| | | LATEST SECURITY NEWS & COMMENTARY | | ZuoRAT Hijacks SOHO Routers From Cisco, Netgear The malware has been in circulation since 2020, with sophisticated, advanced malicious actors taking advantage of the vulnerabilities in SOHO routers as the work-from-home population expands rapidly. 'Raccoon Stealer' Scurries Back on the Scene After Hiatus Researchers this week said they had observed criminals using a new and improved version of the prolific malware, barely three months after its authors announced they were quitting. China-Backed APT Pwns Building-Automation Systems With ProxyLogon The previously unknown state-sponsored group is compromising industrial targets with the ShadowPad malware before burrowing deeper into networks. New Vulnerability Database Catalogs Cloud Security Issues Researchers have created a new community website for reporting and tracking security issues in cloud platforms and services — plus fixes for them where available. Only 3% of Open Source Software Bugs Are Actually Attackable, Researchers Say A new study says 97% of open source vulnerabilities linked to software supply chain risks are not attackable — but is "attackability" the best method for prioritizing bugs? Ransomware Volume Nearly Doubles 2021 Totals in a Single Quarter Like a hydra, every time one ransomware gang drops out (REvil or Conti), plenty more step up to fill the void (Black Basta). LockBit 3.0 Debuts With Ransomware Bug Bounty Program LockBit 3.0 promises to 'Make Ransomware Great Again!' with a side of cybercrime crowdsourcing. Facebook Business Pages Targeted via Chatbot in Data-Harvesting Campaign The clever, interactive phishing campaign is a sign of increasingly complex social-engineering attacks, researchers warn. How to Master the Kill Chain Before Your Attackers Do In the always-changing world of cyberattacks, preparedness is key. A WAF Is Not a Free Lunch: Teaching the Shift-Left Security Mindset Developers need to think like WAF operators for security. Start with secure coding and think of Web application firewalls not as a prophylactic but as part of the secure coding test process. It's a Race to Secure the Software Supply Chain — Have You Already Stumbled? If you haven't properly addressed the issue, you're already behind. But even if you've had a false start, it's never too late to get back up. MORE NEWS / MORE COMMENTARY | | |
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
