The computing giant issued a massive Patch Tuesday update, including a pair of remote execution flaws in the Microsoft Support Diagnostic Tool (MSDT) after attackers used one of the vulnerabilities in a zero-day exploit.
| | | LATEST SECURITY NEWS & COMMENTARY | Microsoft Patches Zero-Day Actively Exploited in the Wild The computing giant issued a massive Patch Tuesday update, including a pair of remote execution flaws in the Microsoft Support Diagnostic Tool (MSDT) after attackers used one of the vulnerabilities in a zero-day exploit. 10 Malicious Code Packages Slither into PyPI Registry The discovery adds to the growing list of recent incidents where threat actors have used public code repositories to distribute malware in software supply chain attacks. Deepfakes Grow in Sophistication, Cyberattacks Rise Following Ukraine War A rising tide of threats — from API exploits to deepfakes to extortionary ransomware attacks — is threatening to overwhelm IT security teams. Genesis IAB Market Brings Polish to the Dark Web As the market for initial access brokers matures, services like Genesis — which offers elite access to compromised systems and slick, professional services — are raising the bar in the underground economy. A Ransomware Explosion Fosters Thriving Dark Web Ecosystem For the right price, threat actors can get just about anything they want to launch a ransomware attack — even without technical skills or any previous experience. 35K Malicious Code Insertions in GitHub: Attack or Bug-Bounty Effort? In the last month, "Pl0xP" cloned several GitHub repositories, adding malicious code to the forks that would attempt to infect developer systems and steal sensitive files that included software keys. Rethinking Software in the Organizational Hierarchy Least privilege is a good defense normally applied only to users. What if we limited apps' access to other apps and network resources based on their roles and responsibilities? Compliance Certifications: Worth the Effort? Because demonstrating compliance with industry regulations can be cumbersome and expensive, it's important to ensure they're also absolutely essential. Domino's Takes a Methodical Approach to IoT The success of Domino's Flex IoT project can be attributed in large part to the security best practices it followed. A Digital Home Has Many Open Doors Development of digital gateways to protect the places where we live, work, and converse need to be secure and many doors need to offer restricted access. The Myth of Protection Online — and What Comes Next It's a myth that consuming and processing alerts qualifies as security. Today's technology allows better detection and prevention, rather than accepting the low bar for protection set by ingrained incident response reactions. Pipeline Operators Are Headed in the Right Direction, With or Without TSA's Updated Security Directives A worsening threat landscape, increased digitization, and the long-term positive effects of modern security strategies are pushing critical infrastructure operators to do better. Human Threat Hunters Are Essential to Thwarting Zero-Day Attacks Machine-learning algorithms alone may miss signs of a successful attack on your organization. MORE FROM BLACK HAT
Why Bug-Bounty Programs Are Failing Everyone In a Black Hat USA talk, Katie Moussouris will discuss why bug-bounty programs are failing in their goals, and what needs to happen next to use bounties in a way that improves security outcomes. Large Language AI Models Have Real Security Benefits Complex neural networks, including GPT-3, can deliver useful cybersecurity capabilities, such as explaining malware and quickly classifying websites, researchers find. How IT Teams Can Use 'Harm Reduction' for Better Cybersecurity Outcomes Copado's Kyle Tobener will discuss a three-pronged plan at Black Hat USA for addressing human weaknesses in cybersecurity with this medical concept — from phishing to shadow IT. MORE NEWS / MORE COMMENTARY | | |
| | | NEWS FROM BLACK HAT | | Dark Reading News Desk: Live at Black Hat USA 2022 TODAY at 10 PT: Dark Reading News Desk returns to Black Hat USA 2022 Looking Back at 25 Years of Black Hat The Black Hat USA conference's silver jubilee is an opportunity to remember its defining moments, the impact it has made on the security community, and its legacy. New HTTP Request Smuggling Attacks Target Web Browsers Threat actors can abuse weaknesses in HTTP request handling to launch damaging browser-based attacks on website users, researcher says. Stolen Data Gives Attackers Advantage Against Text-Based 2FA With names, email addresses, and mobile numbers from underground databases, one person in five is at risk of account compromise even with SMS two-factor authentication in place. Russia-Ukraine Conflict Holds Cyberwar Lessons Initial attacks used damaging wiper malware and targeted infrastructure, but the most enduring impacts will likely be from disinformation, researchers say. At Black Hat USA, SentinelOne's Juan Andres Guerrero-Saade and Tom Hegel will discuss. Overcoming the Fail-to-Challenge Vulnerability With a Friendly Face Ahead of their Black Hat USA talk in August, Simon Pavitt and Stephen Dewsnip explain the value of helping people practice cyber defense via a "malicious floorwalker" exercise. Software Development Pipelines Offer Cybercriminals 'Free-Range' Access to Cloud, On-Prem A Q&A with NCC Group's Viktor Gazdag ahead of a Black Hat USA session on CI/CD pipeline risks reveals a scary, and expanding, campaign vector for software supply chain attacks and RCE. Abusing Kerberos for Local Privilege Escalation Upcoming Black Hat USA presentation will examine the implications of Kerberos weaknesses for security on the local machine. Cyberattackers Increasingly Target Cloud IAM as a Weak Link At Black Hat USA, Igal Gofman plans to address how machine identities in the cloud and the explosion of SaaS apps are creating risks for IAM, amid escalating attention from attackers. How IT Teams Can Use 'Harm Reduction' for Better Cybersecurity Outcomes Copado's Kyle Tobener will discuss a three-pronged plan at Black Hat USA for addressing human weaknesses in cybersecurity with this medical concept — from phishing to shadow IT. Stolen Data Gives Attackers Advantage Against Text-Based 2FA With names, email addresses, and mobile numbers from underground databases, one person in five is at risk of account compromise even with SMS two-factor authentication in place. Cyberattackers Increasingly Target Cloud IAM as a Weak Link At Black Hat USA, Igal Gofman plans to address how machine identities in the cloud and the explosion of SaaS apps are creating risks for IAM, amid escalating attention from attackers. |
|
| | | | | | |
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
