Initial Access Broker Market Booms, Posing Growing Threat to Enterprises

A rapid increase in the number of operators in the space — the "locksmiths" of the cyber underground — has made it substantially cheaper for cybercriminals to buy access to target networks. [TechWeb]( Follow Dark Reading: [RSS]( January 18, 2023 LATEST SECURITY NEWS & COMMENTARY [Initial Access Broker Market Booms, Posing Growing Threat to Enterprises]( A rapid increase in the number of operators in the space — the "locksmiths" of the cyber underground — has made it substantially cheaper for cybercriminals to buy access to target networks. [Microsoft Patches 4 SSRF Flaws in Separate Azure Cloud Services]( Two of the vulnerabilities — in Azure Functions and Azure Digital Twins — required no account authentication for an attacker to exploit them. [Unpatched Zoho MangeEngine Products Under Active Cyberattack]( The latest critical bug is exploitable in dozens of ManageEngine products and exposes systems to catastrophic risks, researchers warn. [5 Cybersecurity Tips for Higher Education Institutions]( Following these basic cybersecurity hygiene policies can help make data more secure and protect colleges and universities from becoming the next ransomware headline. The steps aren't complicated, and they won't break the bank. [Why Businesses Need to Think Like Hackers This Year]( Security professionals must update their skill sets and be proactive to stay ahead of cybercriminals. It's time to learn to think and act like an attacker to cope with the cyber "new normal." [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Attackers Are Already Exploiting ChatGPT to Write Malicious Code]( The AI-based chatbot is allowing bad actors with absolutely no coding experience to develop malware. [The Dangers of Default Cloud Configurations]( Default settings can leave blind spots but avoiding this issue can be done. [Java, .NET Developers Prone to More Frequent Vulnerabilities]( About three-quarters of Java and .NET applications have vulnerabilities from the OWASP Top 10 list, while only 55% of JavaScript codebases have such flaws, according to testing data. [MORE]( EDITORS' CHOICE [CircleCI, LastPass, Okta, and Slack: Cyberattackers Pivot to Target Core Enterprise Tools]( High-profile software provider compromises in the past few months show that threat actors are actively targeting the services underpinning corporate infrastructure. Here's what to do about it. LATEST FROM THE EDGE [3 Lessons Learned in Vulnerability Management]( In 2022, multiple high-profile vulnerabilities like Log4j and OpenSSL provided important takeaways for future public reporting. LATEST FROM DR TECHNOLOGY [Okta Expands No-Code Offerings for Identity Cloud]( With Actions Integrations, Okta is expanding its no-code offerings to help administrators manage and customize their identity workflow. WEBINARS - [Every DDoS Resilience and Response Playbook Should Include These Things]( Cyber attackers can level organizations with a distributed denial-of-service (DDoS) attack. How do security teams keep stakeholders informed when services are down? Who do they call to remediate the incident and make sure the attackers don't knock everything down again? ... - [Detecting, Analyzing, and Mitigating Targeted Attacks]( For many security professionals, the nightmare scenario keeping them awake at night is a sophisticated, targeted attack aimed directly at their own organization and its specific defenses. In this webinar, experts describe the type of tools and processes necessary to ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( - [State of Email Security]( - [Ransomware Resilience and Response: The Next-Generation]( - [Ransomware Is On The Rise]( - [State of Ransomware Readiness: Facing the Reality Gap]( - [How Hybrid Work Fuels Ransomware Attacks]( [View More White Papers >>]( FEATURED REPORTS - [10 Hot Talks From Black Hat USA 2022]( Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ... - [The Promise and Reality of Cloud Security]( Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ... - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [VIPRE Security Group Launches New Endpoint Detection and Response (EDR) Technology Built for SMEs]( [Cygna Labs Introduces Entitlement and Security for Active Directory]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [The Promise and Reality of Cloud Security]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)