The computing giant issued a massive Patch Tuesday update, including a pair of remote execution flaws in the Microsoft Support Diagnostic Tool (MSDT) after attackers used one of the vulnerabilities in a zero-day exploit.
Follow Dark Reading:
 August 11, 2022
LATEST SECURITY NEWS & COMMENTARY
Microsoft Patches Zero-Day Actively Exploited in the Wild
The computing giant issued a massive Patch Tuesday update, including a pair of remote execution flaws in the Microsoft Support Diagnostic Tool (MSDT) after attackers used one of the vulnerabilities in a zero-day exploit.
10 Malicious Code Packages Slither into PyPI Registry
The discovery adds to the growing list of recent incidents where threat actors have used public code repositories to distribute malware in software supply chain attacks.
Deepfakes Grow in Sophistication, Cyberattacks Rise Following Ukraine War
A rising tide of threats — from API exploits to deepfakes to extortionary ransomware attacks — is threatening to overwhelm IT security teams.
Genesis IAB Market Brings Polish to the Dark Web
As the market for initial access brokers matures, services like Genesis — which offers elite access to compromised systems and slick, professional services — are raising the bar in the underground economy.
A Ransomware Explosion Fosters Thriving Dark Web Ecosystem
For the right price, threat actors can get just about anything they want to launch a ransomware attack — even without technical skills or any previous experience.
35K Malicious Code Insertions in GitHub: Attack or Bug-Bounty Effort?
In the last month, "Pl0xP" cloned several GitHub repositories, adding malicious code to the forks that would attempt to infect developer systems and steal sensitive files that included software keys.
Rethinking Software in the Organizational Hierarchy
Least privilege is a good defense normally applied only to users. What if we limited apps' access to other apps and network resources based on their roles and responsibilities?
Compliance Certifications: Worth the Effort?
Because demonstrating compliance with industry regulations can be cumbersome and expensive, it's important to ensure they're also absolutely essential.
Domino's Takes a Methodical Approach to IoT
The success of Domino's Flex IoT project can be attributed in large part to the security best practices it followed.
A Digital Home Has Many Open Doors
Development of digital gateways to protect the places where we live, work, and converse need to be secure and many doors need to offer restricted access.
The Myth of Protection Online — and What Comes Next
It's a myth that consuming and processing alerts qualifies as security. Today's technology allows better detection and prevention, rather than accepting the low bar for protection set by ingrained incident response reactions.
Pipeline Operators Are Headed in the Right Direction, With or Without TSA's Updated Security Directives
A worsening threat landscape, increased digitization, and the long-term positive effects of modern security strategies are pushing critical infrastructure operators to do better.
Human Threat Hunters Are Essential to Thwarting Zero-Day Attacks
Machine-learning algorithms alone may miss signs of a successful attack on your organization.
MORE FROM BLACK HAT

Why Bug-Bounty Programs Are Failing Everyone
In a Black Hat USA talk, Katie Moussouris will discuss why bug-bounty programs are failing in their goals, and what needs to happen next to use bounties in a way that improves security outcomes.
Large Language AI Models Have Real Security Benefits
Complex neural networks, including GPT-3, can deliver useful cybersecurity capabilities, such as explaining malware and quickly classifying websites, researchers find.
How IT Teams Can Use 'Harm Reduction' for Better Cybersecurity Outcomes
Copado's Kyle Tobener will discuss a three-pronged plan at Black Hat USA for addressing human weaknesses in cybersecurity with this medical concept — from phishing to shadow IT.
MORE NEWS / MORE COMMENTARY
LATEST FROM THE EDGE
What Worries Security Teams About the Cloud?
What issues are cybersecurity professionals concerned about in 2022? You tell us!

LATEST FROM DR TECHNOLOGY
We Have the Tech to Scale Up Open Source Vulnerability Fixes — Now It's Time to Leverage It
Q&A with Jonathan Leitschuh, inaugural HUMAN Dan Kaminsky Fellow, in advance of his upcoming Black Hat USA presentation.

HOT TOPICS
5 Ways Chess Can Inspire Strategic Cybersecurity Thinking
Rising interest in chess may feed the next generation of cybersecurity experts.

