Majority of Ransomware Attacks Last Year Exploited Old Bugs

New research shows that 57 vulnerabilities that threat actors are currently using in ransomware attacks enable everything from initial access to data theft. [TechWeb]( Follow Dark Reading: [RSS]( February 21, 2023 LATEST SECURITY NEWS & COMMENTARY [Majority of Ransomware Attacks Last Year Exploited Old Bugs]( New research shows that 57 vulnerabilities that threat actors are currently using in ransomware attacks enable everything from initial access to data theft. [Novel Spy Group Targets Telecoms in 'Precision-Targeted' Cyberattacks]( The primary victims so far have been employees of telcos in the Middle East, who were hit with custom backdoors via the cloud, in a likely precursor to a broader attack. [Massive GoAnywhere RCE Exploit: Everything You Need to Know]( Weeks after an exploit was first announced in a popular cloud-based file transfer service, could some organizations still be vulnerable? The answer is yes. [Google Translate Helps BEC Groups Scam Companies in Any Language]( BEC gangs Midnight Hedgehog and Mandarin Capybara show how online marketing and translation tools are making it easy for these threat groups to scale internationally. [Not Stoked: Burton Snowboards' Online Orders Disrupted After Cyberattack]( The snow sports specialist is investigating to see what caused the operations-disrupting "cyber incident." [Inglis Retires as National Cyber Director Ahead of Biden's Cybersecurity EO]( The long-time NSA and cyber specialist says he's exiting the public sector. [AppSec Threats Deserve Their Own Incident Response Plan]( With a rearranging of priorities and good incident response plans, organizations can be ready to face the future of software attacks. [(Sponsored Article) 2023 Is the Year of Risk: 5 Ways to Prepare]( 2022 saw a record number of cyberattacks. In response, regulators are prescribing how companies should manage their risks. How do you prepare? [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [ChatGPT Subs In as Security Analyst, Hallucinates Only Occasionally]( Incident response triage and software vulnerability discovery are two areas where the large language model has demonstrated success, although false positives are common. [Simplify to Survive: How Organizations Can Navigate Cyber-Risk]( Simplification can result in efficiencies, reduced overhead, and the ability to respond to cyber threats more quickly. [MORE]( EDITORS' CHOICE [Cybersecurity Jobs Remain Secure Despite Recession Fears]( Only 10% of corporate executives expect to lay off members of cybersecurity teams in 2023, much lower than other areas, as companies protect hard-to-find skill sets. LATEST FROM THE EDGE [Is OWASP at Risk of Irrelevance?]( A growing group of OWASP members and board leaders are calling for the AppSec group to make big changes to stay apace with modern development. LATEST FROM DR TECHNOLOGY [Researchers Create an AI Cyber Defender That Reacts to Attackers]( The system based on deep reinforcement learning can adapt to defenders' tactics and stop 95% of simulated attacks, according to its developers. WEBINARS - [The Importance of Bespoke Security]( In this webinar, you will hear from our subject matter experts, Hanah Darley, Head of Threat Research and Toby Lewis, Global Head of Threat Analysis. The discussion will cover the difference between media coverage of cyber threats compared with the ... - [Shoring Up the Software Supply Chain Across Enterprise Applications]( Modern-day software development depends heavily on third-party components, libraries, and frameworks. Attackers are increasingly targeting these software building blocks to compromise enterprise applications. In this webinar, experts discuss the ever-expanding software attack surface. Find out where potential attack vectors are ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( [View More White Papers >>]( FEATURED REPORTS - [The Promise and Reality of Cloud Security]( Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ... - [10 Hot Talks From Black Hat USA 2022]( Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ... - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [SASE Market to Exceed Over $60B Between 2022 and 2027, According to Dell'Oro Group]( [MVP Vibe Fest Bridges Gap Between Athletics and Cybersecurity]( [WatchGuard Launches New Line of Firewall Products to Enhance Unified Security for Remote and Distributed Businesses]( [Call for Speakers Now Open for the RH-ISAC Cyber Intelligence Summit]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [The Promise and Reality of Cloud Security]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)