In a Black Hat USA talk, Katie Moussouris will discuss why bug-bounty programs are failing in their goals, and what needs to happen next to use bounties in a way that improves security outcomes.
| | | LATEST SECURITY NEWS & COMMENTARY | | Why Bug-Bounty Programs Are Failing Everyone In a Black Hat USA talk, Katie Moussouris will discuss why bug-bounty programs are failing in their goals, and what needs to happen next to use bounties in a way that improves security outcomes. Massive New Phishing Campaign Targets Microsoft Email Service Users The campaign uses adversary-in-the-middle techniques to bypass multifactor authentication, evade detection. Critical RCE Bug in DrayTek Routers Opens SMBs to Zero-Click Attacks SMBs should patch CVE-2022-32548 now to avoid a host of horrors, including complete network compromise, ransomware, state-sponsored attacks, and more. Thousands of Mobile Apps Leaking Twitter API Keys New finding comes amid report of overall surge in threats targeting mobile and IoT devices over the past year. APT-Like Phishing Threat Mirrors Landing Pages By dynamically mirroring an organization’s login page, threat actors are propagating legitimate-looking phishing attacks that encourage victims to offer up access to the corporate crown jewels. School Kid Uploads Ransomware Scripts to PyPI Repository as 'Fun' Project The malware packages had names that were common typosquats of a legitimate widely used Python library. One was downloaded hundreds of times. Malicious npm Packages Scarf Up Discord Tokens, Credit Card Info The campaign uses four malicious packages to spread "Volt Stealer" and "Lofy Stealer" malware in the open source npm software package repository. 1,000s of Phishing Attacks Blast Off From InterPlanetary File System The peer-to-peer network IPFS offers an ingenious base for cyberattacks and is seeing a stratospheric increase in malicious hosting. 5 Ways Chess Can Inspire Strategic Cybersecurity Thinking Rising interest in chess may feed the next generation of cybersecurity experts. What Women Should Know Before Joining the Cybersecurity Industry Three observations about our industry that might help demystify security for women entrants. Capital One Breach Conviction Exposes Scale of Cloud Entitlement Risk To protect against similar attacks, organizations should focus on bringing cloud entitlements and configurations under control. Patch Now: Atlassian Confluence Bug Under Active Exploit Attackers almost immediately leapt on a just-disclosed bug, CVE-2022-26138, affecting Atlassian Confluence, which allows remote, unauthenticated actors unfettered access to Confluence data. Ransomware Hit on European Pipeline & Energy Supplier Encevo Linked to BlackCat Customers across several European countries are urged to update credentials in the wake of the attack that affected a gas-pipeline operator and power company. MORE NEWS / MORE COMMENTARY | | |
| | | | | WEBINARS | | Malicious Bots: What Enterprises Need to Know Bots are launching more complex and targeted attacks such as price scraping, credential stuffing, scalping, and credit card fraud, but many security defenders are still focused on only the most obvious attacks. Automated bot attacks are on the rise, but ... Assessing Cyber Risk Top executives often ask, "how safe are we from a cyber breach?" But it can be difficult to quantitatively measure cyber risk, and even harder to assess your organization's attack surface. In this webinar, you'll learn how to evaluate your ... | | View More Dark Reading Webinars >> |
|
| | | | |
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
