Reddit Hack Shows Limits of MFA, Strengths of Security Training

Click here to subscribe to Informationweek.com

Categories: Services | Professionals Business goods Financially Kantoor Marketing Retail Retail Industry Machines Age: 14 until 18 year 19 until 30 year 31 until 64 years

1 year ago

Html
Text

A tailored spear-phishing attack successfully convinced a Reddit employee to hand over their credentials and their one-time password, but soon after, the same worker notified security.

Follow Dark Reading:

February 13, 2023

LATEST SECURITY NEWS & COMMENTARY

Reddit Hack Shows Limits of MFA, Strengths of Security Training A tailored spear-phishing attack successfully convinced a Reddit employee to hand over their credentials and their one-time password, but soon after, the same worker notified security. Attacker Allure: A Look at the Super Bowl's Operational Cyber-Risks Event organizers should be exercising various cyberattack scenarios to ensure they have the proper checks and balances in place to respond accordingly and maintain resilience. Trickbot Members Sanctioned for Pandemic-Era Ransomware Hits The US Treasury Department linked the notorious cybercrime gang to Russian Intelligence Services because cyberattacks that disrupted hospitals and other critical infrastructure align with Russian state interests. MagicWeb Mystery Highlights Nobelium Attacker's Sophistication The authentication bypass used by the Nobelium group, best known for the supply chain attack on SolarWinds, required a massive, real-time investigation to uncover, Microsoft says. Malicious Game Mods Target Dota 2 Game Users Valve's unpatched JavaScript engine and incomplete modification vetting process for Steam-delivered mods led to user systems being backdoored. Addressing the Elephant in the Room: Getting Developers & Security Teams to Work Together Bridging the divide between developers and security can create a culture change organically. MORE NEWS / MORE COMMENTARY


HOT TOPICS
Phishing Surges Ahead, as ChatGPT & AI Loom AI and phishing-as-a-service (PaaS) kits are making it easier for threat actors to create malicious email campaigns, which continue to target high-volume applications using popular brand names. Lessons From the Cold War: How Quality Trumps Quantity in Cybersecurity High-quality tools and standards remain critical components in cybersecurity efforts even as budgets decline. It's important that staff knows response procedures and their roles, and also communicates well. NewsPenguin Goes Phishing for Maritime & Military Secrets A sophisticated cyber-espionage attack against high-value targets attending a maritime technology conference in Pakistan this weekend has been in the works since last year. In Perfect Harmony: Cybersecurity Regulation Harmonization By simplifying compliance management, security and risk teams can focus on managing operational risk, not compliance risk — and better counter threats. MORE

EDITORS' CHOICE

7 Critical Cloud Threats Facing the Enterprise in 2023 From shadow data to misconfigurations, and overpermissioning to multicloud sprawl, Dark Reading's cloud security slideshow helps security pros understand the threat horizon. LATEST FROM THE EDGE
5 Ways to Survive Scam Season — or Rather, Tax Season Security pros need to look beyond user education to find and disarm fraudulent actors. LATEST FROM DR TECHNOLOGY
Cloud Apps Still Demand Way More Privileges Than They Use Hackers can't steal a credential that doesn't exist.

WEBINARS

Shoring Up the Software Supply Chain Across Enterprise Applications

Modern-day software development depends heavily on third-party components, libraries, and frameworks. Attackers are increasingly targeting these software building blocks to compromise enterprise applications. In this webinar, experts discuss the ever-expanding software attack surface. Find out where potential attack vectors are ...

Deciphering the Hype Around XDR

Security teams are increasingly being asked about the organization's Extended Detection and Response capabilities. There is still a lot of confusion and misunderstanding about XDR and what it can accomplish. XDR goes beyond endpoint monitoring and detection, while extending visibility ...

View More Dark Reading Webinars >>

WHITE PAPERS

How Machine Learning, AI & Deep Learning Improve Cybersecurity State of Email Security Ransomware Resilience and Response: The Next-Generation Ransomware Is On The Rise State of Ransomware Readiness: Facing the Reality Gap

View More White Papers >>

FEATURED REPORTS

The Promise and Reality of Cloud Security

Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ...

10 Hot Talks From Black Hat USA 2022

Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ...

How Machine Learning, AI & Deep Learning Improve Cybersecurity

View More Dark Reading Reports >>

PRODUCTS & RELEASES

Integreon Launches Cyber Incident Response Offering with Development of AI-Based Review and Integration of RadarFirst SynSaber Releases ICS CVE Retrospective: 3 Years of CISA Advisories Avast Threat Report: Consumers Plagued With Refund Fraud, Tech Support Scams, and Adware Kaspersky Finds Growing Number of Parents Experiencing Ransomware Attacks on Children's Schools MORE PRODUCTS & RELEASES

CURRENT ISSUE

The Promise and Reality of Cloud Security
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES

Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA

To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.

Thoughts about this newsletter? Give us feedback.

Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:

If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.

We take your privacy very seriously. Please review our Privacy Statement.

Share on

Other newsletters from Informationweek.com

Cisco Report: Enterprises Ill-prepared to Realize AI’s Potential Informationweek.com
Yesterday at 16:31
Ransomware Attack on Blue Yonder Hits Starbucks, Supermarkets | Fancy Bear's Nearest Neighbor Uses Nearby Wi-Fi Network Informationweek.com
Yesterday at 18:44
How to Create an Accurate IT Project Timeline Informationweek.com
Last Wednesday at 16:01

More newsletters from Informationweek.com

Related newsletters

View other categories

Services | Professionals Business goods Financially Kantoor Marketing Retail Retail Industry Machines