Iranian Hacking Group Among Those Exploiting Recently Disclosed VMware RCE Flaw

Threat actor is using the flaw to deliver Core Impact backdoor on vulnerable systems, security vendor says. [TechWeb]( Follow Dark Reading: [RSS]( April 26, 2022 LATEST SECURITY NEWS & COMMENTARY [Iranian Hacking Group Among Those Exploiting Recently Disclosed VMware RCE Flaw]( Threat actor is using the flaw to deliver Core Impact backdoor on vulnerable systems, security vendor says. [Ukraine Invasion Driving DDoS Attacks to All-Time Highs]( Unprecedented numbers of DDoS attacks since February are the result of hacktivists' cyberwar against Russian state interests, researchers say. [North Korean State Actors Deploying Novel Malware to Spy on Journalists]( Spear-phishing campaign loaded with new "Goldbackdoor" malware targeted journalists with NK News, analysts found. [Overlapping ICS/OT Mandates Distract From Threat Detection and Response]( It's time for regulators of critical infrastructure — including industrial control systems and operational technology — to focus more on operational resiliency. [(Sponsored Article) The Modern Software Supply Chain: How It's Evolved and What to Prepare For]( Supply chain security attacks have been becoming increasingly common and more sophisticated. Find out how to remain secure throughout the software supply chain. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [6 Malware Tools Designed to Disrupt Industrial Control Systems (ICS)]( Stuxnet was the first known malware built to attack operational technology environment. Since then, there have been several others. [Millions of Lenovo Laptops Contain Firmware-Level Vulnerabilities]( Three flaws present in consumer laptops can give attackers a way to drop highly persistent malware capable of evading methods to remove it, security vendor says. [3 Ways We Can Improve Cybersecurity]( To better manage risks, companies can concentrate on resilience, sharing information to protect from cyber threats, and making the cybersecurity tent bigger by looking at workers with nontraditional skill sets. [MORE]( EDITORS' CHOICE [Early Discovery of Pipedream Malware a Success Story for Industrial Security]( Cybersecurity professionals discovered, analyzed, and created defenses against the ICS malware framework before it was deployed, but expect the stakes to keep rising. LATEST FROM THE EDGE [When Security Meets Development: The DevSecOps Conundrum]( The DevSecOps journey is well worth undertaking because it can improve communication, speed up development, and ensure quality products. LATEST FROM DR TECHNOLOGY [What the ECDSA Flaw in Java Means for Enterprises]( This Tech Tip reminds developers and security teams to check what version of Java they are running. Whether they are vulnerable to the ECDSA flaw boils down to the version number. Tech Resources - [Improving Operations with AI-Assisted Cybersecurity]( - [Unlocking Human Potential in SOC Teams With AI-Assisted Cybersecurity]( - [Quantifying the Gap Between Perceived Security and Comprehensive MITRE ATT&CK Coverage]( - [Selling Breaches: The Transfer of Enterprise Network Access on Criminal Forums]( - [Supply Chain Cyber Risk Management Whitepaper]( - [Managed Security and the 3rd Party Cyber Risk Opportunity Whitepaper]( - [Managing Cyber Risk Across the Extended Vendor Ecosystem Report]( [ACCESS TECH LIBRARY NOW]( - [Building Security Into the Application Development Lifecycle]( Trying to fix security issues in software just before it goes into production or after it is released is difficult, time-consuming, and expensive. But how do you shift security left - to bring security earlier into the software development lifecycle? ... - [Incorporating a Prevention Mindset into Threat Detection and Response]( Cybercriminals are becoming more sophisticated and their attacks are increasingly difficult to detect. While threat detection and response is a critical component of enterprise security defense, activities geared towards prevention could save security teams a lot of time and resources ... [MORE WEBINARS]( FEATURED REPORTS - [Rethinking Endpoint Security in a Pandemic and Beyond]( IT security teams are expending the concept of "endpoint security" as companies adjust to a distributed workforce. How much responsibility will enterprise IT take for the security of personal devices such as printers. How will they manage identities across multiple ... - [Zero Trust in Real Life]( [MORE REPORTS]( CURRENT ISSUE [Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal]( [DOWNLOAD THIS ISSUE]( [SUBSCRIBE NOW]( [BACK ISSUES]( | [MUST READS]( | [TECH DIGEST]( PRODUCTS & RELEASES [Trend Micro Launches New Security Platform]( [Mastercard Launches Next-Generation Identity Technology with Microsoft]( [Neustar Security Services’ UltraDNS Integrates Terraform for Streamlined, Automated DNS Management]( [MORE PRODUCTS & RELEASES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To update your profile, change your e-mail address, or unsubscribe, [click here.]( To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:customerservice_informationhub@techweb.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:customerservice_informationhub@techweb.com)