Critical Bugs Threaten to Crack Atlassian Confluence Workspaces Wide Open

A hardcoded password associated with the Questions for Confluence app has been publicly released, which will likely lead to exploit attempts that give cyberattackers access to all Confluence content. [TechWeb]( Follow Dark Reading: [RSS]( July 25, 2022 LATEST SECURITY NEWS & COMMENTARY [Critical Bugs Threaten to Crack Atlassian Confluence Workspaces Wide Open]( A hardcoded password associated with the Questions for Confluence app has been publicly released, which will likely lead to exploit attempts that give cyberattackers access to all Confluence content. [ICYMI: Neopets & the Gaming Problem; SolarWinds Hackers Are Back; Google Ads Abused]( Dark Reading's weekly roundup of all the OTHER important stories of the week. [Snowballing Ransomware Variants Highlight Growing Threat to VMware ESXi Environments]( Luna, Black Basta add to rapidly growing list of malware tools targeted at virtual machines deployed on VMware's bare-metal hypervisor technology. [Phishing Bonanza: Social-Engineering Savvy Skyrockets as Malicious Actors Cash In]( The ever-evolving threat from phishing is growing more sophisticated as attackers design high-pressure situations and leverage ever-more-convincing social engineering tactics to increase their success rates. [Google Chrome Zero-Day Weaponized to Spy on Journalists]( Candiru attackers breached a news agency employee website to target journalists with DevilsTongue spyware, researchers say. [What Firewalls Can — and Can't — Accomplish]( Understanding the limitations of firewalls is important to protecting the organization from evolving threats. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [The Market Is Teeming: Bargains on Dark Web Give Novice Cybercriminals a Quick Start]( A study of the unregulated dark markets shows that the vast majority of malware, exploits, and attacker tools sell for less than $10, giving would-be criminals a fast entry point. [The Kronos Ransomware Attack: What You Need to Know So Your Business Isn't Next]( Identify your business's security posture and head off ransomware attacks with third-party risk management and vendor security assessments. [Name That Toon: Modern-Day Fable]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. [MORE]( EDITORS' CHOICE [Mysterious, Cloud-Enabled macOS Spyware Blows Onto the Scene]( The CloudMensis spyware, which can lift reams of sensitive information from Apple machines, is the first Mac malware observed to exclusively rely on cloud storage for C2 activities. LATEST FROM THE EDGE [Understanding Proposed SEC Rules Through an ESG Lens]( Cyber threats are putting environmental, social, and governance discussions at the forefront of board meetings and C-suite discussions around the globe. LATEST FROM DR TECHNOLOGY [Unlocking the Cybersecurity Benefits of Digital Twins]( Security pros can employ the technology to evaluate vulnerabilities and system capabilities, but they need to watch for the potential risks. WEBINARS - [Building and Maintaining an Effective Remote Access Strategy]( The COVID-19 pandemic transformed enterprises into remote workplaces overnight, forcing IT organizations to revamp their computing and networking strategies on the fly. Some of the changes were intended to be temporary, and some rules were adopted without thinking through all ... - [Building and Maintaining Security at the Network Edge]( Advances in networking and new technologies have expanded the possibilities of deploying applications at the network edge. These edge devices bring with them their own security management challenges and risks. How do you scale your security to manage the sheer ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Breaches Prompt Changes to Enterprise IR Plans and Processes]( - [Implementing Zero Trust In Your Enterprise: How to Get Started]( - [6 Elements of a Solid IoT Security Strategy]( - [Incorporating a Prevention Mindset into Threat Detection and Response]( - [Five Best Practices for AWS Security Monitoring]( - [Sumo Logic for Continuous Intelligence]( - [Optimizing Endpoint Protection]( [View More White Papers >>]( FEATURED REPORTS - [Implementing Zero Trust In Your Enterprise: How to Get Started]( - [6 Elements of a Solid IoT Security Strategy]( - [State of the Cloud: A Security Perspective]( Cloud computing has evolved over the years from a nice-to-have item on the IT wish list to a core technology driving business initiatives. But despite widespread adoption, cloud-based IT systems continue to be saddled with issues related to data security, ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [GhangorCloud Announces CAPE, a Next Generation Unified Compliance and Data Privacy Enforcement Solution]( [Enso Security Leads Industry Mission to Bring Control to Chaos With Community-Driven AppSec Map]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Implementing Zero Trust In Your Enterprise: How to Get Started]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)