Dark Reading:

Attacker Apparently Didn't Have to Breach a Single System to Pwn Uber

Alleged teen hacker claims he found an admin password in a network share inside Uber that allowed complete access to ride-sharing giant's AWS, Windows, Google Cloud, VMware, and other environments.

Dark Reading:

Tackling Financial Fraud With Machine Learning

Financial services firms need to learn how — and when — to put machine learning to use.

Dark Reading:

Real Estate Phish Swallows 1,000s of Microsoft 365 Credentials

The attacks showcase broader security concerns as phishing grows in volume and sophistication, especially given that Windows Defender's Safe Links feature for identifying malicious links in emails completely failed in the campaign.

Dark Reading:

Keep Today's Encrypted Data From Becoming Tomorrow's Treasure

Building quantum resilience requires C-suite commitment, but it doesn't have to mean tearing out existing infrastructure.

Dark Reading:

DDoS Attack Against Eastern Europe Target Sets New Record

The target has been under relentless DDoS attack, which ultimately set a new packets-per-second record for Europe.

Dark Reading:

Hacker Pwns Uber Via Compromised VPN Account

A teen hacker reportedly social-engineered an Uber employee to hand over an MFA code to unlock the corporate VPN, before burrowing deep into Uber's cloud and code repositories.

Dark Reading:

Highlights of the 2022 Pwnie Awards

Since 2007, the Pwnies have celebrated the good, the bad, and the wacky in cybersecurity. Enjoy some of the best moments of this year's ceremony.

Dark Reading:

Business Application Compromise & the Evolving Art of Social Engineering

Be wary of being pestered into making a bad decision. As digital applications proliferate, educating users against social engineering attempts is a key part of a strong defense.

Dark Reading:

Note to Security Vendors: Companies Are Picking Favorites

A stunning three-quarters of companies are looking to consolidate their security products this year, up from 29% in 2020, suggesting fiercer competition among cybersecurity vendors.

Dark Reading:

Malware on Pirated Content Sites a Major WFH Risk for Enterprises

Malware-laced ads are hauling in tens of millions of dollars in revenue for operators of pirated-content sites — posing a real risk to enterprises from remote employees.

Dark Reading:

Will the Cloud End the Endpoint?

When an organization fully embraces the cloud, traditional endpoints become disposable. Organizations must adapt their security strategy for this reality.

Dark Reading:

Popular IoT Cameras Need Patching to Fend Off Catastrophic Attacks

Several models of EZVIZ cameras are open to total remote control by cyberattackers, and image exfiltration and decryption.

Dark Reading:

5 Steps to Strengthening Cyber Resilience

Organizations are thinking about their cyber resilience. Here are five steps security teams should take.

Dark Reading:

Unflagging Iranian Threat Activity Spurs Warnings, Indictments From US Government

Authorities are cracking down on persistent cybercriminal attacks from APTs associated with Iran's Islamic Revolutionary Guard Corps.

Dark Reading:

Telos Corporation to Help Enterprises Operationalize Cybersecurity Compliance and Regulatory Risks with IBM Security

Solution addresses compliance challenges in complex landscapes

Dark Reading:

5 Best Practices for Building Your Data Loss Prevention Strategy

The entire security team should share in the responsibility to secure sensitive data.

Dark Reading:

Fortanix Raises $90M in Series C Funding Led by Goldman Sachs Asset Management

Oversubscribed round validates company's data-first approach to solving cloud security and privacy issues for global businesses thwarting data breaches and ransomwar

Dark Reading:

Token-Mining Weakness in Microsoft Teams Makes for Perfect Phish

Access tokens for other Teams users can be recovered, allowing attackers to move from a single compromise to the ability to impersonate critical employees, but Microsoft isn't planning to patch.

Dark Reading:

White House Guidance Recommends SBOMs for Federal Agencies

New executive order stops short of mandating NIST's guidelines, but recommends SBOMs for federal agencies across government.

Dark Reading:

How to Use SSH Keys and 1Password to Sign Git Commits

This Tech Tip walks through the steps to set up signed commits with SSH keys stored in 1Password.

