Dark Reading Daily -- September 20, 2022

Follow Dark Reading:

September 20, 2022

LATEST SECURITY NEWS & COMMENTARY

Uber: Lapsus$ Targeted External Contractor With MFA Bombing Attack

The ride-sharing giant says a member of the notorious Lapsus$ hacking group started the attack by compromising an external contractor's credentials, as researchers parse the incident for takeaways.

Rockstar Games Confirms 'Grand Theft Auto 6' Breach

The Take-Two Interactive subsidiary acknowledges an attack on its systems, where an attacker downloaded "early development footage for the next Grand Theft Auto" and other assets.

Cyberattack Costs for US Businesses up by 80%

Cyberattacks keep inflicting more expensive damage, but firms are responding decisively to the challenge.

Cyberattackers Make Waves in Hotel Swimming Pool Controls

Pool controllers exposed to the Internet with default passwords let threat actors tweak pool pH levels, and potentially more.

(Sponsored Article) Will the Cloud End the Endpoint?

When an organization fully embraces the cloud, traditional endpoints become disposable. Organizations must adapt their security strategy for this reality.

MORE NEWS / MORE COMMENTARY


HOT TOPICS
Hacker Pwns Uber Via Compromised VPN Account A teen hacker reportedly social-engineered an Uber employee to hand over an MFA code to unlock the corporate VPN, before burrowing deep into Uber's cloud and code repositories. Business Application Compromise & the Evolving Art of Social Engineering Be wary of being pestered into making a bad decision. As digital applications proliferate, educating users against social engineering attempts is a key part of a strong defense. Token-Mining Weakness in Microsoft Teams Makes for Perfect Phish Access tokens for other Teams users can be recovered, allowing attackers to move from a single compromise to the ability to impersonate critical employees, but Microsoft isn't planning to patch. MORE

EDITORS' CHOICE

Attacker Apparently Didn't Have to Breach a Single System to Pwn Uber

Alleged teen hacker claims he found an admin password in a network share inside Uber that allowed complete access to ride-sharing giant's AWS, Windows, Google Cloud, VMware, and other environments.

LATEST FROM THE EDGE

5 Ways to Improve Fraud Detection and User Experience

If we know a user is legitimate, then why would we want to make their user experience more challenging?

LATEST FROM DR TECHNOLOGY

CrowdStrike Investment Spotlights API Security

The investment in Salt Security underscores the fact that attacks targeting APIs are increasing.

WEBINARS

Emerging Cyber Vulnerabilities That Every Enterprise Should Know About
Every day, black hat attackers and white hat researchers are discovering new security vulnerabilities in widely-used systems and applications that might be exploited to compromise your data. Are you aware of the newest-and potentially most impactful-vulnerabilities that have been discovered/...
Manage Your Unmanaged Cloud Attack Surface
Have recent events forced your organization to accelerate your digital transformation projects? With IT, DevOps and security teams running at redline, attackers are constantly looking for configuration mistakes or vulnerabilities to exploit. While many security teams have worked to develop ...

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

6 Elements of a Solid IoT Security Strategy
Incorporating a Prevention Mindset into Threat Detection and Response
Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal
With attacks and breaches on the rise, enterprise security teams need full visibility over what they have in their network. DNS is a key tool for visibility and asset discovery. Proactive DNS-layer security - such as using DNS data to ...

View More Dark Reading Reports >>

PRODUCTS & RELEASES

TPx Introduces Penetration Scanning, Expands Security Advisory Services

Telos Corporation to Help Enterprises Operationalize Cybersecurity Compliance and Regulatory Risks with IBM Security

MORE PRODUCTS & RELEASES

CURRENT ISSUE

The State of Supply Chain Threats
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES

Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA

To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.

Thoughts about this newsletter? Give us feedback.

Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:

If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.

We take your privacy very seriously. Please review our Privacy Statement.

The State of Supply Chain Threats