Microsoft Teams Exploit Tool Auto-Delivers Malware | Researchers Develop Exploit Code for Critical Fortinet VPN Bug

The "TeamsPhisher" cyberattack tool gives pen testers — and adversaries — a way to deliver malicious files directly to a Teams user from an external account, or tenant. [TechWeb]( Follow Dark Reading: [RSS]( July 06, 2023 LATEST SECURITY NEWS & COMMENTARY [Microsoft Teams Exploit Tool Auto-Delivers Malware]( The "TeamsPhisher" cyberattack tool gives pen testers — and adversaries — a way to deliver malicious files directly to a Teams user from an external account, or tenant. [Researchers Develop Exploit Code for Critical Fortinet VPN Bug]( Some 340,000 FortiGate SSL VPN appliances remain exposed to the threat more than three weeks after Fortinet released firmware updates to address the issue. [Cl0p's MOVEit Campaign Represents a New Era in Cyberattacks]( The ransomware group shows an evolution of its tactics with MOVEit zero-day — potentially ushering in a new normal when it comes to extortion supply chain cyberattacks, experts say. [Chip Giant TSMC Blames $70M LockBit Breach on IT Hardware Supplier]( The group has given one of Apple's biggest semiconductor suppliers until Aug. 6 to pay $70 million or risk having its data and "points of entry" to its network publicly leaked. [Researchers Detail 4 SAP Bugs, Including Flaw in ABAP Kernel]( Patches are available for three bugs, but with technical details and PoCs now available, threat actors can craft targeted attacks. [Ransomware Halts Operations at Japan's Port of Nagoya]( LockBit 3.0 claims responsibility for the cyberattack that shuttered the largest port in Japan, according to authorities. [Russian Satellite Internet Downed via Attackers Claiming Ties to Wagner Group]( Attribution for the cyberattack on Dozor-Teleport remains murky, but the effects are real — downed communications and compromised data. [Microsoft Can Fix Ransomware Tomorrow]( You can't encrypt a file you can't open — Microsoft could dramatically impact ransomware by slowing it down. [A CISO's Guide to Paying Down Software Supply Chain Security Debt]( When you just keep filing it away to handle "someday," security debt typically rears its head when you are most vulnerable and can least afford to pay it. [When It Comes to Secure Coding, ChatGPT Is Quintessentially Human]( We're still unprepared to fight the security bugs we already encounter, let alone new AI-borne issues. [A Golden Age of AI … or Security Threats?]( Now is the time to build safeguards into nascent AI technology. [Name That Edge Toon: Three-Ring Circus]( Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Cybersecurity Is the Healthcare Your Organization Needs]( Organizations should consider their security practices the same way people think about their well-being. Focus on staying healthy instead of finding a new pill for every security symptom you see. [3 Strategies for Bringing Rigor to Software Security]( With the National Cybersecurity Strategy planning to add real teeth into enforcement actions, software vendors have extra incentive to reduce applications' security debt. [CISA BOD 23-01: What Agencies Need to Know About Compliance]( The new network visibility mandate provides a good foundation for identifying risks and building better security programs at federal agencies. [MORE]( EDITORS' CHOICE [SSH Servers Hit in 'Proxyjacking' Cyberattacks]( Cybercriminals employ obfuscated script to stealthily hijack victim server bandwidth for use in legitimate proxy networks. LATEST FROM DR TECHNOLOGY [Social Engineering Adds Depth to Red Team Exercises]( Because social engineering usually succeeds, companies need to test whether their defenses can block adversaries that gain employees' trust. LATEST FROM THE EDGE [Make Diversity the 'How,' Not the 'What,' of Cybersecurity Success]( Cybersecurity leaders should strive to reward high-performing teams that are powered by high levels of inclusion. LATEST FROM DR GLOBAL [Israel Aided UAE in Defending Against DDoS Attack]( Israel's cyber head points finger at Iran-backed MuddyWater APT group as the perpetrator of a recent attack against a university. WEBINARS - [Finding the Right Role for Identity and Access Management in Your Enterprise]( End user credentials are essential to enabling your employees to gain access to the data and applications they need. Those credentials are also one of the most prized targets that attackers hope to gain. To enable user access and prevent ... - [Making Sense of Security Operations Data]( Most security operations centers aren't suffering from not having enough data- they have too much. In this webinar, experts recommend tools and best practices for correlating information from multiple security systems so that your SOC team is focusing on the ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [9 Traits You Need to Succeed as a Cybersecurity Leader]( - [2023 Cloud Threat Report]( - [Rediscovering Your Identity]( - [2023 Global Future of Cyber Report]( - [Cybersecurity in a post pandemic world: A focus on financial services]( - [Cybersecurity in 2023 and beyond: 12 leaders share their forecasts]( - [Know your customer: Enable a 360-degree view with customer identity & access management]( [View More White Papers >>]( FEATURED REPORTS - [Everything You Need to Know About DNS Attacks]( - [Shoring Up the Software Supply Chain Across Enterprise Applications]( Supply chain security attacks are growing at an alarming pace, and things are going to keep getting worse until DevSecOps teams get on the same page. A little help from the feds could also be welcome Modern-day software development depends ... - [The Promise and Reality of Cloud Security]( Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [83% of Brits Demand Messaging Apps Remain Private, Ahead of Threat From Online Safety Bill]( [Nokod Raises $8M Seed Round From Seasoned Cybersecurity Investors to Enhance Low-Code/No-Code App Security]( [Center for Internet Security, CREST Join Forces to Secure Organizations Globally]( [IP Fabric Announces $25M Series B Funding to Accelerate Adoption of Network Assurance]( [Perception Point Unveils AI Model to Thwart Generative AI-Based BEC Attacks]( [TXOne Networks' Stellar Solution Safeguards Operational Stability for Organizations in Various Industries]( [Employer Demand for Technology Workers Across Europe Remains on Firm Footing]( [WatchGuard Threat Lab Report Reveals New Browser-Based Social Engineering Trends]( [Cybellum Unveils New Brand, Amplifying Commitment to Team-Centric Product Security]( [IEC Standardization Leaders Convene in Amsterdam to Review Utility Interworking of Key Standards]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [How to Use Threat Intelligence to Mitigate Third-Party Risk]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)