Microsoft 365 Users in US Face Raging Spate of Attacks

A voicemail-themed phishing campaign is hitting specific industry verticals across the country, bent on scavenging credentials that can be used for a range of nefarious purposes. [TechWeb]( Follow Dark Reading: [RSS]( June 23, 2022 LATEST SECURITY NEWS & COMMENTARY [Microsoft 365 Users in US Face Raging Spate of Attacks]( A voicemail-themed phishing campaign is hitting specific industry verticals across the country, bent on scavenging credentials that can be used for a range of nefarious purposes. [MetaMask Crypto-Wallet Theft Skates Past Microsoft 365 Security]( The credential-phishing attack leverages social engineering and brand impersonation techniques to lead users to a spoofed MetaMask verification page. [Russia's APT28 Launches Nuke-Themed Follina Exploit Campaign]( Researchers have spotted the threat group, also known as Fancy Bear and Sofacy, using the Windows MSDT vulnerability to distribute information stealers to users in Ukraine. [80% of Firms Suffered Identity-Related Breaches in Last 12 Months]( With almost every business experiencing growth in human and machine identities, firms have made securing those identities a priority. [GitHub's MFA Plans Should Spur Rest of Industry to Raise the Bar]( We as industry leaders should be building on what individual platforms like GitHub are doing in two critical ways: demanding third parties improve security and creating more interoperable architectures. [Getting a Better Handle on Identity Management in the Cloud]( Treat identity management as a first-priority problem, not something to figure out later while you get your business up and running in the cloud. [Fresh Magecart Skimmer Attack Infrastructure Flagged by Analysts]( Don't sleep on Magecart attacks, which security teams could miss by relying solely on automated crawlers and sandboxes, experts warn. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [56 Vulnerabilities Discovered in OT Products From 10 Different Vendors]( Deep-dive study unearthed security flaws that could allow remote code execution, file manipulation, and malicious firmware uploads, among other badness. [Name That Toon: Cuter Than a June Bug]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. [Why Financial Institutions Must Double Down on Open Source Investments]( Open source is here to stay, and it's imperative that CIOs have a mature, open source engagement strategy, across consumption, contribution, and funding as a pillar of digital transformation. [MORE]( EDITORS' CHOICE [7 Ways to Avoid Worst-Case Cyber Scenarios]( In the wake of devastating attacks, here are some of the best techniques and policies a company can implement to protect its data. LATEST FROM THE EDGE [Organizations Battling Phishing Malware, Viruses the Most]( Organizations may not encounter malware targeting cloud systems or networking equipment frequently, but the array of malware they encounter just occasionally are no less disruptive or damaging. That is where the focus needs to be. LATEST FROM DR TECHNOLOGY [Credential Sharing as a Service: The Hidden Risk of Low-Code/No-Code]( Low-code/no-code platforms allow users to embed their existing user identities within an application, increasing the risk of credentials leakage. WEBINARS - [Building and Maintaining an Effective Remote Access Strategy]( The COVID-19 pandemic transformed enterprises into remote workplaces overnight, forcing IT organizations to revamp their computing and networking strategies on the fly. Some of the changes were intended to be temporary, and some rules were adopted without thinking through all ... - [How Ransomware Works - And What You Can Do to Stop It]( From Darkside, to Lockbit, to Conti, ransomware gangs pulled off many headline-making attacks in the last year and they have evolved their techniques to become more stealthy and sophisticated when targeting organizations. In this webinar, experts walk you through the ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Five Best Practices for AWS Security Monitoring]( - [Eight Best Practices for a Data-Driven Approach to Cloud Migration]( - [Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal]( - [The Many Facets of Modern Application Development]( - [Endpoint Detection Net Suite Use Cases]( - [Optimizing Endpoint Protection]( - [Ambush Attackers at the Endpoint with the Endpoint Detection Net (EDN) Suite]( [View More White Papers >>]( FEATURED REPORTS - [Practical Network Security Approaches for a Multicloud, Hybrid IT World]( The report covers areas enterprises should focus on for their multicloud/hybrid cloud security strategy: -increase visibility over the environment -learning cloud-specific skills -relying on established security frameworks -re-architecting the network - [How Enterprises Are Securing the Application Environment]( Download this report from Dark Reading to learn more about the measures enterprises have adopted to ensure the security of their internally developed applications and third-party packaged applications. - [How Enterprises Plan to Address Endpoint Security Threats in a Post-Pandemic World]( Dark Reading's 2022 Endpoint Security Report examines how IT and cybersecurity professionals are grappling with the impact of pandemic-related changes on endpoint security strategies. The report explores how they are building their endpoint security defenses, and provides insight on what organizations ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Tanium Partners With ScreenMeet to Enable Employees to Securely Connect to Their Remote Desktops]( [Zscaler Launches Posture Control Solution]( [Zscaler Adds New AI/ML Capabilities for the Zscaler Zero Trust Exchange]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [What Every Enterprise Should Know About Security Product Testing]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)