The bug tracked as CVE-2022-0028 allows attackers to hijack firewalls without authentication, in order to mount DDoS hits on their targets of choice.
Follow Dark Reading:
 August 25, 2022
LATEST SECURITY NEWS & COMMENTARY
CISA: Just-Disclosed Palo Alto Networks Firewall Bug Under Active Exploit
The bug tracked as CVE-2022-0028 allows attackers to hijack firewalls without authentication, in order to mount DDoS hits on their targets of choice.
Unusual Microsoft 365 Phishing Campaign Spoofs eFax Via Compromised Dynamics Voice Account
In a widespread campaign, threat actors use a compromised Dynamics 365 Customer Voice business account and a link posing as a survey to steal Microsoft 365 credentials.
Ransomware Gang Demands $10M in Attack on French Hospital
Center Hospitalier Sud Francilien (CHSF), a hospital outside of Paris, has redirected incoming patients to other medical facilities in the wake of a ransomware attack that began on Aug. 21.
VMware LPE Bug Allows Cyberattackers to Feast on Virtual Machine Data
An insider threat or remote attacker with initial access could exploit CVE-2022-31676 to steal sensitive data and scoop up user credentials for follow-on attacks.
Why Empathy Is the Key to Better Threat Modeling
Avoid the disconnect between seeing the value in threat modeling and actually doing it with coaching, collaboration, and integration. Key to making it "everybody's thing" is communication between security and development teams.
Efficient 'MagicWeb' Malware Subverts AD FS Authentication, Microsoft Warns
The Russia-backed Nobelium APT has pioneered a post-exploitation tool allowing attackers to authenticate as any user.
Ransomware Gang Demands $10M in Attack on French Hospital
Center Hospitalier Sud Francilien (CHSF), a hospital outside of Paris, has redirected incoming patients to other medical facilities in the wake of a ransomware attack that began on Aug. 21.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Apathy Is Your Company's Biggest Cybersecurity Vulnerability — Here's How to Combat It
Make security training more engaging to build a strong cybersecurity culture. Here are four steps security and IT leaders can take to avoid the security disconnect.

Charming Kitten APT Wields New Scraper to Steal Email Inboxes
Google researchers say the nation-state hacking team is now employing a data-theft tool that targets Gmail, Yahoo, and Microsoft Outlook accounts using previously acquired credentials.

Facing the New Security Challenges That Come With Cloud
Organizations relying on multicloud or hybrid-cloud environments without a true understanding of their security vulnerabilities do so at their peril.

MORE
EDITORS' CHOICE
Mudge Blows Whistle on Alleged Twitter Security Nightmare
Lawmakers and cybersecurity insiders are reacting to a bombshell report from former Twitter security head Mudge Zatko, alleging reckless security lapses that could be exploited by foreign adversaries.
LATEST FROM THE EDGE

Nearly 3 Years Later, SolarWinds CISO Shares 3 Lessons From the Infamous Attack
SolarWinds CISO Tim Brown explains how organizations can prepare for eventualities like the nation-state attack on his company’s software.
LATEST FROM DR TECHNOLOGY

How to Resolve Permission Issues in CI/CD Pipelines
This Tech Tip outlines how DevOps teams can address security integration issues in their CI/CD pipelines.
WEBINARS
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
PRODUCTS & RELEASES
Acronis' Midyear Cyberthreats Report Finds Ransomware Is the No. 1 Threat to Organizations, Projects Damages to Exceed $30 Billion by 2023
CyberRatings.org Announces New Web Browser Test Results for 2022
Report: Financial Institutions Are Overwhelmed When Facing Growing Firmware Security and Supply Chain Threats
MORE PRODUCTS & RELEASES
CURRENT ISSUE

Living on the Edge: Building and Maintaining Security at the Network Edge
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2022  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us