In a Black Hat USA talk, Katie Moussouris will discuss why bug-bounty programs are failing in their goals, and what needs to happen next to use bounties in a way that improves security outcomes.
Follow Dark Reading:
 August 04, 2022
LATEST SECURITY NEWS & COMMENTARY
Why Bug-Bounty Programs Are Failing Everyone
In a Black Hat USA talk, Katie Moussouris will discuss why bug-bounty programs are failing in their goals, and what needs to happen next to use bounties in a way that improves security outcomes.
Massive New Phishing Campaign Targets Microsoft Email Service Users
The campaign uses adversary-in-the-middle techniques to bypass multifactor authentication, evade detection.
Critical RCE Bug in DrayTek Routers Opens SMBs to Zero-Click Attacks
SMBs should patch CVE-2022-32548 now to avoid a host of horrors, including complete network compromise, ransomware, state-sponsored attacks, and more.
Thousands of Mobile Apps Leaking Twitter API Keys
New finding comes amid report of overall surge in threats targeting mobile and IoT devices over the past year.
APT-Like Phishing Threat Mirrors Landing Pages
By dynamically mirroring an organization’s login page, threat actors are propagating legitimate-looking phishing attacks that encourage victims to offer up access to the corporate crown jewels.
School Kid Uploads Ransomware Scripts to PyPI Repository as 'Fun' Project
The malware packages had names that were common typosquats of a legitimate widely used Python library. One was downloaded hundreds of times.
Malicious npm Packages Scarf Up Discord Tokens, Credit Card Info
The campaign uses four malicious packages to spread "Volt Stealer" and "Lofy Stealer" malware in the open source npm software package repository.
1,000s of Phishing Attacks Blast Off From InterPlanetary File System
The peer-to-peer network IPFS offers an ingenious base for cyberattacks and is seeing a stratospheric increase in malicious hosting.
5 Ways Chess Can Inspire Strategic Cybersecurity Thinking
Rising interest in chess may feed the next generation of cybersecurity experts.
What Women Should Know Before Joining the Cybersecurity Industry
Three observations about our industry that might help demystify security for women entrants.
Capital One Breach Conviction Exposes Scale of Cloud Entitlement Risk
To protect against similar attacks, organizations should focus on bringing cloud entitlements and configurations under control.
Patch Now: Atlassian Confluence Bug Under Active Exploit
Attackers almost immediately leapt on a just-disclosed bug, CVE-2022-26138, affecting Atlassian Confluence, which allows remote, unauthenticated actors unfettered access to Confluence data.
Ransomware Hit on European Pipeline & Energy Supplier Encevo Linked to BlackCat
Customers across several European countries are urged to update credentials in the wake of the attack that affected a gas-pipeline operator and power company.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
ICYMI: Dark Web Happenings Edition With Evil Corp., MSP Targeting & More
Dark Reading's digest of other "don't-miss" stories of the week — including a Microsoft alert connecting disparate cybercrime activity together, and an explosion of Luca Stealer variants after an unusual Dark Web move.

3 Tips for Creating a Security Culture
Trying to get the whole organization on board with better cybersecurity is much tougher than it may sound.

For Big Tech, Neutrality Is Not an Option — and Never Really Was
Tech companies play a vital role in global communication, which has profound effects on how politics, policies, and human rights issues play out.

MORE
EDITORS' CHOICE
Chromium Browsers Allow Data Exfiltration via Bookmark Syncing
"Bruggling" emerges as a novel technique for pilfering data out from a compromised environment — or for sneaking in malicious code and attack tools.
LATEST FROM THE EDGE

Why Layer 8 Is Great
To help discern legitimate traffic from fraud, it helps to understand user intent as shown through their behavior.
LATEST FROM DR TECHNOLOGY

Large Language AI Models Have Real Security Benefits
Complex neural networks, including GPT-3, can deliver useful cybersecurity capabilities, such as explaining malware and quickly classifying websites, researchers find.
WEBINARS
  • Malicious Bots: What Enterprises Need to Know

    Bots are launching more complex and targeted attacks such as price scraping, credential stuffing, scalping, and credit card fraud, but many security defenders are still focused on only the most obvious attacks. Automated bot attacks are on the rise, but ...

  • Assessing Cyber Risk

    Top executives often ask, "how safe are we from a cyber breach?" But it can be difficult to quantitatively measure cyber risk, and even harder to assess your organization's attack surface. In this webinar, you'll learn how to evaluate your ...
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
PRODUCTS & RELEASES
ShiftLeft Appoints Prevention-First, Cybersecurity Visionary and AI/ML Pioneer Stuart McClure as CEO
Druva Introduces the Data Resiliency Guarantee of up to $10 Million
CompTIA CEO Outlines Initiative to Create the Pre-eminent Destination to Start, Build and ‘Supercharge’ a Tech Career
Netskope Acquires Infiot, Will Deliver Fully Integrated, Single-Vendor SASE Platform
Manufacturing Sector in 2022 Is More Vulnerable to Account Compromise and Supply Chain Attacks in the Cloud than Other Verticals
CREST Defensible Penetration Test Released
From Babuk Source Code to Darkside Custom Listings — Exposing a Thriving Ransomware Marketplace on the Dark Web
BlackCloak Bolsters Malware Protection With QR Code Scanner and Malicious Calendar Detection Features
MORE PRODUCTS & RELEASES
CURRENT ISSUE

Implementing Zero Trust In Your Enterprise: How to Get Started
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2022  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us