Cyberattackers Increasingly Target Cloud IAM as a Weak Link

At Black Hat USA, Igal Gofman plans to address how machine identities in the cloud and the explosion of SaaS apps are creating risks for IAM, amid escalating attention from attackers. [TechWeb]( Follow Dark Reading: [RSS]( August 05, 2022 LATEST SECURITY NEWS & COMMENTARY [Cyberattackers Increasingly Target Cloud IAM as a Weak Link]( At Black Hat USA, Igal Gofman plans to address how machine identities in the cloud and the explosion of SaaS apps are creating risks for IAM, amid escalating attention from attackers. [Massive China-Linked Disinformation Campaign Taps PR Firm for Help]( A global network of inauthentic news sites present themselves as independent news outlets, offering content favoring China's government and articles critical of the US. [35K Malicious Code Insertions in GitHub: Attack or Bug-Bounty Effort?]( In the last month, "Pl0xP" cloned several GitHub repositories, adding malicious code to the forks that would attempt to infect developer systems and steal sensitive files that included software keys. [High-Severity Bug in Kaspersky VPN Client Opens Door to PC Takeover]( The CVE-2022-27535 local privilege-escalation security vulnerability in the security software threatens remote and work-from-home users. [Time to Patch VMware Products Against a Critical New Vulnerability]( A dangerous VMware authentication-bypass bug could give threat actors administrative access over virtual machines. [The Myth of Protection Online — and What Comes Next]( It's a myth that consuming and processing alerts qualifies as security. Today's technology allows better detection and prevention, rather than accepting the low bar for protection set by ingrained incident response reactions. [Ping Identity to Go Private After $2.8B Acquisition]( The identity-services company is being acquired by Thoma Bravo software investment for cash, before being delisted. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [5 Ways Chess Can Inspire Strategic Cybersecurity Thinking]( Rising interest in chess may feed the next generation of cybersecurity experts. [School Kid Uploads Ransomware Scripts to PyPI Repository as 'Fun' Project]( The malware packages had names that were common typosquats of a legitimate widely used Python library. One was downloaded hundreds of times. [Thousands of Mobile Apps Leaking Twitter API Keys]( New finding comes amid report of overall surge in threats targeting mobile and IoT devices over the past year. [MORE]( EDITORS' CHOICE [Massive New Phishing Campaign Targets Microsoft Email Service Users]( The campaign uses adversary-in-the-middle techniques to bypass multifactor authentication, evade detection. LATEST FROM THE EDGE [Understanding Proposed SEC Rules Through an ESG Lens]( Cyber threats are putting environmental, social, and governance discussions at the forefront of board meetings and C-suite discussions around the globe. LATEST FROM DR TECHNOLOGY [Credential Canaries Create Minefield for Attackers]( Canary tokens — also known as honey tokens — force attackers to second-guess their potential good fortune when they come across user and application secrets. WEBINARS - [Understanding Machine Learning, Artificial Intelligence, & Deep Learning, and When to Use Them]( Advancements in artificial intelligence technology and machine learning and deep learning algorithms promise to transform enterprise security by giving IT security teams tools to detect and respond to attacks faster than before. Before security teams can use these tools, they ... - [Assessing Cyber Risk]( Top executives often ask, "how safe are we from a cyber breach?" But it can be difficult to quantitatively measure cyber risk, and even harder to assess your organization's attack surface. In this webinar, you'll learn how to evaluate your ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Implementing Zero Trust In Your Enterprise: How to Get Started]( - [6 Elements of a Solid IoT Security Strategy]( - [Five Best Practices for AWS Security Monitoring]( - [Gartner, Quick Answer: How Can Organizations Use DNS to Improve Their Security Posture?]( - [The Many Risks of Modern Application Development]( - [The Many Facets of Modern Application Development]( - [Ambush Attackers at the Endpoint with the Endpoint Detection Net (EDN) Suite]( [View More White Papers >>]( FEATURED REPORTS - [Implementing Zero Trust In Your Enterprise: How to Get Started]( - [Incorporating a Prevention Mindset into Threat Detection and Response]( - [How Enterprises Plan to Address Endpoint Security Threats in a Post-Pandemic World]( Dark Reading's 2022 Endpoint Security Report examines how IT and cybersecurity professionals are grappling with the impact of pandemic-related changes on endpoint security strategies. The report explores how they are building their endpoint security defenses, and provides insight on what organizations ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [CompTIA CEO Outlines Initiative to Create the Pre-eminent Destination to Start, Build and ‘Supercharge’ a Tech Career]( [Deep Instinct Pioneers Deep-Learning Malware Prevention to Protect Mission-Critical Business Applications at Scale]( [ShiftLeft Appoints Prevention-First, Cybersecurity Visionary and AI/ML Pioneer Stuart McClure as CEO]( [Phylum Releases a Free Community Edition to Make Software Supply Chain Security More Accessible]( [Druva Introduces the Data Resiliency Guarantee of up to $10 Million]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Black Hat USA 2022 Attendee Report]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)