PowerShell Gallery Prone to Typosquatting, Other Supply Chain Attacks

Klicken Sie hier, um Informationweek.com zu abonnieren

Kategorien: Dienstleistungen | Professionals Geschäftswaren Finanziell Kantoor Marketing Einzelhandel Einzelhandel Industrie Machines Alter: 14 - 18 Jahr 19 - 30 Jahr 31 - 64 Jahre

Laden...

1 jahr vor

Html
Text

Microsoft is aware of the issue, but so far its attempts to address it don't appear to have worked, the vendor says.

Follow Dark Reading:

August 17, 2023

LATEST SECURITY NEWS & COMMENTARY

PowerShell Gallery Prone to Typosquatting, Other Supply Chain Attacks Microsoft is aware of the issue, but so far its attempts to address it don't appear to have worked, the vendor says. Cyber Defenders Lead the AI Arms Race for Now Cyberattackers are slow to implement AI in their attack chains, according to Mandiant's analysis. QR Code Phishing Campaign Targets Top US Energy Company Attackers sent more than 1,000 emails with 2FA, MFA, and other security-related lures aimed at stealing Microsoft credentials. Mirai Common Attack Methods Remain Consistent, Effective While relatively unchanged, the notorious IoT botnet still continues to drive DDoS. Insurance Data Breach Victims File Class-Action Suit Against Law Firm This time, it's the law firm that got breached, then sued for what victims claim was inadequate protection and compensation for theft of personal data. Boards Don't Want Security Promises — They Want Action CISOs must demonstrate that security processes and updates reduce risk in measurable ways. Put emphasis on action, get the basics right, and improve processes. (Sponsored Article) How to Put the Sec in DevSecOps Learn the importance of adding security practices into DevOps life cycles and how to make security stronger. MORE NEWS / MORE COMMENTARY


HOT TOPICS
What's New in the NIST Cybersecurity Framework 2.0 Update to the NIST framework adds new "govern" function for cybersecurity. How & Why Cybercriminals Fabricate Data Leaks A closer look at the nature of fake leaks can provide guidance on how to effectively mitigate associated risks. 3 Major Email Security Standards Prove Too Porous for the Task Nearly 90% of malicious emails manage to get past SPF, DKIM, or DMARC, since threat actors are apparently using the same filters as legitimate users. 5 Ways CISA Can Help Cyber-Poor Small Businesses & Local Governments Adopting these recommendations will help SMBs and public-sector agencies that must deal with the same questions of network security and data safety as their larger cousins, but without the same resources. MORE

EDITORS' CHOICE

Microsoft Cloud Security Woes Inspire DHS Security Review Can the government help fix what's wrong in cloud security? An upcoming investigation is going to try. LATEST FROM THE EDGE
Citrix ADC, Gateways Still Backdoored, Even After Being Patched Even after updating Citrix networking appliances to address the critical vulnerability, enterprise defenders have to check each one to ensure they have not already been compromised. LATEST FROM DR TECHNNOLGY
New LLM Tool Seeks and Remediates Vulnerabilities Vicarius launches vuln_GPT, which it says will generate and execute scripts to ameliorate flaws such as the TETRA backdoor. LATEST FROM DR GLOBAL
The Gulf's Dizzying Tech Ambitions Present Risk & Opportunity Threats and opportunities are abound for the UAE and Gulf states, so can they deal with being a cybersecurity stronghold?

WEBINARS

Protecting the Database: How to Secure Your Enterprise Data

For many enterprises, the "crown jewels" are found in their database applications - virtual "crown jewels" of data in traditional database applications that are often linked to the Internet. What are the chief threats to today's databases? How can you ...

Implementing Zero-Trust With A Remote Workforce

The shift to remote work and a distributed workforce model highlighted the importance of the zero-trust model for organizations. Corporate endpoint devices are no longer protected behind the enterprise perimeter, connect to routers with unknown levels of security, and share ...

View More Dark Reading Webinars >>

WHITE PAPERS

9 Traits You Need to Succeed as a Cybersecurity Leader The Ultimate Guide to the CISSP Rediscovering Your Identity 2023 Global Future of Cyber Report Cybersecurity in a post pandemic world: A focus on financial services Cybersecurity in 2023 and beyond: 12 leaders share their forecasts Know your customer: Enable a 360-degree view with customer identity & access management

View More White Papers >>

FEATURED REPORTS

How to Use Threat Intelligence to Mitigate Third-Party Risk

The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ...

How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment

Concerns over API security and low-code/no-code use added to an already-full plate of application security challenges for many organizations over the last year. IT and security decision-makers are deeply concerned about compromises resulting from vulnerabilities in the software supply ...

Successfully Managing Identity in Modern Cloud and Hybrid Environments

Cloud promised to simplify the security and management of enterprise systems. In many ways it has, but when it comes to identity management it's as complicated as ever. This report details how to get identity programs on track -- and ...

View More Dark Reading Reports >>

PRODUCTS & RELEASES

Beyond Identity Launches Passkey Adoption Tool, The Passkey Journey 67% of Federal Government Agencies Are Confident in Meeting Zero Trust Executive Order Deadline Dig Security State of Cloud Data Security 2023 Report Finds Exposed Sensitive Data in More Than 30% of Cloud Assets Call for Applications Open for DataTribe's Sixth Annual Cybersecurity Startup Challenge MORE PRODUCTS & RELEASES

CURRENT ISSUE

How Supply Chain Attacks Work, and How to Stop Them
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES

Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA

To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.

Thoughts about this newsletter? Give us feedback.

Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:

If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.

We take your privacy very seriously. Please review our Privacy Statement.

Teilen auf

Laden...

Weitere Newsletter von Informationweek.com

Achieving Optimal Security Outcomes Through Platformization Informationweek.com
Gestern um 16:31
FEATURES EDITION | Microsoft Highlights Security Exposure Management at Ignite Informationweek.com
Gestern um 14:31
Chinese APT Gelsemium Deploys 'Wolfsbane' Linux Variant Informationweek.com
Letzten Freitag um 14:04

Weitere Newsletter von Informationweek.com

Laden...

Andere Kategorien anzeigen

Dienstleistungen | Professionals Geschäftswaren Finanziell Kantoor Marketing Einzelhandel Einzelhandel Industrie Machines

PowerShell Gallery Prone to Typosquatting, Other Supply Chain Attacks

How Supply Chain Attacks Work, and How to Stop Them

Teilen auf

Weitere Newsletter von Informationweek.com

Verwandte Newsletter

Andere Kategorien anzeigen