Exploiting a flaw in how the app handles communication with external tenants gives threat actors an easy way to send malicious files from a trusted source to an organization's employees, but no patch is imminent.
Follow Dark Reading:
 June 26, 2023
LATEST SECURITY NEWS & COMMENTARY
Microsoft Teams Attack Skips the Phish to Deliver Malware Directly
Exploiting a flaw in how the app handles communication with external tenants gives threat actors an easy way to send malicious files from a trusted source to an organization's employees, but no patch is imminent.
NSA: BlackLotus BootKit Patching Won't Prevent Compromise
It's unclear why the NSA issued in-depth mitigation guidance for the software boot threat now, but orgs should take steps to harden their environments.
Millions of Repos on GitHub Are Potentially Vulnerable to Hijacking
Many organizations are unwittingly exposing users of their code repositories to repojacking when renaming projects, a new study shows.
Deception Technologies Have a Maturity Problem
While there's plenty of upside to rolling out deception technologies, it's not clear if cybersecurity leaders — or their organizations — are ready for them.
Black Hat Asia 2023: Cybersecurity Maturity and Concern in Asia
Black Hat Asia 2023 showed that cybersecurity is nascent among organizations in Asia with opportunities for improvement.
How Government Contractors & Agencies Should Navigate New Cyber Rules
The impending regulations highlight the increasing importance of enhanced network security and regulatory compliance across the government sector.
Suspicious Smartwatches Mailed to US Army Personnel
Unknown senders have been shipping smartwatches to service members, leading to questions regarding what kind of ulterior motive is at play, malware or otherwise.
(Sponsored Article) How Active Directory Bridging Extends Security Automation to Hybrid IT Environments
AD bridging extends the reach of your AD domain to non-Windows systems, providing centralized security, single sign-on, and compliance.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Patch Now: Cisco AnyConnect Bug Exploit Released in the Wild
A ready-made, low-complexity path to pwning the popular enterprise VPN clients for remote workers is now circulating in the wild.

Lessons From a Pen Tester: 3 Steps to Stay Safer
From hardening Windows systems to adding access control and segmenting the network, there are steps organizations can take to better secure corporate data.

5 Steps for Minimizing Dark Data Risk
Dark data may be your most elusive asset, but it can also be your most costly if you don't protect it.

MORE
EDITORS' CHOICE
Azure AD 'Log in With Microsoft' Authentication Bypass Affects Thousands
The "nOAuth" attack allows cross-platform spoofing and full account takeovers, and enterprises need to remediate the issue immediately, researchers warn.
LATEST FROM DR TECHNOLOGY

ITDR Combines and Refines Familiar Cybersecurity Approaches
Identity threat detection and response adds user entity behavioral analytics to fraud detection, creating a powerful tool for real-time protection.
LATEST FROM THE EDGE

Why Legacy System Users Prioritize Uptime Over Security
For line-of-business execs, the fear of mission-critical systems grinding to a halt overrides their cybersecurity concerns. How can CISOs overcome this?
LATEST FROM DR GLOBAL

South African Female Students Offered Cyber Scholarship
Women of color are being offered a scholarship opportunity in South Africa — the offer will cover costs for pursuing a cyber career and encourage greater diversity of those studying cybersecurity courses.
WEBINARS
  • Finding a Backup Strategy That Works For You

    You've been hit with a ransomware, DDoS, natural disaster, or destructive cyberattack. One of the first questions: can we get our data back? Good back-ups are key to business continuity and disaster recovery, but backing up your data in preparation ...

  • Making Sense of Security Operations Data

    Most security operations centers aren't suffering from not having enough data- they have too much. In this webinar, experts recommend tools and best practices for correlating information from multiple security systems so that your SOC team is focusing on the ...
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
  • How to Use Threat Intelligence to Mitigate Third-Party Risk

    The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ...

  • Successfully Managing Identity in Modern Cloud and Hybrid Environments

    Cloud promised to simplify the security and management of enterprise systems. In many ways it has, but when it comes to identity management it's as complicated as ever. This report details how to get identity programs on track -- and ...

  • The Promise and Reality of Cloud Security

    Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ...
View More Dark Reading Reports >>
PRODUCTS & RELEASES
Silobreaker Unveils Geopolitical Threat Intelligence Capabilities With RANE at Infosecurity Europe 2023
Airgap Networks Acquires NetSpyGlass
Former Duo Security Co-Founder Jon Oberheide Joins DNSFilter Board of Directors
Sumsub Launches Advanced Deepfakes Detector
MORE PRODUCTS & RELEASES
CURRENT ISSUE

How to Use Threat Intelligence to Mitigate Third-Party Risk
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2023  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us