Microsoft Warns of Uptick in MSHTML Attacks | IoT 'Nutrition' Labels Put Security on Display

[TechWeb]( Follow Dark Reading: [RSS]( September 23, 2021 LATEST SECURITY NEWS & COMMENTARY [Microsoft Warns of Uptick in MSHTML Attacks]( Attackers leveraging the flaw are using infrastructure associated with other criminal groups, including ransomware-as-a-service operators, the company says. [IoT 'Nutrition' Labels Aim to Put Security on Display]( NIST has laid the groundwork for an easy-to-understand way to communicate to consumers the security of software and connected devices. [Who Is BlackMatter?]( Researchers piece together the origins of the group that made headlines this week as the perpetrator behind a ransomware attack on New Cooperative. [New Cooperative's Ransomware Attack Underscores Threat to Food & Agriculture]( The Iowa grain cooperative took its systems offline in response to a security incident earlier this week. [Open Source Software Projects Up Their Security Game but Face More Attacks]( Patches for dependencies are trickling up through the open source ecosystem faster than ever — a good thing because attackers are focusing more on open source software. [International Insider Threat: DoJ Fines US Intel Officials Who Aided UAE]( Three former US intelligence operatives have been fined $1,685,000 for aiding the United Arab Emirates in widespread hacking campaigns. [Why Cryptomining Malware Is a Harbinger of Future Attacks]( Crypto thieves rely on users not noticing installation of their tiny payload on thousands of machines, or the CPU cycles being siphoned off to perpetuate the schemes. [White House Cybersecurity Summit: A Missed Opportunity]( Last month's summit with the president was missing something crucial: representation from those who deal with critical infrastructure. [Under Pressure: COVID-19 Forced Many Execs to Sideline Cybersecurity]( CISOs are more stressed, and the fallout is increased cyber-risk. Also, budget restrictions lead to a yawning chasm between need and funding. [Midmarket Security: Think You’re Safe? Think Again]( Gone is the false perception that large enterprises, banks, and financial institutions are the only organizations under attack. [CISA, FBI, NSA Warn of Increase in Conti Ransomware Attacks]( A new alert provides the technical details of ongoing attacks and guidance for organizations to secure systems against Conti. [Mirai Botnet Exploiting OMIGOD Azure Vulnerability]( Microsoft patched four Open Management Infrastructure flaws earlier this week. [FBI, CISA, CGCYBER Warn of APTs Targeting CVE-2021-40539]( The critical authentication bypass vulnerability exists in Zoho ManageEngine ADSelfService Plus, officials report. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [How Should the CSO Work With the Chief Privacy Officer?]( The chief security officer needs to be in constant communication with the chief privacy officer about what's working or not working. [Why Security Pros Should Rethink Their Focus on Information Resilience]( Resilience is often defined as being able to withstand disruptions and rebound to a previous state. But a system's ability to return to a prior state doesn't mean it's sufficiently resilient. [Grappling With Growth, Employee Needs, and Security Amid a Return to Offices]( As organizations strive for a new version of business-as-usual, executives must prepare for challenges around infrastructure, varying guidelines, and balancing employee flexibility with office collaboration. [MORE]( EDITORS' CHOICE [6 Lessons From Major Data Breaches This Year]( Though many incidents stemmed from familiar security failures, they served up — or resurfaced — some important takeaways. [Password Reuse Problems Persist Despite Known Risks]( The vast majority of users worry about compromised passwords, but two-thirds continue to use the same password or a variation, a survey finds. LATEST FROM THE EDGE [10 Ways to Avoid Zero-Trust Failure]( Here are the prerequisites to have in order before getting past the zero-trust gate. Tech Resources - [Zero Trust and the Power of Isolation for Threat Prevention]( - [Digital Transformation and Data Security]( - [The Transition to Empowered Enterprise Authentication]( - [A Pragmatic Path to SASE]( - [Run and Transform]( - [Powering Digital Transformation]( - [How Securing the Data Lifecycle Can Transform Your Data Protection Program]( [ACCESS TECH LIBRARY NOW]( - [Defense Strategies to Combat Sophisticated Ransomware and Multi-Vector Attacks]( To defend themselves effectively, companies need to detect ransomware attacks early, gather the intelligence to understand the attack and prevent attacks from occurring in the future. In this webinar, Shailesh Athalye, EVP Product Management will discuss ransomware trends, defensive maneuvers ... - [Learn Why XDR Delivers Better Outcomes to Secure Your Endpoints]( Endpoint security continues to evolve. The increasing complexity of the threat landscape means we can no longer depend on next-gen antivirus (NGAV) or EDR (Endpoint Detection and Response) alone to protect against sophisticated attacks. It's well known that endpoint attacks ... [MORE WEBINARS]( FEATURED REPORTS - [Enterprise Cybersecurity Plans in a Post-Pandemic World]( As the COVID-19 pandemic eases, IT security threats and the challenges involved in responding to them are trending upward. Security leaders expect that cyberattacks like ransomware, phishing, and malware will increase even as the pandemic eventually recedes. Download the Dark ... - [The State of Malware Threats]( [MORE REPORTS]( CURRENT ISSUE [Enterprise Cybersecurity Plans in a Post-Pandemic World]( [DOWNLOAD THIS ISSUE]( [SUBSCRIBE NOW]( [BACK ISSUES]( | [MUST READS]( | [TECH DIGEST]( PRODUCTS & RELEASES [CyberGRX Shows Organizations Fail to Mitigate Third-Party Risk]( [Druva Introduces Curated Recovery Technology for Accelerated Ransomware Recovery]( [Synology Releases C2 Backup for Windows]( [archTIS Acquires Cipherpoint Technology Assets and Customers]( [Arista, Cisco, Huawei, Juniper Networks, and Nokia Launch New MANRS Equipment Vendor Program to Improve Routing Security Worldwide]( [HPE Survey Finds 76% of Doctors and Nurses Believe Telehealth Will Dominate Patient Care in Near Future]( [15% of the Nasdaq 100 Is Highly Susceptible to a Ransomware Attack, New Black Kite Research Finds]( [CISA to Host Fourth Annual National Cybersecurity Summit]( [MORE PRODUCTS & RELEASES]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech 303 Second St., Suite 900 South Tower, San Francisco, CA 94107 To update your profile, change your e-mail address, or unsubscribe, [click here.]( To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:customerservice_informationhub@techweb.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2021]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:customerservice_informationhub@techweb.com)