5 Years That Altered the Ransomware Landscape | Top 6 Security Threats Targeting Remote Workers

WannaCry continues to be a reminder of the challenges that organizations face dealing with the ransomware threat. [TechWeb]( Follow Dark Reading: [RSS]( May 12, 2022 LATEST SECURITY NEWS & COMMENTARY [5 Years That Altered the Ransomware Landscape]( WannaCry continues to be a reminder of the challenges that organizations face dealing with the ransomware threat. [What to Patch Now: Actively Exploited Windows Zero-Day Threatens Domain Controllers]( Microsoft's May 2022 Patch Tuesday contains several bugs in ubiquitous software that could affect millions of machines, researchers warn. [Vanity URLs Could Be Spoofed for Social Engineering Attacks]( Attackers could abuse the vanity subdomains of popular cloud services such as Box.com, Google, and Zoom to mask attacks in phishing campaigns. [Cyber-Espionage Attack Drops Post-Exploit Malware Framework on Microsoft Exchange Servers]( IceApple's 18 separate modules include those for data exfiltration, credential harvesting, and file and directory deletion, CrowdStrike warns. [On the Air With Dark Reading News Desk at Black Hat Asia 2022]( This year's Black Hat Asia is hybrid, with some sessions broadcast on the virtual platform and others live on stage in Singapore. News Desk is available on-demand with prerecorded interviews. [Known macOS Vulnerabilities Led Researcher to Root Out New Flaws]( Researcher shares how he unearthed newer bugs in Apple's operating system by closer scrutiny of previous research, including vulnerabilities that came out of the Pwn2Own competition. [Scammer Infects His Own Machine With Spyware, Reveals True Identity]( An operational slip-up led security researchers to an attacker associated with Nigerian letter scams and malware distribution, after he infected himself with Agent Tesla. [NFTs Emerge as the Next Enterprise Attack Vector]( Cybersecurity has to be a top priority as enterprises begin incorporating the use of nonfungible tokens into their business strategies, brand-awareness campaigns, and employee-communication efforts, experts say. [Critical Cisco VM-Escape Bug Threatens Host Takeover]( The vendor also disclosed two other security vulnerabilities that would allow remote, unauthenticated attackers to inject commands as root and snoop on sensitive user information. [Docker Under Siege: Cybercriminals Compromise Honeypots to Ramp Up Attacks]( Cloud containers are increasingly part of the cybercrime playbook, with researchers flagging ongoing scanning for Docker weaknesses along with rapid exploitation to infect systems with coin-miners, denial-of-service tools, and ransomware. [Mastering the New CISO Playbook]( How can you safeguard your organization amid global conflict and uncertainty? [Breaking Down the Strengthening American Cybersecurity Act]( New federal cybersecurity rules will set timelines for critical infrastructure sector organizations — those in chemical, manufacturing, healthcare, defense contracting, energy, financial, nuclear, or transportation — to report ransomware payments and cyberattacks to CISA. All parties have to comply for it to work and help protect assets. [The Danger of Online Data Brokers]( Enterprises should consider online data brokers as part of their risk exposure analysis if they don't already do so. [Colonial Pipeline 1 Year Later: What Has Yet to Change?]( The incident was a devastating attack, but it exposed gaps in cybersecurity postures that otherwise would have gone unnoticed. [Microsoft Simplifies Security Patching Process for Exchange Server]( Delivering hotfixes and system updates separately will allow manual patching without requiring elevated permissions, Microsoft said. [Costa Rica Declares State of Emergency Under Sustained Conti Cyberattacks]( Conti's ransomware attack cripples Costa Rica's Treasury, sparking the US to offer a $15M bounty on the group. [Ikea Canada Breach Exposes 95K Customer Records]( An unauthorized employee accessed Ikea's customer database, but it's unclear what the intention was. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Security Stuff Happens: Where Do You Go From Here?]( Despite what it may feel like when you're in the trenches after a security incident, the world doesn't stop moving. (Part 3 of a series.) [Why Security Matters Even More in Online Gaming]( As the gaming sector booms, game publishers and gaming networks have been heavily targeted with distributed denial-of-service (DDoS) attacks in the last year. [A Third of Americans Use Easy-to-Guess Pet Passwords]( Far too many turn to Jingles, Mittens, or Bella for password inspiration, given that these are some of the easiest passwords to crack. [MORE]( EDITORS' CHOICE [Top 6 Security Threats Targeting Remote Workers]( Remote work is here to stay, which means security teams must ensure that security extends beyond corporate devices and protects employees wherever they are. LATEST FROM THE EDGE [Passwords: Do Actions Speak Louder Than Words?]( For most of us, passwords are the most visible security control we deal with on a regular basis, but we are not very good at it. LATEST FROM DR TECHNOLOGY [Google Will Use Mobile Devices to Thwart Phishing Attacks]( In an effort to combat phishing, Google will allow Android phones and iPhones to be used as security keys. Tech Resources - [Maximize the Human Potential of Your SOC]( - [Modernize your Security Operations with Human-Machine Intelligence]( - [AI in Cybersecurity: Using artificial intelligence to mitigate emerging security risks]( - [The Cyber Threat Impact of COVID-19 to Global Business]( - [2021 Banking and Financial Services Industry Cyber Threat Landscape Report]( - [The Top Emerging Trends in Cryptography for 2022]( - [Avoid Unplanned Downtime From Ransomware]( [ACCESS TECH LIBRARY NOW]( - [Implementing Zero Trust in Your Enterprise]( Attackers have shown time and again that perimeter security is no longer enough to keep them out. The concept of internal users and outsiders doesn't work in network defense when attackers use credential theft and lateral movement to pretend they ... - [Building an Effective Active Directory Security Strategy]( For cyber criminals, Microsoft's Active Directory is a treasure trove of user identity and system access. But while Active Directory is a potential attack vector, it can also play a crucial role in enterprise cyber defenses. In this webinar, experts ... [MORE WEBINARS]( FEATURED REPORTS - [Practical Network Security Approaches for a Multicloud, Hybrid IT World]( The report covers areas enterprises should focus on for their multicloud/hybrid cloud security strategy: -increase visibility over the environment -learning cloud-specific skills -relying on established security frameworks -re-architecting the network - [How Enterprises Are Securing the Application Environment]( Download this report from Dark Reading to learn more about the measures enterprises have adopted to ensure the security of their internally developed applications and third-party packaged applications. [MORE REPORTS]( CURRENT ISSUE [Incorporating a Prevention Mindset into Threat Detection and Response]( [DOWNLOAD THIS ISSUE]( [SUBSCRIBE NOW]( [BACK ISSUES]( | [MUST READS]( | [TECH DIGEST]( PRODUCTS & RELEASES [Orca Security Unveils Context-Aware Shift Left Security to Identify and Prevent Cloud Application Security Issues Earlier]( [Cybercriminals Are Increasingly Exploiting Vulnerabilities in Windows Print Spooler]( [Man Sentenced for Stealing from PayPal Accounts in Wire Fraud Scheme]( [Keeper Security Partners with SHI International for New Fully Managed IT Service (SHI Complete)]( [Quantum Ransomware Strikes Quickly, How to Prepare and Recover]( [SpyCloud Report: Fortune 1000 Employees Pose Elevated Cyber Risk to Companies]( [AT&T Expands Access to Advanced Secure Edge and Remote Workforce Capabilities]( [Deloitte Launches Expanded Cloud Security Management Platform]( [MORE PRODUCTS & RELEASES]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To update your profile, change your e-mail address, or unsubscribe, [click here.]( To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:customerservice_informationhub@techweb.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:customerservice_informationhub@techweb.com)