Ransomware Attackers Bypass Microsoft's ProxyNotShell Mitigations | 'Blindside' Attack Subverts EDR Platforms

The Play ransomware group was spotted exploiting another little-known SSRF bug to trigger RCE on affected Exchange servers. [TechWeb]( Follow Dark Reading: [RSS]( December 22, 2022 LATEST SECURITY NEWS & COMMENTARY [Ransomware Attackers Bypass Microsoft's ProxyNotShell Mitigations With Fresh Exploit]( The Play ransomware group was spotted exploiting another little-known SSRF bug to trigger RCE on affected Exchange servers. ['Blindside' Attack Subverts EDR Platforms From Windows Kernel]( The technique loads a nonmonitored and unhooked DLL, and leverages debug techniques that could allow for running arbitrary code. [Stolen Data on 80K+ Members of FBI-Run InfraGard Reportedly for Sale on Dark Web Forum]( InfraGard's members include key security decision-makers and stakeholders from all 16 US civilian critical-infrastructure sectors. [Godfather Banking Trojan Masquerades as Legitimate Google Play App]( The malware has resurfaced, using an icon and name similar to the legitimate Google Play app MYT Music, a popular app with more than 10 million downloads. [Microsoft Warns on 'Achilles' macOS Gatekeeper Bypass]( The latest bypass for Apple's application-safety feature could allow malicious takeover of Macs. [Holiday Spam, Phishing Campaigns Challenge Retailers]( Revived levels of holiday spending have caught the eye of threat actors who exploit consumer behaviors and prey on the surge of online payments and digital activities during the holidays. [Malicious Python Trojan Impersonates SentinelOne Security Client]( A fully functional SentinelOne client is actually a Trojan horse that hides malicious code within; it was found lurking in the Python Package Index repository ecosystem. [Cyber Threats Loom as 5B People Prepare to Watch World Cup Final]( The 2022 FIFA Men's World Cup final in Qatar will be the most-watched sporting event in history — but will cybercriminals score a hat trick off its state-of-the-art digital footprint? [Iran-Backed Charming Kitten APT Eyes Kinetic Ops, Kidnapping]( The not-so-charming APT's intelligence-gathering initiatives are likely being used by the Iranian state to target kidnapping victims. [Sophisticated DarkTortilla Malware Serves Imposter Cisco, Grammarly Pages]( Sites spoofing Grammarly and a Cisco webpage are spreading the DarkTortilla threat, which is filled with follow-on malware attacks. [CSAF Is the Future of Vulnerability Management]( Version 2.0 of the Common Security Advisory Framework will enable organizations to automate vulnerability remediation. [Compliance Is Not Enough: How to Manage Your Customer Data]( Effective customer data management helps companies avoid data breaches and the resulting cascade of issues. From validating "clean" data to centralized storage and a data governance strategy, management steps can help keep data safe. [Data Destruction Policies in the Age of Cloud Computing]( It's time for on-the-record answers to questions about data destruction in cloud environments. Without access, how do you verify data has been destroyed? Do processes meet DoD standards, or do we need to adjust standards to meet reality? [Name That Toon: Kiss and Tell]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. [Rethinking Risk After the FTX Debacle]( Risk is no longer a single entity, but rather an interconnected web of resources, assets, and users. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Protecting Hospital Networks From 'Code Dark' Scenarios]( Asset inventory, behavioral baselining, and automated response are all key to keeping patients healthy and safe. [Why Security Teams Shouldn't Snooze on MFA Fatigue]( Employee education, biometric and adaptive authentication, and zero trust can go a long way in strengthening security. [Coming to a SOC Near You: New Browsers, 'Posture' Management, Virtual Assistants]( Startups are coalescing around effective data loss prevention, reducing data attack surfaces, and viable AI automation. [MORE]( EDITORS' CHOICE [AWS Elastic IP Transfer Feature Gives Cyberattackers Free Range]( Threat actors can take over victims' cloud accounts to steal data, or use them for command-and-control for phishing attacks, denial of service, or other cyberattacks. LATEST FROM THE EDGE [Give Yourself the Gift of Secure Holiday E-Commerce]( Automating your defenses can bring good tidings of great joy. LATEST FROM DR TECHNOLOGY [How AI/ML Can Thwart DDoS Attacks]( When properly designed and trained, artificial intelligence and machine learning can help improve the accuracy of distributed denial-of-service detection and mitigation. WEBINARS - [The Craziest Cyberattacks Seen In the Wild and How You Can Avoid Them]( It feels like we hear about a new devastating cyberattack in the news every day. And attack methods seem to be proliferating at an exponential rate. So, which tactics should you be aware of beyond standard "click and infect" attack ... - [Zero Trust Security 101: What You Need to Know Before Getting Started]( With varying definitions, variations, and approaches floating around the cybersecurity ecosystem, it can be difficult to get a clear view of what exactly zero trust is, what it means, and what it takes to get it done. In this webinar, ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( - [State of Email Security]( - [Ransomware Resilience and Response: The Next-Generation]( - [Ransomware Is On The Rise]( - [State of Ransomware Readiness: Facing the Reality Gap]( - [How Hybrid Work Fuels Ransomware Attacks]( [View More White Papers >>]( FEATURED REPORTS - [10 Hot Talks From Black Hat USA 2022]( Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ... - [The Promise and Reality of Cloud Security]( Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ... - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Heartland Alliance Provides Notice of Data Security Incident]( [Trend Micro Joins Google’s App Defense Alliance]( [Kaspersky Research Finds Reverse Engineering Is the Most On-Demand Skill Among InfoSec Specialists]( [Bfore.Ai Releases 'The King, The Knight & The Snowball' - Cybersecurity Book for Children]( [Searchlight Security Changes Name to Searchlight Cyber and Launches New Brand]( [Cybersecurity Company VMRay Extends Series B Investment to a Total of $34M USD to Drive Growth into New Markets]( [Bugcrowd Launches Bug Bounty Program for Australian-Based Navitas]( [Axonius Bolsters SaaS Management Offering With Behavioral Analytics and SaaS User-Device Association Capabilities]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [The Promise and Reality of Cloud Security]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)