Follow Dark Reading:
 August 12, 2021
LATEST SECURITY NEWS & COMMENTARY
Microsoft Patch Tuesday Puts Spotlight on Windows Print Spooler
Three of the 44 vulnerabilities patched today exist in Windows Print Spooler, a primary focus of security fixes over the past few months.
14 Vulnerabilities Found in Widely Used TCP/IP Stack
"Infra:Halt" flaws in NicheStack impact potentially millions of devices used in OT and industrial control system environments, analysts say.
CISA Launches JCDC, the Joint Cyber Defense Collaborative
"We can't do this alone," the new CISA director told attendees in a keynote at Black Hat USA on Thursday.
Misconfigured Salesforce Communities Place Orgs at Risk of Data Theft, Adversary Recon
Organizations often inadvertently let unauthenticated guests have access to a lot more data within these communities than they should, security vendor says.
Attacks Leveraging Open Redirects on Google Meet, DoubleClick Surge
Phishing operators took advantage of the issue to redirect victims to malicious websites.
FragAttacks Foil 2 Decades of Wireless Security
Wireless security protocols have improved, but product vendors continue to make implementation errors that allow a variety of attacks.
Researchers Call for 'CVE' Approach for Cloud Vulnerabilities
New research suggests isolation among cloud customer accounts may not be a given — and the researchers behind the findings issue a call to action for cloud security.
Incident Responders Explore Microsoft 365 Attacks in the Wild
Mandiant experts discuss the novel techniques used to evade detection, automate data theft, and achieve persistent access.
Researchers Find Significant Vulnerabilities in macOS Privacy Protections
Attacks require executing code on a system but foil Apple's approach to protecting private data and systems files.

Black Hat News

In case you missed Black Hat USA or just some of the Briefings, check out Dark Reading's comprehensive coverage.


Why It's Time for Cybersecurity to Go Mainstream
Improving cybersecurity must be a collective effort. Here are three achievable steps the government, private sector, and broader public can take to make a difference now.
Mind Over Matter: Revamping Security Awareness With Psychology
Despite the prevalence of employee-centric attacks, most organizations spend less than 5% of their security budgets on people.
In Attack Surface Management, It's What You Don't See That Can Sink You
To fully protect your organization, you need to go deep and discover the risky IT assets, networks, and environments you don't yet know about.

Top 5 Techniques Attackers Use to Bypass MFA

Like other protective measures, multifactor authentication isn't failsafe or foolproof.


The Misunderstood Security Risks of Behavior Analytics, AI & ML
By separating the hype from reality, the risks of relying on AI and ML to identify security threats become clear.
Action Bias: The Danger of Thinking Too Quickly
Security pros are advised to act quickly in crises, but hastily made decisions may do more harm than good.
New Framework Aims to Detect & Address Synthetic Media Social Engineering
Cybercriminals have adopted synthetic media to launch increasingly complex and realistic social engineering attacks in recent years, and FBI officials warn the threat is poised to grow.
How Threat Analysts Learned from Attackers' OpSec Mistakes
In targeting executives at a COVID research firm, state-sponsored threat group ITG18 made some mistakes. Here's how IBM X-Force used that to their advantage.
New Android Malware Infects Thousands of Facebook Accounts
The FlyTrap Trojan has spread to more than 10,000 victims via social media hijacking, third-party app stores, and sideloaded applications.
MORE NEWS & COMMENTARY
HOT TOPICS
HTTP/2 Implementation Errors Exposing Websites to Serious Risks
Organizations that don't implement end-to-end HTTP/2 are vulnerable to attacks that redirect users to malicious sites and other threats, security researcher reveals at Black Hat USA.

Security of Open Source Components Requires More Collaborative Efforts
While companies have expanded their use of open source, most are not giving back -- and the open source security continues to falter.

Zero Trust Is a Great Start; Zero Knowledge Can Be Even Better
For those of us in the decentralized space, the current zero-trust model doesn’t go far enough.

MORE
EDITORS' CHOICE

Cybersecurity Executive Order: Securing the Software Supply Chain
The new executive order will help foster a more collaborative and unified approach to cybersecurity, an approach that highlights the importance of securing software by design.
How Effective UX Can Beat Security Bypass Culture
Provide a subpar user experience and you can be sure employees will find a way to work around it. That, of course, can easily undermine a business' security and potentially threaten its longevity.
LATEST FROM THE EDGE

Presenting the 2021 PWNIE Award Winners
The list of 2021 PWNIE Award winners includes security researchers behind some of the biggest vulnerabilities discoveries over the past year.
Tech Resources
ACCESS TECH LIBRARY NOW

  • External Threat Hunting - Reduce Supply Chain Risk

    In this webinar, we'll look at how one Fortune 100 organization transformed its security program by investing in external threat hunting, establishing a world class threat reconnaissance program that now has proven ROI. With no-touch monitoring of its third parties' networks, ...

  • Two Sides of the PAM Coin - August 11 - Register Now

    There are two sides of the PAM (Privileged Access Management) Coin. Password vaulting is one. Privilege Elevation is the other. A vault is a great first step in protecting your company from identity-related data breaches, but don't stop there! We ...
MORE WEBINARS
FEATURED REPORTS
MORE REPORTS
CURRENT ISSUE

The State of Cybersecurity Incident Response
DOWNLOAD THIS ISSUE SUBSCRIBE NOW
BACK ISSUES | MUST READS | TECH DIGEST
PRODUCTS & RELEASES
Unmasked: 23 Charged Over COVID-19 Business Email Compromise Fraud
Arctic Wolf Appoints President and Chief Revenue Officer Nick Schneider as Chief Executive Officer
Businesses Lose up to $250M Every Year to Unwanted Bot Attacks
Next Generation of Telos’ Cyber Risk Management Platform Streamlines Security Data Sharing for Faster Compliance Reporting and Approval
ProtectedBy.AI Is Awarded DoD Contract to Develop Innovative Tools to Combat Criminal Cryptocurrency Transactions
Cerberus Sentinel Announces Acquisition of VelocIT
Morphisec Announces New Incident Response Services as Enterprise Attacks Escalate
Palo Alto Networks Announces Expansion of Management Team
MORE PRODUCTS & RELEASES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech
303 Second St., Suite 900 South Tower, San Francisco, CA 94107
To update your profile, change your e-mail address, or unsubscribe, click here.
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2021  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us