Articles of interest from the week of February 21, 2022

Attackers Hone Their Playbooks, Become More Agile

Cybercriminals and nation-state actors adapted to defenders' tactics and became more efficient in 2021, with attackers relying more on data leaks combined with ransomware to extort increasing sums of money from companies — and in some cases using data leaks without encrypting data to force a company to pay, according to two analyses published this week. (By Robert Lemos, Dark Reading)

Even When Warned, Some Businesses Ignore Critical Vulnerabilities and Hope for the Best

Recent research found the extent to which businesses are leaving themselves open to cyber attacks. When tested, 28% of businesses had critical vulnerabilities – vulnerabilities that could be immediately exploited by cyber attacks. (By Help Net Security)

Vulnerability in Plugin Exposed Millions of WordPress Site Backups

A high-severity vulnerability in the UpdraftPlus WordPress plugin can allow an attacker to obtain website backups that could contain sensitive information. (By Ionut Arghire, SecurityWeek)

Squirrelwaffle Loader Exploits Vulnerable Microsoft Exchange Servers

Researchers have found a new malware campaign exploiting vulnerable Microsoft Exchange Servers. The threat actors deploy the Squirrelwaffle malware loader on vulnerable servers to conduct financial fraud via phishing emails. (By Abeerah Hashim, Latesthackingnews.com)

Carpet Bombing Attacks on the Rise

Carpet bombing Distributed Denial of Service (DDoS) attacks are on the rise, according to new research by a cloud-oriented security services provider. (By Sarah Coble, Infosecurity Magazine)