CircleCI, LastPass, Okta, and Slack: Cyberattackers Pivot to Target Core Enterprise Tools

Klicken Sie hier, um Informationweek.com zu abonnieren

Kategorien: Dienstleistungen | Professionals Geschäftswaren Finanziell Kantoor Marketing Einzelhandel Einzelhandel Industrie Machines Alter: 14 - 18 Jahr 19 - 30 Jahr 31 - 64 Jahre

Laden...

1 jahr vor

Html
Text

High-profile software provider compromises in the past few months show that threat actors are actively targeting the services underpinning corporate infrastructure. Here's what to do about it.

Follow Dark Reading:

January 17, 2023

LATEST SECURITY NEWS & COMMENTARY

CircleCI, LastPass, Okta, and Slack: Cyberattackers Pivot to Target Core Enterprise Tools High-profile software provider compromises in the past few months show that threat actors are actively targeting the services underpinning corporate infrastructure. Here's what to do about it. Java, .NET Developers Prone to More Frequent Vulnerabilities About three-quarters of Java and .NET applications have vulnerabilities from the OWASP Top 10 list, while only 55% of JavaScript codebases have such flaws, according to testing data. Norton LifeLock Warns on Password Manager Account Compromises Password manager accounts may have, ironically, been compromised via simple credential stuffing, thanks to password reuse. Malware Comes Standard With This Android TV Box on Amazon The bargain T95 Android TV device was delivered with preinstalled malware, adding to a trend of Droid devices coming out-of-the-box tainted. Sneaky New Stealer Woos Corporate Workers Through Fake Zoom Downloads Rhadamanthys spreads through Google Ads that redirect to bogus download sites for popular workforce software — as well as through more typical malicious emails. Fast-Track Secure Development Using Lite Threat Modeling Establish clear and consistent processes and standards to scale lite threat modeling's streamlined approach across your organization. Securing the World's Energy Systems: Where Physical Security and Cybersecurity Must Meet Energy has become the new battleground for both physical and cyber security warfare, driven by nation-state actors, increasing financial rewards for ransomware gangs and decentralized devices. Chris Price reports. MORE NEWS / MORE COMMENTARY


HOT TOPICS
Kubernetes-Related Security Projects to Watch in 2023 Organizations must be vigilant about balancing performance gains with security, governance, and compliance as they expand their use of Kubernetes. Researchers Find 'Digital Crime Haven' While Investigating Magecart Activity A security vendor's investigation of infrastructure associated with a new, crypto-focused Magecart skimmer leads to discovery of cryptoscam sites, malware distribution marketplace, Bitcoin mixers, and more. $20K Buys Insider Access to Telegram Servers, Dark Web Ad Claims In the ad, cybercriminals are offering to sell employee-level access to Telegram, researchers warn. MORE

EDITORS' CHOICE

Better Phishing, Easy Malicious Implants: How AI Could Change Cyberattacks Current defenses are able to protect against today's AI-enhanced cybersecurity threats, but that won't be the case for long as these attacks become more effective and sophisticated. LATEST FROM THE EDGE
Why Mean Time to Repair Is Not Always A Useful Security Metric Analyzing and learning from incidents is the ideal path to finding more insightful data and metrics, according to the VOID report. LATEST FROM DR TECHNOLOGY
Software Supply Chain Security Needs a Bigger Picture SBOMs aren't enough. OpenSSF's Alpha-Omega brings in new blood to help secure the open source projects most impactful to the software supply chain.

WEBINARS

Rethinking Authentication: MFA, Passwordless, Certificates, and More

Today's data protection requires stronger, better authentication. What does going beyond passwords look like? What are some of the latest strategies around authentication and authorization? What is continuous authentication and what would it look like in your organization? What kind ...

Detecting, Analyzing, and Mitigating Targeted Attacks

For many security professionals, the nightmare scenario keeping them awake at night is a sophisticated, targeted attack aimed directly at their own organization and its specific defenses. In this webinar, experts describe the type of tools and processes necessary to ...

View More Dark Reading Webinars >>

WHITE PAPERS

How Machine Learning, AI & Deep Learning Improve Cybersecurity State of Email Security Ransomware Resilience and Response: The Next-Generation Ransomware Is On The Rise State of Ransomware Readiness: Facing the Reality Gap How Hybrid Work Fuels Ransomware Attacks

View More White Papers >>

FEATURED REPORTS

10 Hot Talks From Black Hat USA 2022

Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ...

The Promise and Reality of Cloud Security

Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ...

How Machine Learning, AI & Deep Learning Improve Cybersecurity

View More Dark Reading Reports >>

PRODUCTS & RELEASES

Cloudflare Wins CISA Contract for Registry and Authoritative Domain Name System (DNS) Services Darktrace Publishes 2022 Cyberattack Trend Data For Energy, Healthcare & Retail Sectors Globally Cloudflare Expands Relationship With Microsoft SailPoint Acquires SecZetta to Provide Identity Security for Non-Employee Identities MORE PRODUCTS & RELEASES

CURRENT ISSUE

The Promise and Reality of Cloud Security
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES

Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA

To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.

Thoughts about this newsletter? Give us feedback.

Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:

If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.

We take your privacy very seriously. Please review our Privacy Statement.

Teilen auf

Laden...

Weitere Newsletter von Informationweek.com

Fancy Bear 'Nearest Neighbor' Attack Uses Nearby Wi-Fi Network Informationweek.com
Vor 8 Stunden
Tell Us About Security in Application Development Informationweek.com
Vor 9 Stunden
Cisco Fuels McLaren F1 Team’s World Championship Pursuit Informationweek.com
Vor 9 Stunden

Weitere Newsletter von Informationweek.com

Laden...

Andere Kategorien anzeigen

Dienstleistungen | Professionals Geschäftswaren Finanziell Kantoor Marketing Einzelhandel Einzelhandel Industrie Machines

CircleCI, LastPass, Okta, and Slack: Cyberattackers Pivot to Target Core Enterprise Tools

The Promise and Reality of Cloud Security

Teilen auf

Weitere Newsletter von Informationweek.com

Verwandte Newsletter

Andere Kategorien anzeigen