Dark Reading Daily -- August 24, 2022

Follow Dark Reading:

August 24, 2022

LATEST SECURITY NEWS & COMMENTARY

Mudge Blows Whistle on Alleged Twitter Security Nightmare

Lawmakers and cybersecurity insiders are reacting to a bombshell report from former Twitter security head Mudge Zatko, alleging reckless security lapses that could be exploited by foreign adversaries.

One-Third of Popular PyPI Packages Mistakenly Flagged as Malicious

The scans used by the Python Package Index (PyPI) to find malware fail to catch 41% of bad packages, while creating plentiful false positives.

Charming Kitten APT Wields New Scraper to Steal Email Inboxes

Google researchers say the nation-state hacking team is now employing a data-theft tool that targets Gmail, Yahoo, and Microsoft Outlook accounts using previously acquired credentials.

DevSecOps Gains Traction — but Security Still Lags

Almost half of teams develop and deploy software using a DevSecOps approach, but security remains the top area of investment, a survey finds.

Thoma Bravo Buying Spree Highlights Hot Investor Interest in IAM Market

M&A activity in the identity and access management (IAM) space has continued at a steady clip so far this year.

Facing the New Security Challenges That Come With Cloud

Organizations relying on multicloud or hybrid-cloud environments without a true understanding of their security vulnerabilities do so at their peril.

Apathy Is Your Company's Biggest Cybersecurity Vulnerability — Here's How to Combat It

Make security training more engaging to build a strong cybersecurity culture. Here are four steps security and IT leaders can take to avoid the security disconnect.

(Sponsored Article) For Penetration Security Testing, Alternative Cloud Offers Something Others Don't

Alternative cloud providers offer streamlined capabilities for penetration testing, including more accessible tools, easy deployment, and affordable pricing.

MORE NEWS / MORE COMMENTARY


HOT TOPICS
Mac Attack: North Korea's Lazarus APT Targets Apple's M1 Chip Lazarus continues to expand an aggressive, ongoing spy campaign, using fake Coinbase job openings to lure in victims. Identity Security Pain Points and What Can Be Done Replacing passwords is not as easy as people think, but there is hope. China's APT41 Embraces Baffling Approach for Dropping Cobalt Strike Payload The state-sponsored threat actor has switched up its tactics, also adding an automated SQL-injection tool to its bag of tricks for initial access. MORE

EDITORS' CHOICE

Patch Now: 2 Apple Zero-Days Exploited in Wild

The fact that the flaws enable remote code execution, exist across all major Apple OS technologies, and are being actively exploited heightens the need for a quick response.

LATEST FROM THE EDGE

Meta Takes Offensive Posture With Privacy Red Team

Engineering manager Scott Tenaglia describes how Meta extended the security red team model to aggressively protect data privacy.

LATEST FROM DR TECHNOLOGY

Amazon, IBM Move Swiftly on Post-Quantum Cryptographic Algorithms Selected by NIST

A month after the algorithms were revealed, some companies have already begun incorporating the future standards into their products and services.

WEBINARS

Using Identity & Access Management to Improve Cyber Defense
End user credentials have become a central target for online attackers, enabling them to navigate your enterprise systems as trusted users. As online attackers target these credentials and end users seek to gain access to a wider variety of applications ...
Malicious Bots: What Enterprises Need to Know
Bots are launching more complex and targeted attacks such as price scraping, credential stuffing, scalping, and credit card fraud, but many security defenders are still focused on only the most obvious attacks. Automated bot attacks are on the rise, but ...

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

6 Elements of a Solid IoT Security Strategy
Incorporating a Prevention Mindset into Threat Detection and Response
Practical Network Security Approaches for a Multicloud, Hybrid IT World
The report covers areas enterprises should focus on for their multicloud/hybrid cloud security strategy: -increase visibility over the environment -learning cloud-specific skills -relying on established security frameworks -re-architecting the network

View More Dark Reading Reports >>

PRODUCTS & RELEASES

Secure Code Warrior Spotlights the Importance of Developer Security Skills with 2nd Annual Devlympics Competition

Coalfire Federal Among First Authorized to Conduct CMMC Assessments

Novant Health Notifies Patients of Potential Data Privacy Incident

Sophos Identifies Potential Tag-Team Ransomware Activity

MORE PRODUCTS & RELEASES

CURRENT ISSUE

Black Hat USA 2022 Attendee Report
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES

Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA

To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.

Thoughts about this newsletter? Give us feedback.

Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:

If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.

We take your privacy very seriously. Please review our Privacy Statement.