"Right-to-left override" spoofing aimed at Microsoft 365 users shows how attackers improve old methods to stay ahead of defenders. [TechWeb]( Follow Dark Reading:
[RSS](
February 10, 2022 LATEST SECURITY NEWS & COMMENTARY [Threat Actors Revive 20-Year-Old Tactic in Microsoft 365 Phishing Attacks](
Recent attacks involving so-called "right-to-left override" spoofing aimed at Microsoft 365 users show how attackers sometimes modify and improve old methods to try and stay one step ahead of defenders.
[Experts: Several CVEs from Microsoft's February Security Update Require Prompt Attention](
Microsoft's release of relatively sparse vulnerability information makes it difficult for organizations to prioritize mitigation efforts, security experts say.
[Linux Malware on the Rise](
Ransomware, cryptojacking, and a cracked version of the penetration-testing tool Cobalt Strike have increasingly targeted Linux in multicloud infrastructure, report states.
[Vulnerability Scanning Triples, Leading to Two-Thirds Fewer Flaws](
Companies are scanning more applications for vulnerabilities â and more often.
[Russian APT Steps Up Malicious Cyber Activity in Ukraine](
Actinium/Gameredon's attacks are another reminder of why organizations need to pay additional scrutiny to systems in the region.
[China-Linked Group Attacked Taiwanese Financial Firms for 18 Months](
The Antlion group, also known as Pirate Panda and Tropic Trooper, has shifted to targeting mainly Taiwan, using custom backdoors against financial organizations.
[Log4j and the Role of SBOMs in Reducing Software Security Risk](
Enterprises are spending a pittance on securing their software supply chain, which makes COTS software dangerous â vulnerabilities can be "hidden" in open source components.
[Cyber Terrorism Is a Growing Threat & Governments Must Take Action](
With its benefits of deniability, relatively low costs, and the ability to attack from anywhere, cyber terrorism will increasingly threaten civilians everywhere.
[Want to Be an Ethical Hacker? Here's Where to Begin](
By utilizing these resources, beginner hackers can find their specific passions within the cybersecurity space and eventually make their own mark in the ethical hacking profession.
[Expert Insights: Training the Data Elephant in the AI Room](
Be aware of the risk of inadvertent data exposure in machine learning systems.
[Hackers Went Wild in 2021 â Every Company Should Do These 5 Things in 2022](
Practical steps companies can take to defend their critical infrastructure and avoid the financial and reputational damage that could result from a breach.
[Name That Edge Toon: Head of the Table](
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Why Security Pros Are Frustrated With Cloud Security]( As companies shift more operations to the cloud, a shortfall in security talent and too much security data wastes more than half of the time spent on security issues, a survey finds.
[The 3 Most Common Causes of Data Breaches in 2021]( Phishing, smishing, and business email compromise continue to do their dirty work.
[Log4j: Getting From Stopgap Remedies to Long-Term Solutions]( This pervasive vulnerability will require continued care and attention to fully remediate and detect permutations. Here are some ways to get started. [MORE]( EDITORS' CHOICE [Mac Malware-Dropping Adware Gets More Dangerous](
The authors of UpdateAgent have tweaked it yet again â for the fifth time in less than 18 months. LATEST FROM THE EDGE [7 Red Flags That Can Stop Your Company From Becoming a Unicorn](
Investors and venture capitalists share the reasons that make them turn away from investing in your security tech. LATEST FROM DR TECHNOLOGY [8 Security Dinosaurs and What Filled Their Footprints](
Security technology has to evolve as new threats emerge and defenses improve. Here is a look back at the old breeds that are dying out. Tech Resources - [Mitigate the Risk of Ransomware Attacks Against Critical Infrastructure](
- [The Case for Zero-Trust Access for the Industrial Internet of Things (IIoT)](
- [DAST to the Future](
- [Vantage Inspect Next Gen SAST](
- [Extended Detection and Response (XDR) - Beginner's Guide](
- [SANS 2021 Top New Attacks and Threat Report](
- [The Top Emerging Trends in Cryptography for 2022]( [ACCESS TECH LIBRARY NOW]( - [Strategies For Securing Your Supply Chain]( Recent attacks like the zero-day Log4j vulnerability have brought new scrutiny to cyber threats from suppliers and enterprise trading partners. But what does an effective supply-chain security strategy look like? How can you ensure that customers, suppliers, contractors, and ... - [Best Practices for Extending Identity & Access Management to the Cloud]( Managing and securing user credentials was never easy, and now that they are scattered across cloud platforms, software-as-a-service tools, mobile devices, and on-premises systems, the task has become even more complex. With adversaries increasingly targeting their attention to credential theft, ... [MORE WEBINARS]( FEATURED REPORTS - [How Enterprises Are Assessing Cybersecurity Risk in Today's Environment](
- [Zero Trust in Real Life]( [MORE REPORTS]( CURRENT ISSUE
[How Enterprises Are Assessing Cybersecurity Risk in Today's Environment](
[DOWNLOAD THIS ISSUE]( [SUBSCRIBE NOW](
[BACK ISSUES]( | [MUST READS]( | [TECH DIGEST]( PRODUCTS & RELEASES [Auth0 Credential Guard Detects Breached Passwords to Prevent Account Takeover]( [Qualys Launches Context XDR]( [InterVision Unveils Ransomware Protection as a Service]( [DeepSurface Security Secures $4.5M for Business Expansion]( [SecurityScorecard Acquires LIFARS]( [Mandiant Bolsters SaaS Platform With Integration of New Attack Surface Management Module]( [Tenable Launches Suite of New Features to Cloud-Native Application Security Platform]( [Research From Quantum and ESG Reveals Top Challenges in Data Management]( [Menlo Security Finds Cloud Migration and Remote Work Gives Rise to New Era of Malware, Highly Evasive Adaptive Threats (HEAT)](
[MORE PRODUCTS & RELEASES]( Dark Reading Weekly
-- Published By [Dark Reading](
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To update your profile, change your e-mail address, or unsubscribe, [click here.](
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.](
Thoughts about this newsletter? [Give us feedback.](mailto:customerservice_informationhub@techweb.com)
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:customerservice_informationhub@techweb.com)