Actively Exploited Atlassian Zero-Day Bug Allows Full System Takeover | Emerging Threat: Attacking 5G Via Network Slices

An RCE vulnerability in all versions of the popular Confluence collaboration platform can be abused in credential harvesting, cyber espionage, and network backdoor attacks. [TechWeb]( Follow Dark Reading: [RSS]( June 09, 2022 LATEST SECURITY NEWS & COMMENTARY [Actively Exploited Atlassian Zero-Day Bug Allows Full System Takeover]( A remote code execution (RCE) vulnerability in all versions of the popular Confluence collaboration platform can be abused in credential harvesting, cyber espionage, and network backdoor attacks. [An Emerging Threat: Attacking 5G Via Network Slices]( A successful attack against 5G networks could disrupt critical infrastructure, manipulate sensor data, or even cause physical harm to humans. [Black Basta Ransomware Targets ESXi Servers in Active Campaign]( The new ransomware strain Black Basta is now actively targeting VMware ESXi servers in an ongoing campaign, encrypting files inside a targeted volumes folder. [Mandia: Keep 'Shields Up' to Survive the Current Escalation of Cyberattacks]( As Mandiant CEO Kevin Mandia's company prepares to become part of Google, the incident response company continues to investigate many of the most critical cyber incidents. [Cybersecurity M&A Activity Shows No Signs of Slowdown]( But valuations have dropped — and investors are paying closer attention to revenues and profitability, industry analysts say. [US Sanctions Force Evil Corp to Change Tactics]( The threat actor behind the notorious Dridex campaign has switched from using its exclusive credential-harvesting malware to a ransomware-as-a-service model, to make attribution harder. [RSAC Opens With Message of Transformation]( Cybersecurity needs to shift its thinking ahead of the next disruption, RSA's CEO said during the opening 2022 conference keynote. [Communication Is Key to CISO Success]( A panel of CISOs at the RSA Conference outlined what a successful first 90-day plan looks like, and it boiled down to effective communication and listening. [Are You Ready for a Breach in Your Organization's Slack Workspace?]( A single compromised Slack account can easily be leveraged to deceive other users and gain additional access to other users and multiple Slack channels. [Fighting Follina: Application Vulnerabilities and Detection Possibilities]( Although organizations should perform proper risk analysis and patch as soon as practical after there's a fix for this vulnerability, defenders still have options before that's released. [Enterprise Security Around the Dinner Table]( Enterprise cybersecurity awareness training has evolved to include informal lessons for employees' family members, and it has many benefits. [Building America's Cybersecurity Infrastructure]( The government is putting the right skills and expertise in place to fight the rising cyber threat. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Why Network Object Management Is Critical for Managing Multicloud Network Security]( If you want your IT and security administrators to get buried in trivial workloads and productivity bottlenecks, having poor network object management is a great way to accomplish that. [How Do We Secure Our Cities From Attack?]( Physical access matters in keeping people and buildings safe. Points to consider when establishing a physical security protocol are ways to lock down an area to keep people safe, approaches to communicate clear safety directions, and access control. [7 NFT Scams That Could Be Targeting Your Brand]( Brands should be vigilant to ensure sites and listings promoting NFTs for sale are legitimate and not being used as an instrument by fraudsters to swindle customers. [MORE]( EDITORS' CHOICE [Multilevel Extortion: DeadBolt Ransomware Targets Internet-Facing NAS Devices]( The innovative ransomware targets NAS devices, has a multitiered payment and extortion scheme as well as a flexible configuration, and takes a heavily automated approach. LATEST FROM THE EDGE [10 No-BS Tips for Building a Diverse and Dynamic Security Team]( Advice from women and nonbinary security leaders on creating well-rounded security teams, stronger CISO leadership, and a more resilient industry. LATEST FROM DR TECHNOLOGY [Talon Grasps Victory at a Jubilant RSAC Innovation Sandbox]( Spirits were high at the return of the in-person contest, which kicked off by bringing last year's virtual event winner on stage. Tech Resources - [Eight Best Practices for a Data-Driven Approach to Cloud Migration]( - [Sumo Logic for Continuous Intelligence]( - [Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal]( - [Five Cardinal Sins of Data Security and Privacy]( - [Protecting Endpoint to Work from Anywhere]( - [Best Practices for Application Security in the Cloud]( - [AppSec Considerations For Modern Application Development]( [ACCESS TECH LIBRARY NOW]( - [Outsourcing Cybersecurity: A Decision Maker's Guide]( When it comes to cybersecurity, very few enterprises have all the skills and resources they need on staff. On today's market, your enterprise can outsource a wide variety of cyber tasks, from penetration testing to security monitoring to incident response. ... - [Implementing Zero Trust in Your Enterprise]( Attackers have shown time and again that perimeter security is no longer enough to keep them out. The concept of internal users and outsiders doesn't work in network defense when attackers use credential theft and lateral movement to pretend they ... [MORE WEBINARS]( FEATURED REPORTS - [Practical Network Security Approaches for a Multicloud, Hybrid IT World]( The report covers areas enterprises should focus on for their multicloud/hybrid cloud security strategy: -increase visibility over the environment -learning cloud-specific skills -relying on established security frameworks -re-architecting the network - [Rethinking Endpoint Security in a Pandemic and Beyond]( IT security teams are expending the concept of "endpoint security" as companies adjust to a distributed workforce. How much responsibility will enterprise IT take for the security of personal devices such as printers. How will they manage identities across multiple ... [MORE REPORTS]( CURRENT ISSUE [Improving Enterprise Cybersecurity With XDR]( [DOWNLOAD THIS ISSUE]( [SUBSCRIBE NOW]( [BACK ISSUES]( | [MUST READS]( | [TECH DIGEST]( PRODUCTS & RELEASES [Cybersecurity Industry Leaders Launch Campaign to Close the Cybersecurity Talent Gap]( [CISA Challenges Partners and Public to Push for 'More Than a Password' in New Social Media Campaign]( [CyberRatings.org Announces Test on Cloud Network Firewall]( [Research Reveals 75% of CISOs Are Worried Too Many Application Vulnerabilities Leak Into Production, Despite a Multi-Layered Security Approach]( [Optiv Launches Cyber Recovery Solution Focused on Protection and Rapid Recovery]( [Forescout Announces Intent to Acquire Cysiv to Deliver Data-Powered Threat Detection and Response]( [BigID Introduces Cloud Data Security On Demand]( [Fortinet Unveils New Digital Risk Protection Offering]( [Bugcrowd Expands Pen Testing Solutions with New Platform Services]( [MORE PRODUCTS & RELEASES]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To update your profile, change your e-mail address, or unsubscribe, [click here.]( To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:customerservice_informationhub@techweb.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:customerservice_informationhub@techweb.com)