FROM DR TECHNOLOGY [8 Security Dinosaurs and What Filled Their Footprints]( Security technology has to evolve as new threats emerge and defenses improve. Here is a look back at the old breeds that are dying out. Tech Resources - [Mitigate the Risk of Ransomware Attacks Against Critical Infrastructure]( - [The Case for Zero-Trust Access for the Industrial Internet of Things (IIoT)]( - [DAST to the Future]( - [Vantage Inspect Next Gen SAST]( - [Extended Detection and Response (XDR) - Beginner's Guide]( - [SANS 2021 Top New Attacks and Threat Report]( - [The Top Emerging Trends in Cryptography for 2022]( [ACCESS TECH LIBRARY NOW]( - [Strategies For Securing Your Supply Chain]( Recent attacks like the zero-day Log4j vulnerability have brought new scrutiny to cyber threats from suppliers and enterprise trading partners. But what does an effective supply-chain security strategy look like? How can you ensure that customers, suppliers, contractors, and ... - [Best Practices for Extending Identity & Access Management to the Cloud]( Managing and securing user credentials was never easy, and now that they are scattered across cloud platforms, software-as-a-service tools, mobile devices, and on-premises systems, the task has become even more complex. With adversaries increasingly targeting their attention to credential theft, ... [MORE WEBINARS]( FEATURED REPORTS - [How Enterprises Are Assessing Cybersecurity Risk in Today's Environment]( - [Zero Trust in Real Life]( [MORE REPORTS]( CURRENT ISSUE [How Enterprises Are Assessing Cybersecurity Risk in Today's Environment]( [DOWNLOAD THIS ISSUE]( [SUBSCRIBE NOW]( [BACK ISSUES]( | [MUST READS]( | [TECH DIGEST]( PRODUCTS & RELEASES [Auth0 Credential Guard Detects Breached Passwords to Prevent Account Takeover]( [Qualys Launches Context XDR]( [InterVision Unveils Ransomware Protection as a Service]( [DeepSurface Security Secures $4.5M for Business Expansion]( [SecurityScorecard Acquires LIFARS]( [Mandiant Bolsters SaaS Platform With Integration of New Attack Surface Management Module]( [Tenable Launches Suite of New Features to Cloud-Native Application Security Platform]( [Research From Quantum and ESG Reveals Top Challenges in Data Management]( [Menlo Security Finds Cloud Migration and Remote Work Gives Rise to New Era of Malware, Highly Evasive Adaptive Threats (HEAT)]( [MORE PRODUCTS & RELEASES]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To update your profile, change your e-mail address, or unsubscribe, [click here.]( To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:customerservice_informationhub@techweb.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:customerservice_informationhub@techweb.com)