Critical VMware Bug Exploits Continue, as Botnet Operators Jump In | How to Turn a Coke Can Into an Eavesdropping Device

A critical VMware bug tracked as CVE-2022-22954 continues to draw cybercriminal moths to its remote code-execution flame, with recent attacks focused on botnets and Log4Shell. [TechWeb]( Follow Dark Reading: [RSS]( May 19, 2022 LATEST SECURITY NEWS & COMMENTARY [Critical VMware Bug Exploits Continue, as Botnet Operators Jump In]( A critical VMware bug tracked as CVE-2022-22954 continues to draw cybercriminal moths to its remote code-execution flame, with recent attacks focused on botnets and Log4Shell. [Phishing Attacks for Initial Access Surged 54% in Q1]( For the first time in a year, security incidents involving email compromises surpassed ransomware incidents, a new analysis shows. [MITRE Creates Framework for Supply Chain Security]( System of Trust includes data-driven metrics for evaluating the integrity of software, services, and suppliers. [Google Cloud Aims to Share Its Vetted Open Source Ecosystem]( The online giant analyzes, patches, and maintains its own versions of open source software, and now the company plans to give others access to its libraries and components as a subscription. [Open Source Security Gets $30M Boost From Industry Heavy Hitters]( Maintainers of open source software (OSS) will gain additional security tools for their own projects, while the developers who use OSS — and about 97% of software does — will gain more data on security. [Log4Shell Exploit Threatens Enterprise Data Lakes, AI Poisoning]( A brand-new attack vector lays open enterprise data lakes, threatening grave consequences for AI use cases like telesurgery or autonomous cars. [US Cyber Director: Forging a Cybersecurity Social Contract Is Not Optional]( In a Black Hat Asia keynote fireside chat, US national cyber director Chris Inglis outlined his vision of an effective cybersecurity public-private partnership strategy. [Name That Toon: Knives Out]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. [How Mobile Networks Have Become a Front in the Battle for Ukraine]( Since 2014's annexation of Crimea, Ukrainian mobile operators have taken multiple, proactive steps to defend networks in the country and ensure their resilience. [Needs Improvement: Scoring Biden's Cyber Executive Order]( One year after it was issued, has President Biden's Cyber Executive Order had an impact? [Me, My Digital Self, and I: Why Identity Is the Foundation of a Decentralized Future]( A decentralized future is a grand ideal, but secure management of private keys is the prerequisite to ensure the integrity of decentralized applications and services. [How Threat Actors Are a Click Away From Becoming Quasi-APTs]( As demonstrated in Ukraine and elsewhere, the battlefield for today's warriors extends to the virtual realm with cyber warfare. [US Agrees to International Electronic Cybercrime Evidence Swap]( The Budapest Convention is a multinational coalition that agrees to share electronic evidence across international jurisdictions to track down cybercriminals. [iPhones Open to Attack Even When Off, Researchers Say]( Wireless chips that run when the iPhone iOS is shut down can be exploited. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [5 Years That Altered the Ransomware Landscape]( WannaCry continues to be a reminder of the challenges that organizations face dealing with the ransomware threat. [Mastering the New CISO Playbook]( How can you safeguard your organization amid global conflict and uncertainty? [How to Create a Cybersecurity Mentorship Program]( As the talent shortage rages on, companies have found mentorship programs to be one of the best ways to obtain the security skills they need to develop their existing teams. [MORE]( EDITORS' CHOICE [How to Turn a Coke Can Into an Eavesdropping Device]( Cyber-researchers are testing the bounds of optical attacks with a technique that allows attackers to recover voice audio from meetings if there are shiny, lightweight objects nearby. LATEST FROM THE EDGE [Threat Actors Are Stealing Data Now to Decrypt When Quantum Computing Comes]( The technique, called store-now, decrypt later (SNDL), means organizations need to prepare now for post-quantum cryptography. LATEST FROM DR TECHNOLOGY [Enhancing DLP With Natural Language Understanding for Better Email Security]( Natural language understanding is well-suited for scanning enterprise email to detect and filter out spam and other malicious content. Armorblox introduces a data loss prevention service to its email security platform using NLU. Tech Resources - [Five Cardinal Sins of Data Security and Privacy]( - [What is a data vault? Why do you need it?]( - [Protecting Endpoint to Work from Anywhere]( - [Securely Work From Anywhere With the Fortinet Security Fabric]( - [Best Practices for Application Security in the Cloud]( - [The Top 10 API Vulnerabilities]( - [BotGuard for Streaming Service Case Study]( [ACCESS TECH LIBRARY NOW]( - [Harnessing the Power of Security Automation]( With many organizations pinched for both dollars and manpower, security and IT teams are turning to a new class of technology and practices designed to automate repetitive and time-consuming tasks in security operations. How can companies truly unleash the potential ... - [Building an Effective Active Directory Security Strategy]( For cyber criminals, Microsoft's Active Directory is a treasure trove of user identity and system access. But while Active Directory is a potential attack vector, it can also play a crucial role in enterprise cyber defenses. In this webinar, experts ... [MORE WEBINARS]( FEATURED REPORTS - [How Enterprises Are Securing the Application Environment]( Download this report from Dark Reading to learn more about the measures enterprises have adopted to ensure the security of their internally developed applications and third-party packaged applications. - [How Enterprises Are Assessing Cybersecurity Risk in Today's Environment]( Many cybersecurity pros expect fundamental, long-term changes to their organization's computing and data security due to the shift to more remote work and accelerated cloud adoption. Download this report from Dark Reading to learn more about their challenges and concerns. [MORE REPORTS]( CURRENT ISSUE [Incorporating a Prevention Mindset into Threat Detection and Response]( [DOWNLOAD THIS ISSUE]( [SUBSCRIBE NOW]( [BACK ISSUES]( | [MUST READS]( | [TECH DIGEST]( PRODUCTS & RELEASES [Lacework Integrates Kubernetes Features to Enhance Security Across Multi-Cloud Environments]( [(ISC)² Unveils 100K in the UK Scheme to Expand the UK Cybersecurity Workforce with 100,000 Free Entry-Level Certification Exams and Education Opportunities]( [Rubrik Launches Rubrik Security Cloud to Secure Data, Wherever it Lives, Across Enterprise, Cloud, and SaaS]( [Barracuda Expands Cloud-Native SASE Platform to Protect Hybrid Cloud Deployments]( [Qualys Adds Custom Assessment and Remediation to Its Cloud Platform]( [Ericom’s New ZTEdge Web Application Isolation Addresses Security Concerns Associated With Third-Party Contractor Application Access]( [Bitdefender Launches Identity Theft Protection Service for U.S. Consumers]( [TorchLight Expands Cybersecurity Services With MDR Sentinel in Partnership With Microsoft]( [YouMail Launches YouMail Protective Services for Carriers and Enterprises]( [MORE PRODUCTS & RELEASES]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To update your profile, change your e-mail address, or unsubscribe, [click here.]( To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:customerservice_informationhub@techweb.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:customerservice_informationhub@techweb.com)