An RCE vulnerability in all versions of the popular Confluence collaboration platform can be abused in credential harvesting, cyber espionage, and network backdoor attacks.
| | | LATEST SECURITY NEWS & COMMENTARY | | Actively Exploited Atlassian Zero-Day Bug Allows Full System Takeover A remote code execution (RCE) vulnerability in all versions of the popular Confluence collaboration platform can be abused in credential harvesting, cyber espionage, and network backdoor attacks. An Emerging Threat: Attacking 5G Via Network Slices A successful attack against 5G networks could disrupt critical infrastructure, manipulate sensor data, or even cause physical harm to humans. Black Basta Ransomware Targets ESXi Servers in Active Campaign The new ransomware strain Black Basta is now actively targeting VMware ESXi servers in an ongoing campaign, encrypting files inside a targeted volumes folder. Mandia: Keep 'Shields Up' to Survive the Current Escalation of Cyberattacks As Mandiant CEO Kevin Mandia's company prepares to become part of Google, the incident response company continues to investigate many of the most critical cyber incidents. Cybersecurity M&A Activity Shows No Signs of Slowdown But valuations have dropped — and investors are paying closer attention to revenues and profitability, industry analysts say. US Sanctions Force Evil Corp to Change Tactics The threat actor behind the notorious Dridex campaign has switched from using its exclusive credential-harvesting malware to a ransomware-as-a-service model, to make attribution harder. RSAC Opens With Message of Transformation Cybersecurity needs to shift its thinking ahead of the next disruption, RSA's CEO said during the opening 2022 conference keynote. Communication Is Key to CISO Success A panel of CISOs at the RSA Conference outlined what a successful first 90-day plan looks like, and it boiled down to effective communication and listening. Are You Ready for a Breach in Your Organization's Slack Workspace? A single compromised Slack account can easily be leveraged to deceive other users and gain additional access to other users and multiple Slack channels. Fighting Follina: Application Vulnerabilities and Detection Possibilities Although organizations should perform proper risk analysis and patch as soon as practical after there's a fix for this vulnerability, defenders still have options before that's released. Enterprise Security Around the Dinner Table Enterprise cybersecurity awareness training has evolved to include informal lessons for employees' family members, and it has many benefits. Building America's Cybersecurity Infrastructure The government is putting the right skills and expertise in place to fight the rising cyber threat. MORE NEWS / MORE COMMENTARY | | | | |
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To update your profile, change your e-mail address, or unsubscribe, click here. | | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