MORE
NEWS FROM BLACK HAT
Dark Reading News Desk: Live at Black Hat USA 2022
TODAY at 10 PT: Dark Reading News Desk returns to Black Hat USA 2022
Looking Back at 25 Years of Black Hat
The Black Hat USA conference's silver jubilee is an opportunity to remember its defining moments, the impact it has made on the security community, and its legacy.
New HTTP Request Smuggling Attacks Target Web Browsers
Threat actors can abuse weaknesses in HTTP request handling to launch damaging browser-based attacks on website users, researcher says.
Stolen Data Gives Attackers Advantage Against Text-Based 2FA
With names, email addresses, and mobile numbers from underground databases, one person in five is at risk of account compromise even with SMS two-factor authentication in place.
Russia-Ukraine Conflict Holds Cyberwar Lessons
Initial attacks used damaging wiper malware and targeted infrastructure, but the most enduring impacts will likely be from disinformation, researchers say. At Black Hat USA, SentinelOne's Juan Andres Guerrero-Saade and Tom Hegel will discuss.
Overcoming the Fail-to-Challenge Vulnerability With a Friendly Face
Ahead of their Black Hat USA talk in August, Simon Pavitt and Stephen Dewsnip explain the value of helping people practice cyber defense via a "malicious floorwalker" exercise.
Software Development Pipelines Offer Cybercriminals 'Free-Range' Access to Cloud, On-Prem
A Q&A with NCC Group's Viktor Gazdag ahead of a Black Hat USA session on CI/CD pipeline risks reveals a scary, and expanding, campaign vector for software supply chain attacks and RCE.
Abusing Kerberos for Local Privilege Escalation
Upcoming Black Hat USA presentation will examine the implications of Kerberos weaknesses for security on the local machine.
Cyberattackers Increasingly Target Cloud IAM as a Weak Link
At Black Hat USA, Igal Gofman plans to address how machine identities in the cloud and the explosion of SaaS apps are creating risks for IAM, amid escalating attention from attackers.
How IT Teams Can Use 'Harm Reduction' for Better Cybersecurity Outcomes
Copado's Kyle Tobener will discuss a three-pronged plan at Black Hat USA for addressing human weaknesses in cybersecurity with this medical concept — from phishing to shadow IT.
Stolen Data Gives Attackers Advantage Against Text-Based 2FA
With names, email addresses, and mobile numbers from underground databases, one person in five is at risk of account compromise even with SMS two-factor authentication in place.
Cyberattackers Increasingly Target Cloud IAM as a Weak Link
At Black Hat USA, Igal Gofman plans to address how machine identities in the cloud and the explosion of SaaS apps are creating risks for IAM, amid escalating attention from attackers.
WEBINARS
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
  • State of the Cloud: A Security Perspective

    Cloud computing has evolved over the years from a nice-to-have item on the IT wish list to a core technology driving business initiatives. But despite widespread adoption, cloud-based IT systems continue to be saddled with issues related to data security, ...

  • Rethinking Endpoint Security in a Pandemic and Beyond

    IT security teams are expending the concept of "endpoint security" as companies adjust to a distributed workforce. How much responsibility will enterprise IT take for the security of personal devices such as printers. How will they manage identities across multiple ...

  • How Enterprises Are Securing the Application Environment

    Download this report from Dark Reading to learn more about the measures enterprises have adopted to ensure the security of their internally developed applications and third-party packaged applications.
View More Dark Reading Reports >>
PRODUCTS & RELEASES
Mimecast Announces Mimecast X1™ Platform Providing Customers With Email and Collaboration Security
OPSWAT Presents New Malware Analysis Capabilities for Operational Technology at Black Hat USA 2022
Bugcrowd Taps Top Hackers for Live Hacking Event with Indeed at 2022 Black Hat Conference
Deepfence ThreatMapper 1.4 Unveils Open Source Threat Graph to Visualize Cloud-Native Threat Landscape
Flow Security Launches Next-Gen Data Security Platform Following $10 Million Seed Round
US Oil and Gas Sector at Risk of a Cyberbreach, According to BreachBits Study
Lacework Updates Threat Detection To Uncover More Malicious Activity and Speed Investigation at Scale
Cybrary Unveils Next-Generation Interactive, Hands-On Training Experience to Upskill Cybersecurity Professionals
HYAS Infosec Announces General Availability of Cybersecurity Solution for Production Environments
MORE PRODUCTS & RELEASES
CURRENT ISSUE

Black Hat USA 2022 Attendee Report
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2022  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us