Unfixed Microsoft Entra ID Authentication Bypass Threatens Hybrid IDs

The attack affects organizations that have synced multiple on-premises Active Directory domains to a single Azure tenant. [TechWeb]( Follow Dark Reading: [RSS]( August 16, 2024 LATEST SECURITY NEWS & COMMENTARY [Unfixed Microsoft Entra ID Authentication Bypass Threatens Hybrid IDs]( The attack affects organizations that have synced multiple on-premises Active Directory domains to a single Azure tenant. [SolarWinds: Critical RCE Bug Requires Urgent Patch]( The vulnerability was given a high-severity CVSS score, indicating that customers should act swiftly to mitigate the flaw. [Google: Iran's Charming Kitten Targets US Presidential Elections, Israeli Military]( The threat group tracked as APT42 remains on the warpath with various phishing and other social engineering campaigns, as tensions with Israel rise. [Beyond the Hype: Unveiling the Realities of WormGPT in Cybersecurity]( Though WormGPT tools may not be a major problem now, organizations can't let their guard down. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [DNC Credentials Compromised by 'IntelFetch' Telegram Bot]( The Democratic National Convention soon to take place in Chicago, already under heavy security, faces an additional threat in the form of stolen credentials for delegates. [The Changing Expectations for Developers in an AI-Coding Future]( AI's proficiency at creating software code won't put developers out of a job, but the job will change to one focused on security, collaboration, and "mentoring" AI models. [Microsoft Discloses 10 Zero-Day Bugs in Patch Tuesday Update]( Attackers are already actively exploiting six of the bugs and four others are public, including one for which Microsoft has no patch yet. [Cybersecurity's Real Challenge Is Communication, Not Just Technology]( By nurturing a security-centric work culture that involves everybody, organizations can overcome challenges with greater agility and confidence. [MORE]( PRODUCTS & RELEASES [Gcore Radar Report Shows 46% Increase in Number of DDoS Attacks in First Half of 2024]( [Guardz Launches Free 'Community Shield' Plan to Empower MSPs]( [DigiCert to Acquire Vercara]( [Mimecast Announces Acquisition of Aware, Doubles Down on AI-Powered Human Risk Management Capabilities]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [GitHub Attack Vector Cracks Open Google, Microsoft, AWS Projects]( Cloud services and thus millions of end users who access them could have been affected by the poisoning of artifacts in the development workflow of open source projects. LATEST FROM THE EDGE [White House Pledges $10 Million for Open Source Initiative]( The Open-Source Software Prevalence Initiative, announced at DEF CON, will examine how open source software is used in critical infrastructure. LATEST FROM DR TECHNOLOGY [DARPA Announces AI Cyber Challenge Finalists]( Teams designed AI systems to secure open source infrastructure software to be used in industries like financial services, utilities, and healthcare. Each finalist was awarded a $2 million prize. LATEST FROM DR GLOBAL [Ransomware Group Behind Major Indonesian Attack Wears Many Masks]( Brain Cipher made a loud entry to the ransomware scene, but it doesn't seem to be quite as sophisticated as its accomplishment would suggest. WEBINARS - [Catch the Threat Before it Catches you: Proactive Ransomware Defense]( - [Developing a Cyber Risk Assessment for the C-Suite]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [SANS Security Awareness Maturity Model]( - [Ten Elements of Insider Risk in Highly Regulated Industries]( - [OT Threat Intelligence Report: Fuxnet ICS Malware]( - [The Future of Audit, Risk, and Compliance: Exploring AI's Transformative Impact, Use Cases, and Risks]( - [Decode the New SEC Cybersecurity Disclosure Ruling]( - [Threat Hunting in the Cloud: Adapting to the New Landscape]( - [How Cyber Threat Intelligence Empowers the C-Suite]( [View More White Papers >>]( FEATURED REPORTS - [State of Enterprise Cloud Security]( - [Managing Third-Party Risk Through Situational Awareness]( - [2024 InformationWeek US IT Salary Report]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=125189&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_08.16.24&sp_cid=54736&utm_content=DR_NL_Dark%20Reading%20Daily_08.16.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#70 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)