North Korea's Top APT Swindled $1B From Crypto Investors in 2022

The DPRK has turned crypto scams into big business to replenish its depleted state coffers. [TechWeb]( Follow Dark Reading: [RSS]( January 26, 2023 LATEST SECURITY NEWS & COMMENTARY [North Korea's Top APT Swindled $1B From Crypto Investors in 2022]( The DPRK has turned crypto scams into big business to replenish its depleted state coffers. [Microsoft Azure-Based Kerberos Attacks Crack Open Cloud Accounts]( Two common attacks against on-premises Kerberos authentication servers — known as Pass the Ticket and Silver Ticket — can be used against Microsoft's Azure AD Kerberos, a security firms says. [Researchers Pioneer PoC Exploit for NSA-Reported Bug in Windows CryptoAPI]( The security vulnerability allows attackers to spoof a target certificate and masquerade as any website, among other things. [GoTo Encrypted Backups Stolen in LastPass Breach]( Encrypted backups for several GoTo remote work tools were exfiltrated from LastPass, along with encryption keys. [Log4j Vulnerabilities Are Here to Stay — Are You Prepared?]( Don't make perfect the enemy of good in vulnerability management. Context is key — prioritize vulnerabilities that are actually exploitable. Act quickly if the vulnerability is on a potential attack path to a critical asset. [Can't Fill Open Positions? Rewrite Your Minimum Requirements]( If you or your company can't find good infosec candidates, consider changing up the qualifications to find more nontraditional talent. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS ['DragonSpark' Malware: East Asian Cyberattackers Create an OSS Frankenstein]( Hackers cleverly cobbled together a suite of open source software — including a novel RAT — and hijacked servers owned by ordinary businesses. [Chat Cybersecurity: AI Promises a Lot, but Can It Deliver?]( Machine learning offers great opportunities, but it still can't replace human experts. [Security and the Electric Vehicle Charging Infrastructure]( When EVs and smart chargers plug in to critical infrastructure, what can go wrong? Plenty. [MORE]( EDITORS' CHOICE [Ticketmaster Blames Bots in Taylor Swift 'Eras' Tour Debacle]( Ticketmaster testified in the Senate that a cyberattack was to blame for the high-profile Taylor Swift concert sales collapse, but some senators aren't so sure. LATEST FROM THE EDGE [Google Pushes Privacy to the Limit in Updated Terms of Service]( In the Play Store's ToS, a paragraph says Google may remove "harmful" applications from users' devices. Is that a step too far? LATEST FROM DR TECHNOLOGY [Snyk Gets Nod of Approval With ServiceNow Strategic Investment]( One of the most closely watched security startups continues to build bank because its platform appeals to both developers and security pros. WEBINARS - [Shoring Up the Software Supply Chain Across Enterprise Applications]( Modern-day software development depends heavily on third-party components, libraries, and frameworks. Attackers are increasingly targeting these software building blocks to compromise enterprise applications. In this webinar, experts discuss the ever-expanding software attack surface. Find out where potential attack vectors are ... - [Rethinking Authentication: MFA, Passwordless, Certificates, and More]( Today's data protection requires stronger, better authentication. What does going beyond passwords look like? What are some of the latest strategies around authentication and authorization? What is continuous authentication and what would it look like in your organization? What kind ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( - [State of Email Security]( - [Ransomware Resilience and Response: The Next-Generation]( - [Ransomware Is On The Rise]( - [State of Ransomware Readiness: Facing the Reality Gap]( - [How Hybrid Work Fuels Ransomware Attacks]( [View More White Papers >>]( FEATURED REPORTS - [The Promise and Reality of Cloud Security]( Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ... - [10 Hot Talks From Black Hat USA 2022]( Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ... - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Despite Slowing Economy, Demand for Cybersecurity Workers Remains Strong]( [Data Privacy Day: Privado Flags Data Privacy Challenges In 2023 As It Hails Industry Stars]( [KORE Delivers IoT SAFE Solution for Massive IoT Use Cases with AWS]( [BD Publishes 2022 Cybersecurity Annual Report]( [ThreatConnect Extends Threat Intelligence Platform to Enable Threat Intelligence Operations (TI Ops)]( [Multicloud Security Challenges Will Persist in 2023]( [Cybersecurity Budgets Increase for Retail & Hospitality Industry]( [Davos Debrief: Critical Shortage of Cybersecurity Talent Requires Action on Several Fronts, CompTIA Executive Says]( [BlackBerry's Inaugural Quarterly Threat Intelligence Report Reveals Threat Actors Launch One Malicious Threat Every Minute]( [Healthcare Remains Top Target in 2022 ITRC Breach Report]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [The Promise and Reality of Cloud Security]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)