"HavanaCrypt" is also using a command-and-control server that is hosted on a Microsoft Hosting Service IP address, researchers say.
| | | LATEST SECURITY NEWS & COMMENTARY | | Fake Google Software Updates Spread New Ransomware "HavanaCrypt" is also using a command-and-control server that is hosted on a Microsoft Hosting Service IP address, researchers say. Microsoft Issues Fixes for 84 Vulnerabilities: Here's What to Patch Now July's security update included fixes for one actively exploited flaw, more than 30 bugs in Azure Site Recovery, and four privilege escalation bugs in Windows Print Spooler. Researchers Devise New Speculative Execution Attacks Against Some Intel, AMD CPUs "Retbleed" bypasses a commonly used mechanism for protecting against a certain kind of side-channel attack. China's Tonto Team APT Ramps Up Spy Operations Against Russia In a significant spike of activity, the state-sponsored group is going after intelligence on Russian government agencies. Don't Have a COW: Containers on Windows and Other Container-Escape Research Several pieces of Black Hat USA research will explore container design weaknesses and escalation of privilege attacks that can lead to container escapes. New Phishing Attacks Shame, Scare Victims into Surrendering Twitter, Discord Credentials Scams pressure victims to "resolve an issue that could impact their status, business." Inside NIST's 4 Crypto Algorithms for a Post-Quantum World With the world potentially less than a decade away from breaking current encryption around critical data, researchers weigh in on planning for the post-quantum world. Buggy 'Log in With Google' API Implementation Opens Crypto Wallets to Account Takeover Improper implementations of authentication APIs at a global crypto wallet service provider could have resulted in the loss of account control — and millions of dollars — from personal and business accounts. Zero Trust Bolsters Our National Defense Against Rising Cyber Threats The Colonial Pipeline and JBS attacks, among others, showed us our national resilience is only as strong as public-private sector collaboration. Understanding the Omdia Threat Detection Data Life Cycle Data quality is key in an effective TDIR solution. Omdia's threat detection data life cycle highlights the considerations for effective data-driven threat detection. Diversity in Cybersecurity: Fostering Gender-Inclusive Teams That Perform Better Proactive steps in recruiting women to cybersecurity teams, along with policies focused on diversity, equity, and inclusion, help make cybersecurity teams more effective. Addressing specific barriers that female candidates face will make those teams more inclusive and more representative. How Confidential Computing Locks Down Data, Regardless of Its State Whether data's in motion, at rest, or in use, confidential computing makes moving workloads to the public cloud safer, and can enhance data security in other deployments. Keep Humans in the Loop in SOC Operations Machine learning and automation can help free up security pros for higher-value tasks. MacOS Bug Could Let Malicious Code Break Out of Application Sandbox Microsoft reveals now-fixed flaw in Apple's App Sandbox controls could allow attackers to escalate device privileges and deploy malware. Microsoft: 10,000 Orgs Targeted in Phishing Attack That Bypasses Multifactor Authentication The massive phishing campaign does not exploit a vulnerability in MFA. Instead, it spoofs an Office 365 authentication page to steal credentials. MORE NEWS / MORE COMMENTARY | | |
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
