APT-Like Phishing Threat Mirrors Landing Pages

By dynamically mirroring an organization’s login page, threat actors are propagating legitimate-looking phishing attacks that encourage victims to offer up access to the corporate crown jewels. [TechWeb]( Follow Dark Reading: [RSS]( July 29, 2022 LATEST SECURITY NEWS & COMMENTARY [APT-Like Phishing Threat Mirrors Landing Pages]( By dynamically mirroring an organization’s login page, threat actors are propagating legitimate-looking phishing attacks that encourage victims to offer up access to the corporate crown jewels. [1,000s of Phishing Attacks Blast Off From InterPlanetary File System]( The peer-to-peer network IPFS offers an ingenious base for cyberattacks and is seeing a stratospheric increase in malicious hosting. [In a Post-Macro World, Container Files Emerge as Malware-Delivery Replacement]( With Microsoft disabling Office macros by default, threat actors are increasingly using ISO, RAR, LNK, and similar files to deliver malware because they can get around Windows protections. [Patch Now: Atlassian Confluence Bug Under Active Exploit]( Attackers almost immediately leapt on a just-disclosed bug, CVE-2022-26138, affecting Atlassian Confluence, which allows remote, unauthenticated actors unfettered access to Confluence data. [What Women Should Know Before Joining the Cybersecurity Industry]( Three observations about our industry that might help demystify security for women entrants. [What the White House's Cybersecurity Workforce Plan Should Look Like]( By embracing cybersecurity as a critical part of our national security and education strategy, and working together to invest in opportunities for all, we can create a safer, more secure world. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Average Data Breach Costs Soar to $4.4M in 2022]( Call it a "cyber tax": Those costs are usually passed on to consumers, not investors, as compromised businesses raise prices for goods and services. [Name That Toon: Modern-Day Fable]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. [Rare 'CosmicStrand' UEFI Rootkit Swings into Cybercrime Orbit]( The firmware threat offers ultimate stealth and persistence — and may be distributed via tainted firmware components in a supply chain play, researchers theorize. [MORE]( EDITORS' CHOICE [8 Hot Summer Fiction Reads for Cybersecurity Pros]( A reading list of recommended novels curated by cybersecurity experts for cybersecurity experts. LATEST FROM THE EDGE [Understanding Proposed SEC Rules Through an ESG Lens]( Cyber threats are putting environmental, social, and governance discussions at the forefront of board meetings and C-suite discussions around the globe. LATEST FROM DR TECHNOLOGY [The Next Generation of Threat Detection Will Require Both Human and Machine Expertise]( To be truly effective, threat detection and response need to combine the strengths of people and technology. WEBINARS - [Understanding Machine Learning, Artificial Intelligence, & Deep Learning, and When to Use Them]( Advancements in artificial intelligence technology and machine learning and deep learning algorithms promise to transform enterprise security by giving IT security teams tools to detect and respond to attacks faster than before. Before security teams can use these tools, they ... - [Ransomware Resilience and Response: The Next Generation]( When ransomware locks up your business's critical data and essential gear, there is no time to figure out what to do. There is only time to act - without panicking. That's why a good ransomware response playbook is essential: Do ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Implementing Zero Trust In Your Enterprise: How to Get Started]( - [Incorporating a Prevention Mindset into Threat Detection and Response]( - [Five Best Practices for AWS Security Monitoring]( - [Gartner, Quick Answer: How Can Organizations Use DNS to Improve Their Security Posture?]( - [The Many Risks of Modern Application Development]( - [Endpoint Detection Net Suite Use Cases]( - [Optimizing Endpoint Protection]( [View More White Papers >>]( FEATURED REPORTS - [Practical Network Security Approaches for a Multicloud, Hybrid IT World]( The report covers areas enterprises should focus on for their multicloud/hybrid cloud security strategy: -increase visibility over the environment -learning cloud-specific skills -relying on established security frameworks -re-architecting the network - [Rethinking Endpoint Security in a Pandemic and Beyond]( IT security teams are expending the concept of "endpoint security" as companies adjust to a distributed workforce. How much responsibility will enterprise IT take for the security of personal devices such as printers. How will they manage identities across multiple ... - [How Enterprises Are Securing the Application Environment]( Download this report from Dark Reading to learn more about the measures enterprises have adopted to ensure the security of their internally developed applications and third-party packaged applications. [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [First Cohort Graduates from PSM Cyber Stars Program at Liverpool FC]( [OneTouchPoint, Inc. Provides Notice of Data Privacy Event]( [No More Ransom Helped More Than 1.5 Million People Decrypt Their Devices]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Implementing Zero Trust In Your Enterprise: How to Get Started]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)