The "nOAuth" attack allows cross-platform spoofing and full account takeovers, and enterprises need to remediate the issue immediately, researchers warn.
Follow Dark Reading:
 June 23, 2023
LATEST SECURITY NEWS & COMMENTARY
Azure AD 'Log in With Microsoft' Authentication Bypass Affects Thousands
The "nOAuth" attack allows cross-platform spoofing and full account takeovers, and enterprises need to remediate the issue immediately, researchers warn.
LockBit Developing Ransomware for Apple M1 Chips, Embedded Systems
Under construction: The world's leading ransomware gang is workshopping ransomware for less obvious systems beyond Windows environments. Experts weigh in on how worried we should be.
USB Drives Spread Spyware as China's Mustang Panda APT Goes Global
Camaro Dragon (Mustang Panda) is spreading a malware variant of WispRider quickly across the globe even through air gaps, often unbeknownst to users.
Even With No Recession, Smaller Firms Aim to Consolidate Security Tools
Small and midsized companies work to jettison some security tools to simplify operations and reduce cost, even as any economic downturn continues to remain at bay.
IT Staff Increasingly Saddled With Data Protection Compliance
Compliance, seen as a burden for businesses, is being passed to overloaded IT departments — leaving organizations unsure if they're compliant at all.
5 Steps for Minimizing Dark Data Risk
Dark data may be your most elusive asset, but it can also be your most costly if you don't protect it.
Lessons From a Pen Tester: 3 Steps to Stay Safer
From hardening Windows systems to adding access control and segmenting the network, there are steps organizations can take to better secure corporate data.
Patch Now: Cisco AnyConnect Bug Exploit Released in the Wild
A ready-made, low-complexity path to pwning the popular enterprise VPN clients for remote workers is now circulating in the wild.
CISA, FBI Offer $10M for Cl0p Ransomware Gang Information
The announcement was posted on Twitter via the Rewards for Justice Twitter account, alongside encrypted messaging system options for anyone to get into contact should they have viable information.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
2 More Apple Zero-Days Exploited in Ongoing iOS Spy Campaign
The zero-day security bugs are being used to deploy the sophisticated but "odd" TriangleDB spying implant on targeted iOS devices.

Rorschach Ransomware: What You Need to Know
Learn how the latest ransomware variant has heightened attack execution speed and what that means for cybersecurity operations.

Placing People & Realism at the Center of Your Cybersecurity Strategy
While it's impossible for an organization to be completely secure, there's no reason to be defenseless.

MORE
EDITORS' CHOICE
Emerging Ransomware Group 8Base Doxxes SMBs Globally
A threat you've never heard of is using double extortion attacks on mom-and-pop shops around the globe.
LATEST FROM DR TECHNOLOGY

Growing SaaS Usage Means Larger Attack Surface
Software-as-a-service has its benefits, but abandoned SaaS integrations and idle data sharing introduce risk to the enterprise.
LATEST FROM THE EDGE

Job Seekers, Look Out for Job Scams
Scammers are setting out lures for people looking for work. If a position sounds too good to be true, it probably is.
LATEST FROM DR GLOBAL

South African Female Students Offered Cyber Scholarship
Women of color are being offered a scholarship opportunity in South Africa — the offer will cover costs for pursuing a cyber career and encourage greater diversity of those studying cybersecurity courses.
WEBINARS
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
  • How to Use Threat Intelligence to Mitigate Third-Party Risk

    The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ...

  • Successfully Managing Identity in Modern Cloud and Hybrid Environments

    Cloud promised to simplify the security and management of enterprise systems. In many ways it has, but when it comes to identity management it's as complicated as ever. This report details how to get identity programs on track -- and ...

  • The 10 Most Impactful Types of Vulnerabilities for Enterprises Today

    The enterprise attack surface is constantly expanding. Enterprises have to think beyond zero day vulnerabilities. It's imperative security teams start looking at vulnerabilities in 5G, firmware, edge, and ICS/OT, among others. Managing system vulnerabilities is one of the old ...
View More Dark Reading Reports >>
PRODUCTS & RELEASES
Airgap Networks Acquires NetSpyGlass
Tanium Platform Advances Threat Identification Capabilities and Enhances Endpoint Reach
Former Duo Security Co-Founder Jon Oberheide Joins DNSFilter Board of Directors
Sumsub Launches Advanced Deepfakes Detector
MORE PRODUCTS & RELEASES
CURRENT ISSUE

How to Use Threat Intelligence to Mitigate Third-Party Risk
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2023  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us