New York Times Internal Data Nabbed From GitHub

The tranche of data, lifted from underprotected GitHub repositories, reportedly includes source code, though the country's paper of record has not yet confirmed the nature of the data accessed. [TechWeb]( Follow Dark Reading: [RSS]( June 11, 2024 LATEST SECURITY NEWS & COMMENTARY [New York Times Internal Data Nabbed From GitHub]( The tranche of data, lifted from underprotected GitHub repositories, reportedly includes source code, though the country's paper of record has not yet confirmed the nature of the data accessed. [Snowflake Cloud Accounts Felled by Rampant Credential Issues]( A threat actor has accessed data belonging to at least 165 organizations using valid credentials to their Snowflake accounts, thanks to no MFA and poor password hygiene. [Microsoft Modifies 'Recall' AI Feature Amid Privacy, Security Failings]( In response to recent public outcry, Recall is getting new security accouterments. Will that be enough to quell concerns? [A Look at the Riskiest Connected Devices of 2024]( VoIP gear, hypervisors, medical equipment, building automation, printers, and more pose broad risk to organizations, with many facing danger from a combo of IT, IoT, and OT all at once. This listicle breaks it down. [Smishers Stand Up Fake Phone Tower to Blast Malicious Texts]( London cops make arrests in connection with scam SMS messages, purportedly from official organizations, being sent out from bespoke phone mast. [Is a US Nationwide Privacy Law Really Coming?]( If passed, APRA will be a giant leap forward for the rights and freedoms of Americans. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [CISO Corner: Red Sox CloudSec; Deepfake Biz Risk; Ticketmaster Takeaways]( Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: Proactive playbooks, a US-Kenya partnership, and the trouble with shadow engineering. [Understanding Security's New Blind Spot: Shadow Engineering]( In the rush to digital transformation, many organizations are exposed to security risks associated with citizen developer applications without even knowing it. [Mallox Ransomware Variant Targets Privileged VMWare ESXi Environments]( Novel attack vector uses a custom shell for payload delivery and execution — and only goes after systems with administrative privileges. [Cybersecurity Job Hunting May Come Down to Certifications]( If current cybersecurity workers only fill 85% of the need in the US, why are so many people still looking for positions? The data from the private-public NIST partnership CyberSeek offers some insight. [Remote Work's Hidden Dangers]( Ten cybersecurity strategies for enterprises to keep remote work safer. [Developing a Plan to Respond to Critical CVEs in Open Source Software]( Establishing a clear process for developers to respond to critical CVEs is essential for having a rapid and coordinated response. [MORE]( PRODUCTS & RELEASES [Cloud Security Alliance Survey Finds 70% of Organizations Have Established Dedicated SaaS Security Teams]( [EV Manufacturer BYD Selects Karamba Security to Meet Global Automotive Cybersecurity Regulations]( [Notable Capital Launches Rising in Cyber to Spotlight Promising Cybersecurity Startups]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [SolarWinds Flaw Flagged by NATO Pen Tester]( The latest platform update from SolarWinds includes patches for three vulnerabilities, including two high-severity bugs. LATEST FROM THE EDGE [Making Choices for Stronger Vulnerability Management]( The threat environment will continue to grow in complexity. Now is the time for organizations to streamline how they manage and mitigate overlooked vulnerabilities. LATEST FROM DR TECHNOLOGY [Tokenization Moves Beyond Payments to Personal Privacy]( Pseudonymous masking has made credit card transactions more secure, but Visa has even greater plans for tokenization: giving users control of their data. LATEST FROM DR GLOBAL [Governments, Businesses Tighten Cybersecurity Around Hajj Season]( While cyberattacks drop slightly during the week of the Islamic pilgrimage, organizations in Saudi Arabia and other countries with large Muslim populations see attacks on the rise. WEBINARS - [Empowering Developers, Automating Security: The Future of AppSec]( - [Intruders in the Library: Exploring DLL Hijacking Using Cortex XDR Analytics]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [How Cyber Threat Intelligence Empowers the C-Suite]( - [2024 InformationWeek US IT Salary Report]( - [Elastic named a Leader in The Forrester Wave™: Security Analytics Platforms, Q4 2022]( - [Elastic named a Leader in The Forrester Wave™: Security Analytics Platforms, Q4 2022]( - [The Future of Cloud Security: Attack Paths & Graph-based Technology]( - [Cisco Panoptica for Simplified Cloud-Native Application Security]( - [A Short Primer on Container Scanning]( [View More White Papers >>]( FEATURED REPORTS - [2023 Global Threat Report]( - [Zero-Trust Adoption Driven by Data Protection]( - [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=123985&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_06.11.24&sp_cid=53912&utm_content=DR_NL_Dark%20Reading%20Daily_06.11.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#84 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)