| | | LATEST SECURITY NEWS & COMMENTARY | | Microsoft Patch Tuesday Puts Spotlight on Windows Print Spooler Three of the 44 vulnerabilities patched today exist in Windows Print Spooler, a primary focus of security fixes over the past few months. 14 Vulnerabilities Found in Widely Used TCP/IP Stack "Infra:Halt" flaws in NicheStack impact potentially millions of devices used in OT and industrial control system environments, analysts say. CISA Launches JCDC, the Joint Cyber Defense Collaborative "We can't do this alone," the new CISA director told attendees in a keynote at Black Hat USA on Thursday. Misconfigured Salesforce Communities Place Orgs at Risk of Data Theft, Adversary Recon Organizations often inadvertently let unauthenticated guests have access to a lot more data within these communities than they should, security vendor says. Attacks Leveraging Open Redirects on Google Meet, DoubleClick Surge Phishing operators took advantage of the issue to redirect victims to malicious websites. FragAttacks Foil 2 Decades of Wireless Security Wireless security protocols have improved, but product vendors continue to make implementation errors that allow a variety of attacks. Researchers Call for 'CVE' Approach for Cloud Vulnerabilities New research suggests isolation among cloud customer accounts may not be a given — and the researchers behind the findings issue a call to action for cloud security. Incident Responders Explore Microsoft 365 Attacks in the Wild Mandiant experts discuss the novel techniques used to evade detection, automate data theft, and achieve persistent access. Researchers Find Significant Vulnerabilities in macOS Privacy Protections Attacks require executing code on a system but foil Apple's approach to protecting private data and systems files. Black Hat News In case you missed Black Hat USA or just some of the Briefings, check out Dark Reading's comprehensive coverage.
Why It's Time for Cybersecurity to Go Mainstream Improving cybersecurity must be a collective effort. Here are three achievable steps the government, private sector, and broader public can take to make a difference now. Mind Over Matter: Revamping Security Awareness With Psychology Despite the prevalence of employee-centric attacks, most organizations spend less than 5% of their security budgets on people. In Attack Surface Management, It's What You Don't See That Can Sink You To fully protect your organization, you need to go deep and discover the risky IT assets, networks, and environments you don't yet know about. Top 5 Techniques Attackers Use to Bypass MFA Like other protective measures, multifactor authentication isn't failsafe or foolproof.
The Misunderstood Security Risks of Behavior Analytics, AI & ML By separating the hype from reality, the risks of relying on AI and ML to identify security threats become clear. Action Bias: The Danger of Thinking Too Quickly Security pros are advised to act quickly in crises, but hastily made decisions may do more harm than good. New Framework Aims to Detect & Address Synthetic Media Social Engineering Cybercriminals have adopted synthetic media to launch increasingly complex and realistic social engineering attacks in recent years, and FBI officials warn the threat is poised to grow. How Threat Analysts Learned from Attackers' OpSec Mistakes In targeting executives at a COVID research firm, state-sponsored threat group ITG18 made some mistakes. Here's how IBM X-Force used that to their advantage. New Android Malware Infects Thousands of Facebook Accounts The FlyTrap Trojan has spread to more than 10,000 victims via social media hijacking, third-party app stores, and sideloaded applications. MORE NEWS & COMMENTARY | | | | |
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech
303 Second St., Suite 900 South Tower, San Francisco, CA 94107 | | To update your profile, change your e-mail address, or unsubscribe, click here. | | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
