Okta Says 366 Customers Impacted via Third-Party Breach | 6 Reasons Not to Pay Ransomware Attackers

Microsoft meanwhile confirms Lapsus$ group compromised it as well and issues warning on threat actor. [TechWeb]( Follow Dark Reading: [RSS]( March 24, 2022 LATEST SECURITY NEWS & COMMENTARY [Okta Says 366 Customers Impacted via Third-Party Breach]( Microsoft meanwhile confirms Lapsus$ group compromised it as well and issues warning on threat actor. [Ransomware Group Claims Major Okta Breach]( Screenshots that ransomware gang Lapsus$ released this week suggest the threat actor also stole Microsoft source code. ['Unique Attack Chain' Drops Backdoor in New Phishing Campaign]( A threat group combines the use of steganography, open source tools, and Python scripts to target organizations in France. [Will the Biggest Clouds Win? Lessons From Google's Mandiant Buy]( Google eventually won out in the competition for Mandiant, but Microsoft's interest underscores the trend in consolidation of security services into large cloud providers, experts say. [Code-Sabotage Incident in Protest of Ukraine War Exposed Open Source Risks]( The maintainer of a widely used npm module served up an unwelcome surprise for developers. [Satellite Networks Worldwide at Risk of Possible Cyberattacks, FBI & CISA Warn]( Agencies provide mitigation steps to protect satellite communication (SATCOM) networks amid "current geopolitical situation." [White House Warns of New Intel on Russia Mulling Cyberattack 'Options' Against US]( Biden administration doubles down on its previous warnings of possible Russian cyberattacks in the wake of hefty economic sanctions imposed on Russia by the US. [Crowdsourced Efforts Get Leveraged in Ukraine Conflict]( The battle is not just being waged in the physical world — it's also happening online. And average people are taking part, not just governments. [Name That Toon: Sleep Like a Baby]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. [Cyber Insurance and War Exclusions]( Here's what a cybersecurity lawyer thinks security pros need to know in light of Russia's invasion of Ukraine. [Stopping Russian Cyberattacks at Their Source]( Step up training with cybersecurity drills, teach how to avoid social engineering traps, share open source monitoring tools, and make multifactor authentication the default. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Cut Down on Alert Overload and Leverage Layered Security Measures]( Feeling overwhelmed by the number of alerts? It doesn't have to be that way. [The Secret to Zero Trust You Need to Know]( If every application, device, and bot need access and authentication at some point, the need for managing and controlling the confidential data that allows those functions gets staggeringly large. [Building a Red Team: How to Get Started]( These groups of authorized hackers work to infiltrate their customer's data, development environment, or any other business area to locate and identify vulnerabilities. [MORE]( EDITORS' CHOICE [6 Reasons Not to Pay Ransomware Attackers]( Paying a ransom might appear to be the best option, but it comes with its own costs. LATEST FROM THE EDGE [Embracing Security by Design: Constructing a More Secure Framework]( Designing a solid security interface, like most things, is more of a human problem than a technical one. LATEST FROM DR TECHNOLOGY [Enhancing DLP With Natural Language Understanding for Better Email Security]( Natural language understanding is well-suited for scanning enterprise email to detect and filter out spam and other malicious content. Armorblox introduces a data loss prevention service to its email security platform using NLU. Tech Resources - [Improving Operations with AI-Assisted Cybersecurity]( - [Unlocking Human Potential in SOC Teams With AI-Assisted Cybersecurity]( - [Selling Breaches: The Transfer of Enterprise Network Access on Criminal Forums]( - [Gone Phishing: How to Defend Against Persistent Phishing Attempts Targeting Your Organization]( - [2022 Insurance Industry Cyber Threat Landscape Report]( - [2021 Gartner Market Guide for Managed Detection and Response Report]( - [TIM Whitepaper]( [ACCESS TECH LIBRARY NOW]( - [How To Get Ahead Of The Security Data Curve -- And Stay There]( Security teams are overwhelmed with incident data, alerts, and log files. Each endpoint and each application generates its own set of data. How are security teams supposed to make sense of all the data they have? In this webinar, experts ... - [Rethinking Asset Management to Improve Enterprise Security]( One common reason behind many enterprise security breaches is that attackers found a system, application, or device that security teams didn't know they had. Attackers can tamper with these unknown systems to make them look legitimate, and security defenders may ... [MORE WEBINARS]( FEATURED REPORTS - [Rethinking Endpoint Security in a Pandemic and Beyond]( IT security teams are expending the concept of "endpoint security" as companies adjust to a distributed workforce. How much responsibility will enterprise IT take for the security of personal devices such as printers. How will they manage identities across multiple ... - [How Enterprises Plan to Address Endpoint Security Threats in a Post-Pandemic World]( Dark Reading's 2022 Endpoint Security Report examines how IT and cybersecurity professionals are grappling with the impact of pandemic-related changes on endpoint security strategies. The report explores how they are building their endpoint security defenses, and provides insight on what organizations ... [MORE REPORTS]( CURRENT ISSUE [Rethinking Endpoint Security in a Pandemic and Beyond]( [DOWNLOAD THIS ISSUE]( [SUBSCRIBE NOW]( [BACK ISSUES]( | [MUST READS]( | [TECH DIGEST]( PRODUCTS & RELEASES [Darktrace AI Stops Cyberattack Exploiting Log4j Vulnerability at Global Financial Services Provider]( [Red Canary's Annual Threat Detection Report Reveals Top Threats and Techniques Targeting Most Organizations]( [Logpoint Unleashes SaaS-Delivered Converged SIEM]( [Checkmarx Launches Comprehensive Supply Chain Security Solution]( [Trustero Exits Stealth Mode and Launches its Compliance as a Service Platform]( [ForAllSecure Raises $21M to Secure the World’s Software]( [Zscaler Unveils Security Service Edge Innovations to Protect Enterprises From Cyberattacks]( [CyCognito Launches Exploit Intelligence]( [Menlo Security: Less Than Three in 10 Organizations Are Equipped to Combat Growing Wave of Web-Based Cyber Threats]( [MORE PRODUCTS & RELEASES]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To update your profile, change your e-mail address, or unsubscribe, [click here.]( To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:customerservice_informationhub@techweb.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:customerservice_informationhub@techweb.com)