Dropbox Code Repositories Stolen in Cyberattack on GitHub-Based Developers

An attack campaign using phishing attacks gives threat actors access to internal Dropbox code repositories, the latest in a series of attacks targeting developers through their GitHub accounts. [TechWeb]( Follow Dark Reading: [RSS]( November 03, 2022 LATEST SECURITY NEWS & COMMENTARY [Dropbox Code Repositories Stolen in Cyberattack on GitHub-Based Developers]( An attack campaign using phishing attacks gives threat actors access to internal Dropbox code repositories, the latest in a series of attacks targeting developers through their GitHub accounts. [Critical Vulnerability Found and Fixed in Microsoft Azure Cosmos DB]( Newly disclosed RCE flaw in Cosmos DB's Jupyter Notebook feature highlights some of the weaknesses that can arise from emerging tech in the cloud-native and machine learning worlds. [Musk's Twitter-Verification Payment Tease Spurs Cyberattackers]( A proposed plan to charge users for the platform's coveted blue check mark has, unsurprisingly, inspired attackers to try to dupe people into giving up their credentials. [Vitali Kremez Found Dead After Apparent Scuba Diving Accident]( The renowned security researcher, ethical hacker, and cybersecurity phenom was found Wednesday by the US Coast Guard. [Cyber-Threat Actor Uses Booby-Trapped VPN App to Deploy Android Spyware]( "SandStrike," the latest example of espionage-aimed Android malware, relies on elaborate social media efforts and back-end infrastructure. [Chinese Mob Has 100K Slaves Working in Cambodian Cybercrime Mills]( Vulnerable people are lured by Facebook ads promising high-paying jobs, but instead they're held captive and put to work in Cambodia running cyber scams. [Everything You Need to Know About LockBit]( While the ransomware-for-hire group works to create ever more efficient exploits, companies can protect themselves with structured vulnerability management processes. Prioritize threats based on severity and risk. [How to Narrow the Talent Gap in Cybersecurity]( We can bridge that gap by spreading the word about the opportunities, the requirements, and the many tools available to help applicants break into the field. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Layoffs Mount as Cybersecurity Vendors Hunker Down]( With the vast majority of business leaders expecting a recession in 2023, cybersecurity firms are bolstering their operations and cash flow by laying off workers. [Where Are All of the Container Breaches?]( Containers and their supporting infrastructure are too important to ignore. [How Retailers Can Stay Protected During the Most Wonderful Time of the Year]( Retailers' new holiday jingle must hit cybersecurity high points to help survive the season. Forget Dasher and Dancer — add SAST and DAST to app testing; manage third-party risks; and use MFA along with training and proper authentication to secure credentials. [MORE]( EDITORS' CHOICE [The Sky Is Not Falling: Disclosed OpenSSL Bugs Are Serious but Not Critical]( Organizations should update to the latest encryption (version 3.0.7) as soon as possible, but there's no need for Heartbleed-like panic, security experts say. LATEST FROM THE EDGE [The Art of Calculating the Cost of Risk]( Insurance and legislation affect how enterprises balance between protecting against breaches and recovering from them. LATEST FROM DR TECHNOLOGY [Cloud Providers Throw Their Weight Behind Confidential Computing]( New technologies designed into processors allow enterprises to leverage cloud advantages while meeting privacy regulations. WEBINARS - [Developing and Testing an Effective Breach Response Plan]( When cyber attackers hit your network and your databases have been breached, do you know what you have to do and who to call? What do you tell your customers, employees, and other stakeholders, and when do you tell them? ... - [Penetration Testing, Red Teaming, and More: Improving Your Defenses By Thinking Like an Attacker]( Enterprises are increasingly discovering that the best way to expose vulnerabilities in their defenses is to think like an attacker. Penetration testing, red teaming, threat hunting, and other offensive strategies are helping organizations quickly find the holes in their cyber ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [State of Email Security]( - [State of Ransomware Readiness: Facing the Reality Gap]( - [Understanding the Zero Trust Approach]( - [Your Digital Transformation Is Being Sabotaged - The Surprising Impact of Sophisticated Bots]( - [BotGuard Supplements CDN and WAF Case Study]( - [Achieve Balanced Security and Performance with Next-Generation Software-Defined WAN]( - [The State of Threat Prevention]( [View More White Papers >>]( FEATURED REPORTS - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( - [Breaches Prompt Changes to Enterprise IR Plans and Processes]( - [Implementing Zero Trust In Your Enterprise: How to Get Started]( [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [SMEs Must Plan for Recovery from Cybersecurity Attacks Amid Shifting Threats, Says MIT Technology Review Insights]( [LastPass Research Finds False Sense of Cybersecurity Running Rampant]( [Netskope Threat Research: Next Generation of Phishing Attacks Uses Unexpected Delivery Methods to Steal Data]( [Global Automotive Cybersecurity Market Report 2022: Expected Mandate for Cybersecurity Protocols to Significantly Boost Sector]( [PQShield and Riscure Collaborate on Post-Quantum Cryptography SCA Validation]( [Aravo Integration With Black Kite Helps Improve Cybersecurity Defenses]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Building the SOC of the Future]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)