Critical Bugs Threaten to Crack Atlassian Confluence Workspaces Wide Open | 8 Hot Summer Fiction Reads for Security Pros

Call it a "cyber tax": Those costs are usually passed on to consumers, not investors, as compromised businesses raise prices for goods and services. [TechWeb]( Follow Dark Reading: [RSS]( July 28, 2022 LATEST SECURITY NEWS & COMMENTARY [Critical Bugs Threaten to Crack Atlassian Confluence Workspaces Wide Open]( A hardcoded password associated with the Questions for Confluence app has been publicly released, which will likely lead to exploit attempts that give cyberattackers access to all Confluence content. [Average Data Breach Costs Soar to $4.4M in 2022]( Call it a "cyber tax": Those costs are usually passed on to consumers, not investors, as compromised businesses raise prices for goods and services. [Rare 'CosmicStrand' UEFI Rootkit Swings into Cybercrime Orbit]( The firmware threat offers ultimate stealth and persistence — and may be distributed via tainted firmware components in a supply chain play, researchers theorize. [Snowballing Ransomware Variants Highlight Growing Threat to VMware ESXi Environments]( Luna, Black Basta add to rapidly growing list of malware tools targeted at virtual machines deployed on VMware's bare-metal hypervisor technology. [Mysterious, Cloud-Enabled macOS Spyware Blows Onto the Scene]( The CloudMensis spyware, which can lift reams of sensitive information from Apple machines, is the first Mac malware observed to exclusively rely on cloud storage for C2 activities. [Discord, Telegram Services Hijacked to Launch Array of Cyberattacks]( Attackers are easily turning popular messaging apps and their associated services — like bots, cloud infrastructure, and CDNs — against users, researchers warn. [LockBit 3.0: Significantly Improved Ransomware Helps the Gang Stay on Top]( Just ahead of its headline-grabbing attack on the Italian tax agency, the infamous ransomware group debuted an improved version of the malware featuring parts from Egregor and BlackMatter. [Phishing Bonanza: Social-Engineering Savvy Skyrockets as Malicious Actors Cash In]( The ever-evolving threat from phishing is growing more sophisticated as attackers design high-pressure situations and leverage ever-more-convincing social engineering tactics to increase their success rates. [Ducktail Spear-Phishing Campaign Uses LinkedIn to Hijack Facebook Business Accounts]( Ducktail targets marketing and HR professionals through LinkedIn to hijack Facebook accounts and run malvertising schemes. [The Beautiful Lies of Machine Learning in Security]( Machine learning should be considered an extension of — not a replacement for — existing security methods, systems, and teams. [The Kronos Ransomware Attack: What You Need to Know So Your Business Isn't Next]( Identify your business's security posture and head off ransomware attacks with third-party risk management and vendor security assessments. [What Firewalls Can — and Can't — Accomplish]( Understanding the limitations of firewalls is important to protecting the organization from evolving threats. [T-Mobile Pitches $4-Per-Customer Settlement for Data Leak Impacting 80M People]( After leaking 80 million US customer data records in a cyberattack last summer, T-Mobile offers to settle a wide-ranging class action suit for just $350 million. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [ICYMI: Neopets & the Gaming Problem; SolarWinds Hackers Are Back; Google Ads Abused]( Dark Reading's weekly roundup of all the OTHER important stories of the week. [The Great BizApp Hack: Cyber-Risks in Your Everyday Business Applications]( IT admins can lock some of the obvious open doors in business applications, but system visibility is key. Build automatic monitoring defenses and adopt a Git-like tool so you can "version" your business apps to restore prior states. [What InfoSec Pros Can Teach the Organization About ESG]( Security pros' experience with transparency and evaluating third-party partners positions them to act as key environmental, social, and governance advisers. [MORE]( EDITORS' CHOICE [8 Hot Summer Fiction Reads for Cybersecurity Pros]( A reading list of recommended novels curated by cybersecurity experts for cybersecurity experts. LATEST FROM THE EDGE [Equitable Digital Identity Verification Requires Moving Past Flawed Legacy Systems]( Data science can be used to improve access to government assistance while reducing fraud. LATEST FROM DR TECHNOLOGY [AI Can Help Fintechs Fight Fraud-as-a-Service]( Artificial intelligence tools can help companies strike the right balance between preventing financial crime and maintaining customer service and satisfaction. WEBINARS - [Assessing Cyber Risk]( Top executives often ask, "how safe are we from a cyber breach?" But it can be difficult to quantitatively measure cyber risk, and even harder to assess your organization's attack surface. In this webinar, you'll learn how to evaluate your ... - [Building and Maintaining Security at the Network Edge]( Advances in networking and new technologies have expanded the possibilities of deploying applications at the network edge. These edge devices bring with them their own security management challenges and risks. How do you scale your security to manage the sheer ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [6 Elements of a Solid IoT Security Strategy]( - [Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal]( - [The Many Risks of Modern Application Development]( - [The Many Facets of Modern Application Development]( - [Endpoint Detection Net Suite Use Cases]( - [Optimizing Endpoint Protection]( - [Ambush Attackers at the Endpoint with the Endpoint Detection Net (EDN) Suite]( [View More White Papers >>]( FEATURED REPORTS - [Breaches Prompt Changes to Enterprise IR Plans and Processes]( - [State of the Cloud: A Security Perspective]( Cloud computing has evolved over the years from a nice-to-have item on the IT wish list to a core technology driving business initiatives. But despite widespread adoption, cloud-based IT systems continue to be saddled with issues related to data security, ... - [Rethinking Endpoint Security in a Pandemic and Beyond]( IT security teams are expending the concept of "endpoint security" as companies adjust to a distributed workforce. How much responsibility will enterprise IT take for the security of personal devices such as printers. How will they manage identities across multiple ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [First Cohort Graduates from PSM Cyber Stars Program at Liverpool FC]( [No More Ransom Helped More Than 1.5 Million People Decrypt Their Devices]( [Craig Newmark Gives UC Berkeley $2 Million for University Cybersecurity Clinics]( [Norton Consumer Cyber Safety Pulse Report: Phishing for New Bait on Social Media]( [Siemens Energy Takes Next Step to Protect Critical Infrastructure]( [Aqua Launches Out-of-the-Box Runtime Security with Advanced Protection against the Most Sophisticated Threats]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Implementing Zero Trust In Your Enterprise: How to Get Started]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)