Dark Reading:

SparklingGoblin Updates Linux Version of SideWalk Backdoor in Ongoing Cyber Campaign

Researchers link the APT to an attack on a Hong Kong university, which compromised multiple key servers using advanced Linux malware.

Dark Reading:

To Ease the Cybersecurity Worker Shortage, Broaden the Candidate Pipeline

With enough passion, intelligence, and effort, anyone can be a successful cybersecurity professional, regardless of education or background.

Dark Reading:

Cyberattacks Are Now Increasingly Hands-On, Break Out More Quickly

Interactive intrusion campaigns jumped nearly 50%, while the breakout time between initial access and lateral movement shrank to less than 90 minutes, putting pressure on defenders to react quickly.

Dark Reading:

TeamTNT Hits Docker Containers via 150K Malicious Cloud Image Pulls

Honeypot activity exposed two credentials that the threat actor is using to host and distribute malicious container images, security vendor says.

Dark Reading:

Key Takeaways From the Twitter Whistleblower's Testimony

Twitter did not know what data it had or who had access to it, Peiter "Mudge" Zatko told Congressional lawmakers during a Senate panel hearing.

Dark Reading:

Bishop Fox Releases Cloud Enumeration Tool CloudFox

CloudFox is a command-line tool that helps penetration testers understand unknown cloud environments.

Dark Reading:

Microsoft Quashes Actively Exploited Zero-Day, Wormable Critical Bugs

In Microsoft's lightest Patch Tuesday update of the year so far, several security vulnerabilities stand out as must-patch, researchers warn.

Dark Reading:

U-Haul Customer Contract Search Tool Compromised

Password compromise led to unauthorized access to a customer contract search tool over a five-month window, according to the company.

Dark Reading:

ShadowPad Threat Actors Return With Fresh Government Strikes, Updated Tools

Cyber spies are using legitimate apps for DLL sideloading, deploying an updated range of malware, including the new "Logdatter" info-stealer.

Dark Reading:

Cyberattackers Abuse Facebook Ad Manager in Savvy Credential-Harvesting Campaign

Facebook lead-generation forms are being repurposed to collect passwords and credit card information from unsuspecting Facebook advertisers.

Dark Reading:

Name That Toon: Shiver Me Timbers!

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Dark Reading:

Opus Security Emerges from Stealth with $10M in Funding for Cloud SecOps and Remediation Processes

Siemplify veterans introduce Cloud Security Orchestration and Remediation platform, backed by high-profile investors including YL Ventures, Tiger Global, and CEOs of CrowdStrike and CyberArk

Dark Reading:

Arcserve Independent Global Study Finds Businesses Still Losing Mission-Critical Company Data

.

Dark Reading:

Lorenz Ransomware Goes After SMBs via Mitel VoIP Phone Systems

The ransomware gang has been seen exploiting a Mitel RCE flaw discovered in VoIP devices in April (and patched in July) to perform double-extortion attacks.

Dark Reading:

Business Security Starts With Identity

How identity-centric security can support business objectives.

Dark Reading:

Gartner Survey Shows 75% of Organizations Are Pursuing Security Vendor Consolidation in 2022

.

Dark Reading:

Attackers Can Compromise Most Cloud Data in Just 3 Steps

An analysis of cloud services finds that known vulnerabilities typically open the door for attackers, while insecure cloud architectures allow them to gain access to the crown jewels.

Dark Reading:

How Machine Learning Can Boost Network Visibility for OT Teams

Opswat says its new tool uses neural networks to protect critical environments through AI-assisted asset discovery, network visibility, and risk management.

Dark Reading:

Google Releases Pixel Patches for Critical Bugs

Unpatched Pixel devices are at risk for escalation of privileges, Google warns.

Dark Reading:

Federal Privacy Bill That Would Preempt State Privacy Laws Faces Uncertain Future

The American Data Privacy and Protection Act would provide federal-level protections that don't exist in most states, but override existing, stronger state protections.

Dark Reading:

Cisco Data Breach Attributed to Lapsus$ Ransomware Group

Analysis shows attackers breached employee credentials with voice phishing and were preparing a ransomware attack against Cisco Systems.

