Two common attacks against on-premises Kerberos authentication servers — known as Pass the Ticket and Silver Ticket — can be used against Microsoft's Azure AD Kerberos, a security firms says
| | | LATEST SECURITY NEWS & COMMENTARY | | Microsoft Azure-Based Kerberos Attacks Crack Open Cloud Accounts Two common attacks against on-premises Kerberos authentication servers — known as Pass the Ticket and Silver Ticket — can be used against Microsoft's Azure AD Kerberos, a security firms says. Microsoft to Block Excel Add-ins to Stop Office Exploits The company will block the configuration files, which interact with Web applications — since threat actors increasingly use the capability to install malicious code. Attackers Crafted Custom Malware for Fortinet Zero-Day The "BoldMove" backdoor demonstrates a high level of knowledge of FortiOS, according to Mandiant researchers, who said the attacker appears to be based out of China. Compromised Zendesk Employee Credentials Lead to Breach Zendesk has alerted customers to a successful SMS phishing campaign that has exposed "service data," but details remain scarce. North Korea's Top APT Swindled $1B From Crypto Investors in 2022 The DPRK has turned crypto scams into big business to replenish its depleted state coffers. PayPal Breach Exposed PII of Nearly 35K Accounts The credential-stuffing attack, likely fueled by password reuse, yielded personal identifiable information that can be used to verify the authenticity of previously stolen data. EmojiDeploy Attack Chain Targets Misconfigured Azure Service Multiple misconfigurations in a service that underpins many Azure features could have allowed an attacker to remotely compromise a cloud user's system. T-Mobile Breached Again, This Time Exposing 37M Customers' Data This time around, weak API security allowed a threat actor to access account information, the mobile phone giant reported. Zacks Investment Research Hack Exposes Data for 820K Customers Zacks Elite sign-ups for the period 1999–2005 were accessed, including name, address, email address, phone number, and the password associated with Zacks.com. Name That Toon: Poker Hand Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. Hunting Insider Threats on the Dark Web Use threat intelligence to reduce chance of success for malicious insider and Dark Web threats. The Evolution of Account Takeover Attacks: Initial Access Brokers for IoT Head off account takeover attacks by being proactive about IoT security. Start with designing and building better security protocols into IoT devices, always change weak default configurations, and regularly apply patches to ensure that IoT devices are secure. Chat Cybersecurity: AI Promises a Lot, but Can It Deliver? Machine learning offers great opportunities, but it still can't replace human experts. Security and the Electric Vehicle Charging Infrastructure When EVs and smart chargers plug in to critical infrastructure, what can go wrong? Plenty. Log4j Vulnerabilities Are Here to Stay — Are You Prepared? Don't make perfect the enemy of good in vulnerability management. Context is key — prioritize vulnerabilities that are actually exploitable. Act quickly if the vulnerability is on a potential attack path to a critical asset. ChatGPT Opens New Opportunities for Cybercriminals: 5 Ways for Organizations to Get Ready From updating employee education and implementing stronger authentication protocols to monitoring corporate accounts and adopting a zero-trust model, companies can better prepare defenses against chatbot-augmented attacks. MORE NEWS / MORE COMMENTARY | | |
| | | | | WEBINARS | | Shoring Up the Software Supply Chain Across Enterprise Applications Modern-day software development depends heavily on third-party components, libraries, and frameworks. Attackers are increasingly targeting these software building blocks to compromise enterprise applications. In this webinar, experts discuss the ever-expanding software attack surface. Find out where potential attack vectors are ... Deciphering the Hype Around XDR Security teams are increasingly being asked about the organization's Extended Detection and Response capabilities. There is still a lot of confusion and misunderstanding about XDR and what it can accomplish. XDR goes beyond endpoint monitoring and detection, while extending visibility ... | | View More Dark Reading Webinars >> |
|
| | | | |
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
