Two common attacks against on-premises Kerberos authentication servers — known as Pass the Ticket and Silver Ticket — can be used against Microsoft's Azure AD Kerberos, a security firms says
Follow Dark Reading:
 January 26, 2023
LATEST SECURITY NEWS & COMMENTARY
Microsoft Azure-Based Kerberos Attacks Crack Open Cloud Accounts
Two common attacks against on-premises Kerberos authentication servers — known as Pass the Ticket and Silver Ticket — can be used against Microsoft's Azure AD Kerberos, a security firms says.
Microsoft to Block Excel Add-ins to Stop Office Exploits
The company will block the configuration files, which interact with Web applications — since threat actors increasingly use the capability to install malicious code.
Attackers Crafted Custom Malware for Fortinet Zero-Day
The "BoldMove" backdoor demonstrates a high level of knowledge of FortiOS, according to Mandiant researchers, who said the attacker appears to be based out of China.
Compromised Zendesk Employee Credentials Lead to Breach
Zendesk has alerted customers to a successful SMS phishing campaign that has exposed "service data," but details remain scarce.
North Korea's Top APT Swindled $1B From Crypto Investors in 2022
The DPRK has turned crypto scams into big business to replenish its depleted state coffers.
PayPal Breach Exposed PII of Nearly 35K Accounts
The credential-stuffing attack, likely fueled by password reuse, yielded personal identifiable information that can be used to verify the authenticity of previously stolen data.
EmojiDeploy Attack Chain Targets Misconfigured Azure Service
Multiple misconfigurations in a service that underpins many Azure features could have allowed an attacker to remotely compromise a cloud user's system.
T-Mobile Breached Again, This Time Exposing 37M Customers' Data
This time around, weak API security allowed a threat actor to access account information, the mobile phone giant reported.
Zacks Investment Research Hack Exposes Data for 820K Customers
Zacks Elite sign-ups for the period 1999–2005 were accessed, including name, address, email address, phone number, and the password associated with Zacks.com.
Name That Toon: Poker Hand
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
Hunting Insider Threats on the Dark Web
Use threat intelligence to reduce chance of success for malicious insider and Dark Web threats.
The Evolution of Account Takeover Attacks: Initial Access Brokers for IoT
Head off account takeover attacks by being proactive about IoT security. Start with designing and building better security protocols into IoT devices, always change weak default configurations, and regularly apply patches to ensure that IoT devices are secure.
Chat Cybersecurity: AI Promises a Lot, but Can It Deliver?
Machine learning offers great opportunities, but it still can't replace human experts.
Security and the Electric Vehicle Charging Infrastructure
When EVs and smart chargers plug in to critical infrastructure, what can go wrong? Plenty.
Log4j Vulnerabilities Are Here to Stay — Are You Prepared?
Don't make perfect the enemy of good in vulnerability management. Context is key — prioritize vulnerabilities that are actually exploitable. Act quickly if the vulnerability is on a potential attack path to a critical asset.
ChatGPT Opens New Opportunities for Cybercriminals: 5 Ways for Organizations to Get Ready
From updating employee education and implementing stronger authentication protocols to monitoring corporate accounts and adopting a zero-trust model, companies can better prepare defenses against chatbot-augmented attacks.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Ransomware Profits Decline as Victims Dig In, Refuse to Pay
Two new reports show ransomware revenues for threat actors dropped sharply in 2022 as more victims ignored ransom demands.

Ethically Exploiting Vulnerabilities: A Play-by-Play
There's a fine line between a hacker and an attacker, but it pays to be proactive. Consider tests by ethical hackers, a red team, or pen testers, and then bolster your company's defenses against malicious attacks.

Can't Fill Open Positions? Rewrite Your Minimum Requirements
If you or your company can't find good infosec candidates, consider changing up the qualifications to find more nontraditional talent.

MORE
EDITORS' CHOICE
Ticketmaster Blames Bots in Taylor Swift 'Eras' Tour Debacle
Ticketmaster testified in the Senate that a cyberattack was to blame for the high-profile Taylor Swift concert sales collapse, but some senators aren't so sure.
LATEST FROM THE EDGE

Google Pushes Privacy to the Limit in Updated Terms of Service
In the Play Store's ToS, a paragraph says Google may remove "harmful" applications from users' devices. Is that a step too far?
LATEST FROM DR TECHNOLOGY

GPT Emerges as Key AI Tech for Security Vendors
Orca Security is one of the companies integrating conversational AI technology into its products.
WEBINARS
  • Shoring Up the Software Supply Chain Across Enterprise Applications

    Modern-day software development depends heavily on third-party components, libraries, and frameworks. Attackers are increasingly targeting these software building blocks to compromise enterprise applications. In this webinar, experts discuss the ever-expanding software attack surface. Find out where potential attack vectors are ...

  • Deciphering the Hype Around XDR

    Security teams are increasingly being asked about the organization's Extended Detection and Response capabilities. There is still a lot of confusion and misunderstanding about XDR and what it can accomplish. XDR goes beyond endpoint monitoring and detection, while extending visibility ...

View More Dark Reading Webinars >>
WHITE PAPERS
FEATURED REPORTS
View More Dark Reading Reports >>
PRODUCTS & RELEASES
CURRENT ISSUE
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.