Articles of interest from the week of May 16, 2022

VMware Issues Critical Fixes, CISA Orders Federal Agencies To Act Immediately (CVE-2022-22972)

The U.S. Cybersecurity and Infrastructure Agency issues an emergency security directive over VMware vulnerabilities CVE-2022-22972 and CVE-2022-22973, which threat actors are likely to exploit. (By Zeljka Zorz, Help Net Security)

Ingalls MDR Add-On: Stopping Cyber Threats At The Human Layer

Here at Ingalls, we are committed to the evolution and continual improvement of all our service offerings and are proud to announce the release of our Phalanx MDR Add-on designed to stop cyber threats at the human layer. Visit our blog for details.

Phishing Attacks for Initial Access Surged 54% in Q1

For the first time in a year, security incidents involving email compromises surpassed ransomware incidents, a new analysis shows. (By Jai Vijayan, Dark Reading)

46% of Organizations Still Store Passwords in Shared Documents

46% of IT, security, and cybersecurity leaders say they still store passwords in shared office documents. That’s despite an overwhelming 93% of respondents that require password management training, with 63% holding training more than once per year, according to a survey conducted by Pulse on behalf of Hitachi ID. (By Help Net Security)

Ransomware Gangs Rely More on Weaponizing Vulnerabilities

Security researchers are warning that along with phishing and exploiting vulnerabilities in a public-facing application, these are the primary methods of compromise that ultimately lead to threat actors stealing data and encrypting systems. (By Ionut Ilascu, Bleeping Computer)