Dark Reading Daily -- July 30, 2024

An attack flow that combines API flaws within "log in with" implementations and Web injection bugs could affect millions of websites.

LATEST SECURITY NEWS & COMMENTARY

OAuth+XSS Attack Threatens Millions of Web Users With Account Takeover

An attack flow that combines API flaws within "log in with" implementations and Web injection bugs could affect millions of websites.

PatchNow: ServiceNow Critical RCE Bugs Under Active Exploit

One threat actor claims to have already gathered email addresses and associated hashes from more than 110 remote IT management databases.

China-Backed Phishing Attack Targets India Postal System Users

A large text-message phishing attack campaign attributed to the China-based Smishing Triad employs malicious iMessages.

Microsoft Lowballs CrowdStrike Outage Impact

Microsoft says that its initial estimate of 8.5 million PCs affected was only a subset of the affected number of machines in the crash.

'Zeus' Hacker Group Strikes Israeli Olympic Athletes in Data Leak

Security presence has been heightened in Paris to ensure that the Games are safe, and Israeli athletes have been provided with even more protection.

7 Sessions Not to Miss at Black Hat USA 2024

This year's conference will be a treasure trove of insights for cybersecurity professionals.

MORE NEWS / MORE COMMENTARY


HOT TOPICS
Millions of Devices Vulnerable to 'PKFail' Secure Boot Bypass Issue Several vendors for consumer and enterprise PCs share a compromised crypto key that should never have been on the devices in the first place. CrowdStrike Outage Losses Estimated at a Staggering $5.4B Researchers track the healthcare sector as experiencing the biggest financial losses, with banking and transportation following close behind. Distributing Security Responsibilities (Responsibly) Outlining the wider organization's proactive role in fortifying the security program allows the security team to focus on the most pressing issues that only they can solve. Targeted PyPi Package Steals Google Cloud Credentials from macOS Devs The campaign is laser-targeted, bucking the trend of "spray-and-pray" malicious open source packages turning up in code repositories seemingly every other day. MORE

PRODUCTS & RELEASES

Lakera Raises $20M Series A to Secure Generative AI Applications

Heimdal Security Presents its Latest Report on Brute-Force Cyberattacks

Cowbell Secures $60 Million Series C Funding From Zurich Insurance Group

MORE PRODUCTS & RELEASES

EDITORS' CHOICE

Make Your Voice Heard!

Tell Dark Reading about your cybersecurity budget challenges and concerns, such as a rise in cyberattacks, ransomware, or attacks on software supply chains and partners. Take our survey, and you could could win a $50 Amazon gift card. We'll be giving away 10 cards through a random drawing. Thank you and good luck!

LATEST FROM THE EDGE

NVD Backlog Continues to Grow

Despite getting help, NIST is not keeping up with new vulnerability reports for the National Vulnerabilities Database, according to an analysis from Fortress Information Security.

LATEST FROM DR TECHNOLOGY

Companies Struggle to Recover From CrowdStrike's Crippling Falcon Update

The cybersecurity firm says that 97% of sensors are back online, but some organizations continue to recover, with costs tallied at $5.4 billion for the Fortune 500 alone.

LATEST FROM DR GLOBAL

Pro-Palestinian Actor Levels 6-Day DDoS Attack on UAE Bank

DDoS cyberattack campaign averaged 4.5 million requests per second, putting the bank under attack 70% of the time.

WEBINARS

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

2024 InformationWeek US IT Salary Report

View More Dark Reading Reports >>