Microsoft Warns on Zero-Day Spike as Nation-State Groups Shift Tactics

The software giant also recorded an increase in attacks on IT services companies as state-backed threat actors have adapted to better enterprise defenses and cast a wider net, Microsoft says. [TechWeb]( Follow Dark Reading: [RSS]( November 07, 2022 LATEST SECURITY NEWS & COMMENTARY [Microsoft Warns on Zero-Day Spike as Nation-State Groups Shift Tactics]( The software giant also recorded an increase in attacks on IT services companies as state-backed threat actors have adapted to better enterprise defenses and cast a wider net, Microsoft says. [Cyberattackers Focus In on State-of-the-Art ALMA Observatory]( Operations at the world's most expensive ground-based telescope, high in the Atacama Desert, remain disrupted. [W4SP Stealer Stings Python Developers in Supply Chain Attack]( Threat actors continue to push malicious Python packages to the popular PyPI service, striking with typosquatting, authentic sounding file names, and hidden imports to fool developers and steal their information. [RomCom Malware Woos Victims With 'Wrapped' SolarWinds, KeePass Software]( An analysis of the RomCom APT shows the group is expanding its efforts beyond the Ukrainian military into the UK and other English-speaking countries. [Build Security Around Users: A Human-First Approach to Cyber Resilience]( Security is more like a seat belt than a technical challenge. It's time for developers to shift away from a product-first mentality and craft defenses that are built around user behaviors. [NCSC Implements Vulnerability Scanning Program Across UK]( The cybersecurity agency announced it intends to scan all Internet-connected devices hosted in the UK for known vulnerabilities. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Supply Chain Attack Pushes Out Malware to More than 250 Media Websites]( TA569 has modified the JavaScript of a legitimate content and advertising engine used by news affiliates, in order to spread the FakeUpdates initial access framework. [Are You a CISO Building Your Risk Register for 2023? Read This First]( Achieving basic IT hygiene is 99% of the game. [Layoffs Mount as Cybersecurity Vendors Hunker Down]( With the vast majority of business leaders expecting a recession in 2023, cybersecurity firms are bolstering their operations and cash flow by laying off workers. [MORE]( EDITORS' CHOICE [Oreo Giant Mondelez Settles NotPetya 'Act of War' Insurance Suit]( The settlement muddies the waters even further for the viability of war exclusion clauses when it comes to cyber insurance. LATEST FROM THE EDGE [Wanted: Cybersecurity Training That Breaks Down Silos]( The next generation of cybersecurity pros will need to participate frequently in relevant training to expand their skills and stay engaged. LATEST FROM DR TECHNOLOGY [Human Security Tackles Malvertising With Clean.io Buy]( Dark Reading's analysis suggests that Human Security's acquisition of clean.io will significantly expand the company's fraud prevention and anti-malvertising portfolio. WEBINARS - [Analyzing and Correlating Security Operations Data]( Most security operations centers aren't failing because they don't have enough data - they are failing because they have too much data. In this webinar, experts recommend tools and best practices for correlating information from multiple security systems so that ... - [Understanding Cyber Attackers & Their Methods]( Every day, your enterprise is at risk of being hacked. But just who are the cyber attackers, and what are their motivations? What methods might they use to crack enterprise data, and how do they stage their attacks? Do you ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [State of Email Security]( - [Ransomware Is On The Rise]( - [State of Ransomware Readiness: Facing the Reality Gap]( - [Why Legacy Point Tools Are Failing in Today's Environment]( - [How Hybrid Work Fuels Ransomware Attacks]( - [The Ultimate Buyer's Guide: SASE Security]( - [2022 Cyberthreat Defense Report]( [View More White Papers >>]( FEATURED REPORTS - [Breaches Prompt Changes to Enterprise IR Plans and Processes]( - [Implementing Zero Trust In Your Enterprise: How to Get Started]( - [6 Elements of a Solid IoT Security Strategy]( [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Calamu Partners With Wasabi Technologies to Deliver Cloud Storage Vaults]( [Simplilearn and the University of California, Irvine Division of Continuing Education Partner for a Cybersecurity Boot Camp]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [How Enterprises Are Attacking the Cybersecurity Problem]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)