Ticketmaster Breach Showcases SaaS Data Security Risks

MFA and other mechanisms are critical to protect against unauthorized access to data in cloud application environments, but businesses still fall down on the job. [TechWeb]( Follow Dark Reading: [RSS]( June 05, 2024 LATEST SECURITY NEWS & COMMENTARY [Ticketmaster Breach Showcases SaaS Data Security Risks]( MFA and other mechanisms are critical to protect against unauthorized access to data in cloud application environments, but businesses still fall down on the job. [Ukrainian Systems Hit by Cobalt Strike Via a Malicious Excel File]( The campaign uses a multistage payload-delivery process and various mechanisms for evasion and persistence. ['Fog' Ransomware Rolls in to Target Education, Recreation Sectors]( A new group of hackers is encrypting data in virtual machines, leaving ransom notes, and calling it a day. [Chinese Threat Clusters Triple-Team a High-Profile Asia Government Org]( A trio of Chinese-affiliated clusters performed specialized tasks in a broader attack chain, likely under the watch of a single organization. [Cox Biz Auth-Bypass Bug Exposes Millions of Devices to Takeover]( The US broadband provider fixed an issue that allowed attackers to gain access to business customers’ modems, and then access info and execute commands with the same permissions of an ISP support team. [Perfecting the Proactive Security Playbook]( It's more important than ever for organizations to prepare themselves and their cybersecurity postures against known and unknown threats. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Atlassian Confluence High-Severity Bug Allows Code Execution]( Because of the role the Confluence Server plays in managing documentation and knowledge data bases, the researchers recommend users upgrade to patch CVE-2024-21683 as soon as possible. [CISA's Secure by Design Initiative at 1: A Report Card]( There is more that needs to be done, but, so far, the initiative is a success. [Russia Aims Cyber Operations at Summer Olympics]( As always, Russian APTs are hoping to foment unrest by stoking existing societal divides and fears, this time around the Olympics and EU politics; and, concerns remain around physical disruption. [CISO Corner: Federal Cyber Deadlines Loom; Private Chatbot Danger]( Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: fighting cybersecurity burnout; BlackSuit ransomware; the SEC breach rules and risk management. [MORE]( PRODUCTS & RELEASES [ISC2 Provides Opportunity for Employers to Connect With Cybersecurity Job Seekers]( [KnowBe4 and MobileMind Collaborate to Provide Cybersecurity Training for K12 School Districts]( [Portkey Announces Integration of Zero-Knowledge Proofs for Enhanced Identity Management and Security]( [Ockam and Redpanda Partner to Launch Zero-Trust Streaming Data Platform]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Ticketmaster Confirms Cloud Breach, Amid Murky Details]( Ticketmaster parent Live Nation has filed a voluntary SEC data breach notification, while one of its cloud providers, Snowflake, also confirmed targeted cyberactivity against some of its customers. LATEST FROM THE EDGE [Lawyers Ask Forensics Investigators for Help Outside Cybersecurity]( Attorneys are increasingly realizing that forensics investigators have skills analyzing documents and uncovering digital clues that could help them in non-cybersecurity cases. LATEST FROM DR TECHNOLOGY [NIST Commits to Plan to Resume NVD Work]( The agency aims to burn down the backlog of vulnerabilities waiting to be added to the National Vulnerabilities Database via additional funding, third-party contract, and a partnership with CISA. LATEST FROM DR GLOBAL [Africa Ranks Low on Phishing Cyber Resilience]( As threats to Africa's cybersecurity continue to grow, the continent faces high risks to its society and economy with a growing cyber skills gap and lack of preparedness. WEBINARS - [Intruders in the Library: Exploring DLL Hijacking Using Cortex XDR Analytics]( - [Preventing Attackers From Wandering Through Your Enterprise Infrastructure]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [The Forrester Wave™: External Threat Intelligence Service Providers, Q3 2023]( - [Google Threat Intelligence]( - [SecOps Checklist]( - [Elastic named a Leader in The Forrester Wave™: Security Analytics Platforms, Q4 2022]( - [2023 Global Threat Report]( - [Cisco Panoptica for Simplified Cloud-Native Application Security]( - [The Cloud Threat Landscape: Security learnings from analyzing 500+ cloud environments]( [View More White Papers >>]( FEATURED REPORTS - [2023 Global Threat Report]( - [Industrial Networks in the Age of Digitalization]( - [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=123894&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_06.05.24&sp_cid=53832&utm_content=DR_NL_Dark%20Reading%20Daily_06.05.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#c3 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)