The new White House plan outlines proposed minimum security requirements in critical infrastructure — and for shifting liability for software products to vendors. The new White House plan outlines proposed minimum security requirements in critical infrastructure — and for shifting liability for software products to vendors.
| | | LATEST SECURITY NEWS & COMMENTARY | | Biden's Cybersecurity Strategy Calls for Software Liability, Tighter Critical Infrastructure Security The new White House plan outlines proposed minimum security requirements in critical infrastructure — and for shifting liability for software products to vendors. What GoDaddy's Years-Long Breach Means for Millions of Clients The same "sophisticated" threat actor has pummeled the domain host on an ongoing basis since 2020, making off with customer logins, source code, and more. Here's what to do. Sale of Stolen Credentials and Initial Access Dominate Dark Web Markets Access-as-a-service took off in underground markets with more than 775 million credentials for sale and thousands of ads for access-as-a-service. CISA, MITRE Look to Take ATT&CK Framework Out of the Weeds The Decider tool is designed to make the ATT&CK framework more accessible and usable for security analysts of every level, with an intuitive interface and simplified language. Booking.com's OAuth Implementation Allows Full Account Takeover Researchers exploited issues in the authentication protocol to force an open redirection from the popular hotel reservations site when users used Facebook to log in to accounts. Hackers Target Young Gamers: How Your Child Can Cause Business Compromise It's 10 p.m. Do you know what your children are playing? In the age of remote work, hackers are actively targeting kids, with implications for enterprises. Everybody Wants Least Privilege, So Why Isn't Anyone Achieving It? Overcoming the obstacles of this security principle can mitigate the damages of an attack. On Shaky Ground: Why Dependencies Will Be Your Downfall There's never enough time or staff to scan code repositories. To avoid dependency confusion attacks, use automated CI/CD tools to make fixes in hard-to-manage software dependencies. BlackLotus Bookit Found Targeting Windows 11 Sold for around $5,000 in hacking forums, the BlackLotus UEFI bootkit is capable of targeting even updated systems, researchers find. MORE NEWS / MORE COMMENTARY | | |
| | | | | WEBINARS | | SecDevOps: The Smart Way to Shift Left DevOps has changed the way software is developed, written, and run. But many organizations are still trying to figure out how to build security into application development. In this webinar, experts discuss the integration of security and DevOps - sometimes ... Ten Emerging Vulnerabilities Every Enterprise Should Know Every day, black hat attackers and white hat researchers are discovering new security vulnerabilities in widely-used systems and applications that might be exploited to compromise your data. Are you aware of the newest - and potentially most impactful - vulnerabilities ... | | View More Dark Reading Webinars >> |
|
| | |
|
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Daily Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
