Threat actors convince employees to reset MFA for Super Admin accounts in the IAM service to leverage compromised accounts, impersonating users and moving laterally within an organization.
Follow Dark Reading:
 September 06, 2023
LATEST SECURITY NEWS & COMMENTARY
Hackers Target High-Privileged Okta Accounts via Help Desk
Threat actors convince employees to reset MFA for Super Admin accounts in the IAM service to leverage compromised accounts, impersonating users and moving laterally within an organization.
Researchers Discover Critical Vulnerability in PHPFusion CMS
No patch is available yet for the bug, which can enable remote code execution under the correct circumstances.
LockBit Leaks Documents Filched From UK Defense Contractor
A company that builds physical perimeter defenses failed to keep the LockBit group from penetrating its cyber defenses.
Data Initiatives Force Closer Partnership Between CISOs, CDOs
Though security leaders and chief data officers both care about data management, their different missions have created a tension that needs addressing.
GhostSec Leaks Source Code of Alleged Iranian Surveillance Tool
GhostSec has made the source code for what it calls a powerful surveillance tool openly available in a 26GB file, but FANAP denies its legitimacy.
Peiter 'Mudge' Zatko Lands Role as CISA Senior Technical Adviser
The former hacker and Twitter security executive will use his role to help fulfill the Biden administration's plans for the National Cybersecurity Strategy.
As LotL Attacks Evolve, So Must Defenses
Because living-off-the-land (LotL) attacks masquerade as frequently used, legitimate companies, they are very difficult to block and detect.
How Companies Can Cope With the Risks of Generative AI Tools
To benefit from AI yet minimize risk, companies should be cautious about information they share, be aware of AI's limitations, and stay vigilant about business implications.
(Sponsored Article) How to Choose a Managed Detection and Response (MDR) Solution
MDR empowers organizations with enhanced security. Look for these four capabilities when selecting an MDR product.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
MSSQL Databases Under Fire From FreeWorld Ransomware
The sophisticated attacks, tracked as DB#JAMMER, run shell commands to impair defenses and deploy tools to establish persistence on the host.

A Brief History of ICS-Tailored Attacks
It's on the cyber defenders to learn from the past and make industrial control system networks hostile to attackers.

NYC Subway Disables Trip-History Feature Over Tap-and-Go Privacy Concerns
The move by New York's Metropolitan Transit Authority (MTA) follows a report that showed how easy it is for someone to pull up another individual's seven-day ride history through the One Metro New York (OMNY) website.

Should Senior IT Professionals Be Accountable for Professional Decisions?
Everyone makes mistakes — but what if your mistakes risk the security of millions of people?

MORE
EDITORS' CHOICE
Proposed SEC Cybersecurity Rule Will Put Unnecessary Strain on CISOs
The Security and Exchange Commission's Proposed Rule for Public Companies (PPRC) is ambiguous.
LATEST FROM THE EDGE

Name That Edge Toon: Prized Possessions
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.
LATEST FROM DR TECHNOLOGY

NIST Publishes First Draft Standards for Post-Quantum Cryptography
Publication of the first draft PQC standards opens a 90-day period for public comment and paves the way for interoperability testing.
LATEST FROM DR GLOBAL

Russia Undertakes Disinformation Campaign Across Africa
Following coups in some African nations, Russia is exploiting the instability with the manipulation of media channels to stoke anti-French sentiment, among other things.
WEBINARS
  • Tips for A Streamlined Transition to Zero Trust

    From identifying the potential attack surface to determining policy, there is a clear path to zero trust and best practices to make the transition as smooth as possible - both for your organization and your customers. Zero trust is more ...

  • The Threat Hunter's Playbook: Mastering Cloud Defense Strategies

    Secure your spot now for this unforgettable cybersecurity adventure, filled with real-world examples, best practices, and expert insights from our threat research team. Level up your cloud security defense. When you attend this webinar, you will hear from the Sysdig's ...
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
PRODUCTS & RELEASES
Global Cloud Security Market to Reach $62.9B by 2028
Tuya Smart and Amazon Web Services Collaborate to Establish an IoT Security Lab
Hornetsecurity Releases 365 Total Protection Plan 4 for Microsoft 365
ReasonLabs Summer 2023 Trends Report Reveals Top Consumer Security Threats
MORE PRODUCTS & RELEASES
CURRENT ISSUE

Where and When Automation Makes Sense for Enterprise Security
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2023  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us