Microsoft 365 Users in US Face Raging Spate of Attacks | 7 Ways to Avoid Worst-Case Cyber Scenarios

A voicemail-themed phishing campaign is hitting specific industry verticals across the country, bent on scavenging credentials that can be used for a range of nefarious purposes. [TechWeb]( Follow Dark Reading: [RSS]( June 23, 2022 LATEST SECURITY NEWS & COMMENTARY [Microsoft 365 Users in US Face Raging Spate of Attacks]( A voicemail-themed phishing campaign is hitting specific industry verticals across the country, bent on scavenging credentials that can be used for a range of nefarious purposes. [MetaMask Crypto-Wallet Theft Skates Past Microsoft 365 Security]( The credential-phishing attack leverages social engineering and brand impersonation techniques to lead users to a spoofed MetaMask verification page. [56 Vulnerabilities Discovered in OT Products From 10 Different Vendors]( Deep-dive study unearthed security flaws that could allow remote code execution, file manipulation, and malicious firmware uploads, among other badness. [Capital One Attacker Exploited Misconfigured AWS Databases]( After bragging in underground forums, the woman who stole 100 million credit applications from Capital One has been found guilty. [Atlassian Confluence Server Bug Under Active Attack to Distribute Ransomware]( Most of the attacks involve the use of automated exploits, security vendor says. [Internet Explorer Now Retired but Still an Attacker Target]( Though the once-popular browser is officially now history as far as Microsoft support goes, adversaries won't stop attacking it, security experts say. [Russia's APT28 Launches Nuke-Themed Follina Exploit Campaign]( Researchers have spotted the threat group, also known as Fancy Bear and Sofacy, using the Windows MSDT vulnerability to distribute information stealers to users in Ukraine. [GitHub's MFA Plans Should Spur Rest of Industry to Raise the Bar]( We as industry leaders should be building on what individual platforms like GitHub are doing in two critical ways: demanding third parties improve security and creating more interoperable architectures. [The Cybersecurity Diversity Gap: Advice for Organizations Looking to Thrive]( Companies need to fill some of the 3.5 million empty cybersecurity seats with workers who bring different experiences, perspectives, and cultures to the table. Cut a few doors and windows into the security hiring box. [Getting a Better Handle on Identity Management in the Cloud]( Treat identity management as a first-priority problem, not something to figure out later while you get your business up and running in the cloud. [Name That Toon: Cuter Than a June Bug]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [RSAC Startup Competition Focuses on Post-Cloud IT Infrastructure]( A secure Web browser takes the top prize, and for the second year in a row malware detection is an afterthought. [Can We Make a Global Agreement to Halt Attacks on Our Energy Infrastructure?]( The energy sector remains susceptible to both espionage between nation-states and cybercrime, and recent developments keep pointing toward more attacks. [MORE]( EDITORS' CHOICE [7 Ways to Avoid Worst-Case Cyber Scenarios]( In the wake of devastating attacks, here are some of the best techniques and policies a company can implement to protect its data. LATEST FROM THE EDGE [Evolving Beyond the Password: It's Time to Up the Ante]( While there's an immediate need to improve MFA adoption, it's also critical to move to more advanced and secure passwordless frameworks, including biometrics. (Part 1 of 2) LATEST FROM DR TECHNOLOGY [Evolving Beyond the Password: Vanquishing the Password]( Using WebAuthn, physical keys, and biometrics, organizations can adopt more advanced passwordless MFA and true passwordless systems. (Part 2 of 2) WEBINARS - [Building and Maintaining Security at the Network Edge]( Advances in networking and new technologies have expanded the possibilities of deploying applications at the network edge. These edge devices bring with them their own security management challenges and risks. How do you scale your security to manage the sheer ... - [Outsourcing Cybersecurity: A Decision Maker's Guide]( When it comes to cybersecurity, very few enterprises have all the skills and resources they need on staff. On today's market, your enterprise can outsource a wide variety of cyber tasks, from penetration testing to security monitoring to incident response. ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Incorporating a Prevention Mindset into Threat Detection and Response]( - [Five Best Practices for AWS Security Monitoring]( - [Sumo Logic for Continuous Intelligence]( - [Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal]( - [The Many Facets of Modern Application Development]( - [Optimizing Endpoint Protection]( - [Ambush Attackers at the Endpoint with the Endpoint Detection Net (EDN) Suite]( [View More White Papers >>]( FEATURED REPORTS - [Incorporating a Prevention Mindset into Threat Detection and Response]( - [State of the Cloud: A Security Perspective]( Cloud computing has evolved over the years from a nice-to-have item on the IT wish list to a core technology driving business initiatives. But despite widespread adoption, cloud-based IT systems continue to be saddled with issues related to data security, ... - [How Enterprises Are Securing the Application Environment]( Download this report from Dark Reading to learn more about the measures enterprises have adopted to ensure the security of their internally developed applications and third-party packaged applications. [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Synopsys Completes Acquisition of WhiteHat Security]( [Aqua Security Collaborates With Center for Internet Security to Create Guide for Software Supply Chain Security]( [Zscaler and AWS Expand Relationship]( [Neustar Security Services Launches Public UltraDNS Health Check Site]( [Tanium Partners With ScreenMeet to Enable Employees to Securely Connect to Their Remote Desktops]( [Linux Foundation Announces Open Programmable Infrastructure Project to Drive Open Standards for New Class of Cloud Native Infrastructure]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [What Every Enterprise Should Know About Security Product Testing]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)