The "0ktapus" cyberattackers set up a well-planned spear-phishing effort that affected at least 130 orgs beyond Twilio and Cloudflare, including Digital Ocean, DoorDash and Mailchimp.
Follow Dark Reading:
 September 01, 2022
LATEST SECURITY NEWS & COMMENTARY
Twilio Hackers Scarf 10K Okta Credentials in Sprawling Supply Chain Attack
The "0ktapus" cyberattackers set up a well-planned spear-phishing effort that affected at least 130 orgs beyond Twilio and Cloudflare, including Digital Ocean, DoorDash and Mailchimp.
Google Fixes 24 Vulnerabilities With New Chrome Update
But one issue that lets websites overwrite content on a user's system clipboard appears unfixed in the new Version 105 of Chrome.
LastPass Suffers Data Breach, Source Code Stolen
Researchers warned that cyberattackers will be probing the code for weaknesses to exploit later.
NATO Investigates Dark Web Leak of Data Stolen From Missile Vendor
Documents allegedly belonging to an EU defense dealer include those relating to weapons used by Ukraine in its fight against Russia.
Crypto-Crooks Spread Trojanized Google Translate App in Watering-Hole Attack
The ongoing campaign is spreading worldwide, using the lure of a fully functional Google Translate application for desktops that has helped the threat stay undetected for months.
Cyber-Insurance Firms Limit Payouts, Risk Obsolescence
Businesses need to re-evaluate their cyber-insurance policies as firms like Lloyd's of London continue to add restrictions, including excluding losses related to state-backed cyberattackers.
Phishing Campaign Targets PyPI Users to Distribute Malicious Code
The first-of-its-kind campaign threatens to remove code packages if developers don’t submit their code to a "validation" process.
Google Expands Bug Bounties to Its Open Source Projects
The search engine giant's Vulnerability Rewards Program now covers any Google open source software projects — with a focus on critical software such as Go and Angular.
Malicious Chrome Extensions Plague 1.4M Users
Analysts find five cookie-stuffing extensions, including one that's Netflix-themed, that track victim browsing and insert rogue IDs into e-commerce sites to rack up fake affiliate payments.
James Webb Telescope Images Loaded With Malware Are Evading EDR
New Golang cyberattacks use deep space images and a new obfuscator to target systems — undetected.
OpenText Goes All-in on Cybersecurity Size and Scale With Micro Focus Purchase
OpenText makes a $6 billion bet that bigger is better in security and that cybersecurity platform plays are the future.
The 3 Questions CISOs Must Ask to Protect Their Sensitive Data
CISOs must adopt a new mindset to take on the moving targets in modern cybersecurity.
What You Need to Know About the Psychology Behind Cyber Resilience
Understanding how and why people respond to cyber threats is key to building cyber-workforce resilience.
Building a Strong SOC Starts With People
A people-first approach reduces fatigue and burnout, and it empowers employees to seek out development opportunities, which helps retention.
The Inevitability of Cloud Breaches: Tales of Real-World Cloud Attacks
While cloud breaches are going to happen, that doesn't mean we can't do anything about them. By better understanding cloud attacks, organizations can better prepare for them. (First of two parts.)
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Security Culture: An OT Survival Story
The relationship between information technology and operational technology will need top-down support if a holistic security culture is to truly thrive.

How DevSecOps Empowers Citizen Developers
DevSecOps can help overcome inheritance mentality, especially in low- and no-code environments.

MORE
EDITORS' CHOICE
Nearly 3 Years Later, SolarWinds CISO Shares 3 Lessons From the Infamous Attack
SolarWinds CISO Tim Brown explains how organizations can prepare for eventualities like the nation-state attack on his company’s software.
LATEST FROM THE EDGE

Expiring Root Certificates Threaten IoT in the Enterprise
What happens when businesses' smart devices break? CSOs have things to fix beyond security holes.
LATEST FROM DR TECHNOLOGY

'No-Party' Data Architectures Promise More Control, Better Security
Consumers gain control of their data while companies build better relationships with their customers — but third-party ad-tech firms will likely continue to stand in the way.
WEBINARS
  • Manage Your Unmanaged Cloud Attack Surface

    Have recent events forced your organization to accelerate your digital transformation projects? With IT, DevOps and security teams running at redline, attackers are constantly looking for configuration mistakes or vulnerabilities to exploit. While many security teams have worked to develop ...

  • Understanding Machine Learning, Artificial Intelligence, & Deep Learning, and When to Use Them

    Advancements in artificial intelligence technology and machine learning and deep learning algorithms promise to transform enterprise security by giving IT security teams tools to detect and respond to attacks faster than before. Before security teams can use these tools, they ...
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
PRODUCTS & RELEASES
(ISC)² Opens Global Enrollment for '1 Million Certified in Cybersecurity' Initiative
SecureAuth Announces General Availability of Arculix, Its Next-Gen Passwordless, Continuous-Authentication Platform
Cerberus Sentinel Announces Acquisition of CUATROi
Cohesity Research Reveals that Reliance on Legacy Technology Is Undermining How Organizations Respond to Ransomware
Endpoint Protection / Antivirus Products Tested for Malware Protection
Capital One Joins Open Source Security Foundation
ReasonLabs Launches Free Online Security Tool to Power Secure Web Experience for Millions of Global Users
Wyden Renews Call to Encrypt Twitter DMs, Secure Americans' Data From Unfriendly Foreign Governments
MORE PRODUCTS & RELEASES
CURRENT ISSUE

The State of Supply Chain Threats
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2022  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us