Thousands of Mobile Apps Leaking Twitter API Keys

New finding comes amid report of overall surge in threats targeting mobile and IoT devices over the past year. [TechWeb]( Follow Dark Reading: [RSS]( August 03, 2022 LATEST SECURITY NEWS & COMMENTARY [Thousands of Mobile Apps Leaking Twitter API Keys]( New finding comes amid report of overall surge in threats targeting mobile and IoT devices over the past year. [VirusTotal: Threat Actors Mimic Legitimate Apps, Use Stolen Certs to Spread Malware]( Attackers are turning to stolen credentials and posing as trusted applications to socially engineer victims, according to Google study of malware submitted to VirusTotal. [Massive New Phishing Campaign Targets Microsoft Email Service Users]( The campaign uses adversary-in-the-middle techniques to bypass multifactor authentication, evade detection. [Microsoft Intros New Attack Surface Management, Threat Intel Tools]( Microsoft says the new tools will give security teams an attacker's-eye view of their systems and supercharge their investigation and remediation efforts. [5 Steps to Becoming Secure by Design in the Face of Evolving Cyber Threats]( From adopting zero-trust security models to dynamic environments to operating under an "assumed breach" mentality, here are ways IT departments can reduce vulnerabilities as they move deliberately to become more secure. [Capital One Breach Conviction Exposes Scale of Cloud Entitlement Risk]( To protect against similar attacks, organizations should focus on bringing cloud entitlements and configurations under control. [T-Mobile Store Owner Made $25M Using Stolen Employee Credentials]( Now-convicted phone dealer reset locked and blocked phones on various mobile networks. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Average Data Breach Costs Soar to $4.4M in 2022]( Call it a "cyber tax": Those costs are usually passed on to consumers, not investors, as compromised businesses raise prices for goods and services. [Name That Toon: Modern-Day Fable]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. [How Risk-Based Vulnerability Management Has Made Security Easier]( Trying to remediate everything was never a winning strategy. RBVM is an approach that gets organizations better results with less effort. [MORE]( EDITORS' CHOICE [Chromium Browsers Allow Data Exfiltration via Bookmark Syncing]( "Bruggling" emerges as a novel technique for pilfering data out from a compromised environment — or for sneaking in malicious code and attack tools. LATEST FROM THE EDGE [Overcoming the Fail-to-Challenge Vulnerability With a Friendly Face]( Ahead of their Black Hat USA talk in August, Simon Pavitt and Stephen Dewsnip explain the value of helping people practice cyber defense via a "malicious floorwalker" exercise. LATEST FROM DR TECHNOLOGY [Large Language AI Models Have Real Security Benefits]( Complex neural networks, including GPT-3, can deliver useful cybersecurity capabilities, such as explaining malware and quickly classifying websites, researchers find. WEBINARS - [Understanding Machine Learning, Artificial Intelligence, & Deep Learning, and When to Use Them]( Advancements in artificial intelligence technology and machine learning and deep learning algorithms promise to transform enterprise security by giving IT security teams tools to detect and respond to attacks faster than before. Before security teams can use these tools, they ... - [How Supply Chain Attacks Work - And What You Can Do to Stop Them]( The headline-making attack against Solarwinds sent a shockwave through the world and had many security and business leaders reexamining the security of their own supply chains. In a supply chain - or third party - attack, criminals infiltrate and disrupt ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Implementing Zero Trust In Your Enterprise: How to Get Started]( - [Eight Best Practices for a Data-Driven Approach to Cloud Migration]( - [Sumo Logic for Continuous Intelligence]( - [Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal]( - [The Many Risks of Modern Application Development]( - [Endpoint Detection Net Suite Use Cases]( - [Ambush Attackers at the Endpoint with the Endpoint Detection Net (EDN) Suite]( [View More White Papers >>]( FEATURED REPORTS - [Rethinking Endpoint Security in a Pandemic and Beyond]( IT security teams are expending the concept of "endpoint security" as companies adjust to a distributed workforce. How much responsibility will enterprise IT take for the security of personal devices such as printers. How will they manage identities across multiple ... - [How Enterprises Are Securing the Application Environment]( Download this report from Dark Reading to learn more about the measures enterprises have adopted to ensure the security of their internally developed applications and third-party packaged applications. - [How Enterprises Plan to Address Endpoint Security Threats in a Post-Pandemic World]( Dark Reading's 2022 Endpoint Security Report examines how IT and cybersecurity professionals are grappling with the impact of pandemic-related changes on endpoint security strategies. The report explores how they are building their endpoint security defenses, and provides insight on what organizations ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [From Babuk Source Code to Darkside Custom Listings — Exposing a Thriving Ransomware Marketplace on the Dark Web]( [Manufacturing Sector in 2022 Is More Vulnerable to Account Compromise and Supply Chain Attacks in the Cloud than Other Verticals]( [BlackCloak Bolsters Malware Protection With QR Code Scanner and Malicious Calendar Detection Features]( [Incognia Mobile App Study Reveals Low Detection of Location Spoofing in Dating Apps]( [Cybrary Lands $25 Million in New Funding Round]( [CREST Defensible Penetration Test Released]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Implementing Zero Trust In Your Enterprise: How to Get Started]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)