Dark Reading Daily -- May 03, 2024

Threat actor dropped in to Dropbox Sign production environment and accessed emails, passwords, and other PII, along with APIs, OAuth, and MFA info.

LATEST SECURITY NEWS & COMMENTARY

Dropbox Breach Exposes Customer Credentials, Authentication Data

Threat actor dropped in to Dropbox Sign production environment and accessed emails, passwords, and other PII, along with APIs, OAuth, and MFA info.

Billions of Android Devices Open to 'Dirty Stream' Attack

Microsoft has uncovered a common vulnerability pattern in several apps allowing code execution; at least four of the apps have more than 500 million installations each; and one, Xiaomi's File Manager, has at least 1 billion installations.

Software Security: Too Little Vendor Accountability, Experts Say

Actual legislation is a long shot and a decade away, but policy experts are looking to jump-start the conversation around greater legal liability for insecure software products.

DPRK's Kimsuky APT Abuses Weak DMARC Policies, Feds Warn

Organizations can go a long way toward preventing spoofing attacks by changing one basic parameter in their DNS settings.

Safeguarding Your Mobile Workforce

Establishing a robust BYOD security strategy is imperative for organizations aiming to leverage the benefits of a mobile-first workforce while mitigating associated risks.

Hacker Sentenced After Years of Extorting Psychotherapy Patients

Two years after a warrant went out for his arrest, Aleksanteri Kivimäki finally has been found guilty of thousands of counts of aggravated attempted blackmail, among other charges.

MORE NEWS / MORE COMMENTARY


HOT TOPICS
'Cuttlefish' Zero-Click Malware Steals Private Cloud Data The newly discovered malware, which has so far mainly targeted Turkish telcos and has links to HiatusRat, infects routers and performs DNS and HTTP hijacking attacks on connections to private IP addresses. Microsoft Graph API Emerges as a Top Attacker Tool to Plot Data Theft Weaponizing Microsoft's own services for command-and-control is simple and costless, and it helps attackers better avoid detection. The Cybersecurity Checklist That Could Save Your M&A Deal With mergers and acquisitions making a comeback, organizations need to be sure they safeguard their digital assets before, during, and after. Verizon DBIR: Basic Security Gaffes Underpin Bumper Crop of Breaches MOVEit drove a big chunk of the increase, but human vulnerability to social engineering and failure to patch known bugs led to a doubling of breaches since 2023, said Verizon Business. MORE

PRODUCTS & RELEASES

Cobalt's 2024 State of Pentesting Report Reveals Cybersecurity Industry Needs

Intel 471 Acquires Cyborg Security

ESET PROTECT Portfolio Now Includes New MDR Tiers and Features

MORE PRODUCTS & RELEASES

EDITORS' CHOICE

UnitedHealth Congressional Testimony Reveals Rampant Security Fails

The breach was carried out with stolen Citrix credentials for an account that lacked multifactor authentication. Attackers went undetected for days, and Change Healthcare's backup strategy failed.

LATEST FROM THE EDGE

Name That Edge Toon: Puppet Master

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

LATEST FROM DR TECHNOLOGY

Mimic Launches With New Ransomeware Defense Platform

The new startup’s SaaS platform claims to help organizations detect ransomware attacks faster than “traditional” methods and to recover within 24 hours.

LATEST FROM DR GLOBAL

'DuneQuixote' Shows Stealth Cyberattack Methods Are Evolving. Can Defenders Keep Up?

A recent campaign targeting Middle Eastern government organizations plays standard detection tools like a fiddle. With cyberattackers getting more creative, defenders must start keeping pace.

WEBINARS

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

View More Dark Reading Reports >>