Zero-Day Vulnerability Found in Java Spring Framework | Log4j Attacks Continue Unabated Against VMware Horizon Servers

A proof-of-concept exploit allows remote compromises of Spring Web applications. [TechWeb]( Follow Dark Reading: [RSS]( March 31, 2022 LATEST SECURITY NEWS & COMMENTARY [Zero-Day Vulnerability Discovered in Java Spring Framework]( A proof-of-concept exploit allows remote compromises of Spring Web applications. [Nation-State Hackers Ramp Up Ukraine War-Themed Attacks]( Among them is the operator of the Ghostwriter misinformation campaign, with a new browser-in-browser phishing technique, according to Google's research team. [Log4j Attacks Continue Unabated Against VMware Horizon Servers]( Threat actors are exploiting the vulnerability to drop Web shells and cryptominers, security vendor says. [Indictment of Russian National Offers Glimpse Into Methodical Targeting of Energy Firm]( Evgeny Viktorovich Gladkikh tried to cause catastrophic damage to Saudi oil refinery in 2017 via the Triton/Trisis malware, the US has alleged. [Russian Nationals Indicted for Epic Triton/Trisis and Dragonfly Cyberattacks on Energy Firms]( Four Russian government employees were charged by the DoJ for attack campaigns targeting hundreds of energy sector companies and organizations in 135 countries, including the US. [Biden Requests Nearly $11B for Federal Cybersecurity Spending]( The administration's 2023 IT budget for civilian agencies includes $500 million more for CISA. [Zero-Day Surge Led to More Rapid Exploitation of Bugs in 2021]( New vulnerability study shows how "attacker economies of scale" have shaped the risk landscape. [HR Alone Can't Solve the Great Resignation]( Here's how IT teams and decision-makers can step up to support the workforce. Creating a culture of feedback and introducing automation can mitigate burnout, inspire employees, and reduce turnover. [Vodafone Portugal: The Attack on Brand Reputations and Public Confidence Through Cybercrime]( Companies must prepare effective, data-driven threat-response strategies as they monitor for reputational risks as well as cyberattacks. [How Security Complexity Is Being Weaponized]( As environments grow noisier, it becomes easier for attackers to intentionally create distractions. [What the Conti Ransomware Group Data Leak Tells Us]( Knowing the inner workings of Conti will not only help ransomware negotiators but also help organizations to better handle a ransomware attack when it happens. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Exploring the Intersection of Physical Security and Cybersecurity]( Residential, commercial, and public buildings are getting smarter; fitting them with a network of connected systems allows buildings to regulate their environment, save energy, and be more secure. [Cybercriminals Fighting Over Cloud Workloads for Cryptomining]( Whether compromising misconfigured cloud infrastructure or taking advantage of free-tier cloud development platforms, attackers see a vast pool of workloads to use for cryptomining. [Security's Life Cycle Isn't the Developers' Life Cycle]( Whether it's PCI-DSS, SSDLC, or GDPR, the criteria that security standards expect businesses to uphold are neither realistic or feasible. [MORE]( EDITORS' CHOICE [Pandemic Leaves Firms Scrambling for Cybersecurity Specialists]( Companies have trouble retaining workers, with almost two-thirds of business reporting unfilled positions and massive unmet demand for technical cybersecurity professionals, study shows. LATEST FROM THE EDGE [Could Gaming Close the Cyberskills Gap?]( The Wicked6 hackathon helps women to develop their professional cybersecurity skills while networking and playing games. LATEST FROM DR TECHNOLOGY [Understanding Private 5G LANs in the Enterprise]( As the technology matures and costs begin to drop, 5G LAN looks more like a realistic replacement for corporate Wi-Fi networks. Tech Resources - [Improving Operations with AI-Assisted Cybersecurity]( - [Unlocking Human Potential in SOC Teams With AI-Assisted Cybersecurity]( - [Quantifying the Gap Between Perceived Security and Comprehensive MITRE ATT&CK Coverage]( - [Business Buyers Guide to Password Managers]( - [4 Ways XDR Levels Up Security Programs]( - [2021 Gartner Market Guide for Managed Detection and Response Report]( - [TIM Whitepaper]( [ACCESS TECH LIBRARY NOW]( - [Protecting Industrial Control Systems from Modern Threats]( A 2021 attack on an industrial control system (ICS) at a water treatment plant in a small town in Florida raised eyebrows and surfaced new fears about the risks these kind of systems face. Unfortunately, many ICS systems are working on ... - [Rethinking Asset Management to Improve Enterprise Security]( One common reason behind many enterprise security breaches is that attackers found a system, application, or device that security teams didn't know they had. Attackers can tamper with these unknown systems to make them look legitimate, and security defenders may ... [MORE WEBINARS]( FEATURED REPORTS - [How Enterprises Plan to Address Endpoint Security Threats in a Post-Pandemic World]( Dark Reading's 2022 Endpoint Security Report examines how IT and cybersecurity professionals are grappling with the impact of pandemic-related changes on endpoint security strategies. The report explores how they are building their endpoint security defenses, and provides insight on what organizations ... - [How Data Breaches Affect the Enterprise]( Many organizations report that major impacts have declined significantly compared with a year ago, suggesting that many have gotten better at containing breach fallout. Download this report to delve more into this timely topic. [MORE REPORTS]( CURRENT ISSUE [Rethinking Endpoint Security in a Pandemic and Beyond]( [DOWNLOAD THIS ISSUE]( [SUBSCRIBE NOW]( [BACK ISSUES]( | [MUST READS]( | [TECH DIGEST]( PRODUCTS & RELEASES [Cloud Security Architecture Needs to Be Strategic, Realistic, and Based on Risk]( [CriticalStart Releases Enhanced Capabilities for Microsoft 365 Defender]( [Cyera Launches From Stealth With $60M to Identify, Secure, and Remediate Cloud Data Security Risks]( [WiCyS Members Now Have Access to Cyber Defense Challenge Through Target]( [Darktrace AI Stops Cyberattack Exploiting Log4j Vulnerability at Global Financial Services Provider]( [Red Canary's Annual Threat Detection Report Reveals Top Threats and Techniques Targeting Most Organizations]( [MORE PRODUCTS & RELEASES]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To update your profile, change your e-mail address, or unsubscribe, [click here.]( To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:customerservice_informationhub@techweb.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:customerservice_informationhub@techweb.com)