The "nOAuth" attack allows cross-platform spoofing and full account takeovers, and enterprises need to remediate the issue immediately, researchers warn.
| | | LATEST SECURITY NEWS & COMMENTARY | | Azure AD 'Log in With Microsoft' Authentication Bypass Affects Thousands The "nOAuth" attack allows cross-platform spoofing and full account takeovers, and enterprises need to remediate the issue immediately, researchers warn. LockBit Developing Ransomware for Apple M1 Chips, Embedded Systems Under construction: The world's leading ransomware gang is workshopping ransomware for less obvious systems beyond Windows environments. Experts weigh in on how worried we should be. USB Drives Spread Spyware as China's Mustang Panda APT Goes Global Camaro Dragon (Mustang Panda) is spreading a malware variant of WispRider quickly across the globe even through air gaps, often unbeknownst to users. Even With No Recession, Smaller Firms Aim to Consolidate Security Tools Small and midsized companies work to jettison some security tools to simplify operations and reduce cost, even as any economic downturn continues to remain at bay. IT Staff Increasingly Saddled With Data Protection Compliance Compliance, seen as a burden for businesses, is being passed to overloaded IT departments — leaving organizations unsure if they're compliant at all. 5 Steps for Minimizing Dark Data Risk Dark data may be your most elusive asset, but it can also be your most costly if you don't protect it. Lessons From a Pen Tester: 3 Steps to Stay Safer From hardening Windows systems to adding access control and segmenting the network, there are steps organizations can take to better secure corporate data. Patch Now: Cisco AnyConnect Bug Exploit Released in the Wild A ready-made, low-complexity path to pwning the popular enterprise VPN clients for remote workers is now circulating in the wild. CISA, FBI Offer $10M for Cl0p Ransomware Gang Information The announcement was posted on Twitter via the Rewards for Justice Twitter account, alongside encrypted messaging system options for anyone to get into contact should they have viable information. MORE NEWS / MORE COMMENTARY | | |
|
| | | FEATURED REPORTS | | How to Use Threat Intelligence to Mitigate Third-Party Risk The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ... Successfully Managing Identity in Modern Cloud and Hybrid Environments Cloud promised to simplify the security and management of enterprise systems. In many ways it has, but when it comes to identity management it's as complicated as ever. This report details how to get identity programs on track -- and ... The 10 Most Impactful Types of Vulnerabilities for Enterprises Today The enterprise attack surface is constantly expanding. Enterprises have to think beyond zero day vulnerabilities. It's imperative security teams start looking at vulnerabilities in 5G, firmware, edge, and ICS/OT, among others. Managing system vulnerabilities is one of the old ... | | View More Dark Reading Reports >> |
|
|
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Daily Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