Dark Reading:

Cybersecurity Awareness Campaigns: How Effective Are They in Changing Behavior?

Your chance to be a part of a ground-breaking study.

Dark Reading:

Google Completes Acquisition of Mandiant

The threat-intelligence and cyberdefense company company will join Google Cloud and retain its brand name.

Dark Reading:

Security Awareness Training Must Evolve to Align With Growing E-Commerce Security Threats

Users must continually be made aware of new threats, including attacks targeting shipping, the supply chain, email, and hybrid workers.

Dark Reading:

Zane Lackey: 'Technology Is the Easy Bit'

Security Pro File: The DevOps evangelist and angel investor shares his expertise with the next generation of startups. If you're lucky, maybe he'll even share his Lagavulin.

Dark Reading:

Monti, the New Conti: Ransomware Gang Uses Recycled Code

A new group, Monti, appears to have used leaked Conti code, TTPs, and infrastructure approaches to launch its own ransomware campaign.

Dark Reading:

Attackers Exploit Zero-Day WordPress Plug-in Vulnerability in BackupBuddy

The critical flaw in BackupBuddy is one of thousands of security issues reported in recent years in products that WordPress sites use to extend functionality.

Dark Reading:

US Sanctions Iran Over APT Cyberattack Activity

The Treasury Department links the MuddyWater APT and APT39 to Iran's intelligence apparatus, which is now blocked from doing business with US entities.

Dark Reading:

Microsoft, Cloud Providers Move to Ban Basic Authentication

Microsoft moves ahead with a plan to sunset basic authentication, and other providers are moving — or have moved — to requiring more secure authentication as well. Is your company ready?

Dark Reading:

LockBit, ALPHV & Other Ransomware Gang Leak Sites Hit by DDoS Attacks

A sweeping effort to prevent a raft of targeted cybercrime groups from posting ransomware victims' data publicly is hampering their operations, causing outages.

Dark Reading:

Why Ports Are at Risk of Cyberattacks

More docked ships bring a new challenge. The longer a ship is docked, the more vulnerable the port is to a cyberattack.

Dark Reading:

Darktrace Shares Plunge After Thoma Bravo Acquisition Falls Apart

No agreement could be reached on terms of a firm offer, the provider of AI-based cybersecurity products says.

Dark Reading:

A Pragmatic Response to the Quantum Threat

You certainly don't need to panic, but you do need to form a plan to prepare for the post-quantum reality.

Dark Reading:

5 Keys to Better Key Management

From analyzing your company's risk profile to knowing where keys are stored and who can access them, prioritize key clean-up and management. Make compliance an outcome and develop a risk management strategy.

Dark Reading:

Meta to Appeal $400M GDPR Fine for Mishandling Teen Data in Instagram

Instagram and Facebook parent company Meta was slapped with the fine for exposing the personal data of minors.

Dark Reading:

Vulnerability Exploits, Not Phishing, Are the Top Cyberattack Vector for Initial Compromise

A slew of Microsoft Exchange vulnerabilities (including ProxyLogon) fueled a surge in attacks targeting software flaws in 2021, but the trend has continued this year.

Dark Reading:

Former Conti Ransomware Members Join Initial Access Broker Group Targeting Ukraine

The initial access broker (IAB) for ransomware gangs known as UAC-0098 has targeted Ukrainian organizations in five separate phishing campaigns spanning April to August.

Dark Reading:

SaaS Alerts Secures $22M Investment from Insight Partners to Scale SaaS Security Monitoring and Response Platform

Investment to fuel growth and market presence as demand grows for SaaS' next-generation security tools for managed service providers.

Dark Reading:

Report Highlights Prevalence of Software Supply Chain Risks

Multiclient research report shows organizations are significantly increasing efforts to secure their supply chains in response to software supply chain attacks.

Dark Reading:

Pen Testing Evolves for the DevSecOps World

Penetration testing not only serves to triage and validate other defect discovery activities, it informs risk management activities, such as threat modeling and secure design.