Dark Reading Daily -- October 30, 2023

Follow Dark Reading:

October 30, 2023

LATEST SECURITY NEWS & COMMENTARY

Safari Side-Channel Attack Enables Browser Theft

The "iLeakage" attack affects all recent iPhone, iPad, and MacBook models, allowing attackers to peruse your Gmail inbox, steal your Instagram password, or scrutinize your YouTube history.

Octo Tempest Group Threatens Physical Violence as Social Engineering Tactic

The financially motivated English-speaking threat actors use advanced social engineering techniques, SIM swapping, and even threats of violence to breach targets.

Hacktivist Activity Related to Gaza Conflict Dwindles

Groups have fallen silent after bold claims of action at the start of the conflict.

What Lurks in the Dark: Taking Aim at Shadow AI

Generative artificial intelligence tools have unleashed a new era of terror to CISOs still battling longstanding shadow IT security risks.

MORE NEWS / MORE COMMENTARY


HOT TOPICS
'Log in with...' Feature Allows Full Online Account Takeover for Millions Hundreds of millions of users of Grammarly, Vidio, and the Indonesian e-commerce giant Bukalapak are at risk for financial fraud and credential theft due to OAuth misfires — and other online services likely have the same problems. 1Password Becomes Latest Victim of Okta Customer Service Breach Okta's IAM platform finds itself in cyberattackers' sights once again, as threat actors mount a supply chain attack targeting Okta customer support engagements. What Would a Government Shutdown Mean for Cybersecurity? Companies are advised to act now to protect networks while federal employee paychecks are still forthcoming. Public agencies are updating contingency plans before the November extension ends, while cyber stalkers get an extra month to plan, too. Cybersecurity Awareness Doesn't Cut It; It's Time to Focus on Behavior We have too much cybersecurity awareness. It's time to implement repeatable, real-world practice that ingrains positive habits and security behaviors. MORE

EDITORS' CHOICE

Microsoft: 0ktapus Cyberattackers Evolve to 'Most Dangerous' Status

The English-speaking cyberattack group behind the MGM and Caesars Entertainment attacks is adding unique capabilities and gaining in sophistication. Prepare now, Microsoft says.

LATEST FROM THE EDGE

10 Tips for Security Awareness Training That Hits the Target

Try these tricks for devising an education program that gets employees invested — and stays with them after the training is over.

LATEST FROM DR TECHNOLOGY

What the Bionic Acquisition Can Bring to CrowdStrike

CrowdStrike is moving deeper into application security with its agreement to acquire Bionic, provider of ASPM technology that proactively scans software in production for vulnerabilities.

LATEST FROM DR GLOBAL

Iran APT Targets the Mediterranean With Watering-Hole Attacks

Nation-state hackers are using hybrids to ensnare those in the maritime, shipping, and logistics industries.

WEBINARS

Modern Threats, Modern Security: 3 Practical Tips for CISOs to Stop Cyber Threats in the Age of AI
Join our Cloudflare security experts as they share advice on how modernize your threat defense and highlight: --Trends in cybersecurity like the emergence of AI, multi-channel attacks, and cybercrime-as-a-service --Practical threat defense use cases based on recent cyberattacks and customer ...
Building an Effective Active Directory Security Strategy
For many organizations, Microsoft's Active Directory is the source of truth for user identity and system access. For criminals, Active Directory is a gold mine of information for moving laterally through the corporate infrastructure. Despite its importance, many security teams ...

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
Everything You Need to Know About DNS Attacks
How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment
Concerns over API security and low-code/no-code use added to an already-full plate of application security challenges for many organizations over the last year. IT and security decision-makers are deeply concerned about compromises resulting from vulnerabilities in the software supply ...

View More Dark Reading Reports >>

PRODUCTS & RELEASES

Healey-Driscoll Awards $2.3M to CyberTrust Massachusetts to Strengthen Municipal Cybersecurity Efforts

Cranium Announces $25 Million in Series A Funding to Secure AI

SonicWall Data Confirms That Ransomware Is Still the Enterprise's Biggest Fear

Lumen Q3 DDoS Report: Banking Was the Most Targeted Industry for the First Time

MORE PRODUCTS & RELEASES

CURRENT ISSUE

Key DevSecOps Principles for Enterprise Mobile App Development
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES

Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA

To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.

Thoughts about this newsletter? Give us feedback.

Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:

If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.

We take your privacy very seriously. Please review our Privacy Statement.