Phishers Trick Microsoft Into Granting Them 'Verified' Cloud Partner Status

Everyone on Twitter wants a blue check mark. But Microsoft Azure's blue badges are even more valuable to a threat actor stealing your data via malicious OAuth apps. [TechWeb]( Follow Dark Reading: [RSS]( February 01, 2023 LATEST SECURITY NEWS & COMMENTARY [Phishers Trick Microsoft Into Granting Them 'Verified' Cloud Partner Status]( Everyone on Twitter wants a blue check mark. But Microsoft Azure's blue badges are even more valuable to a threat actor stealing your data via malicious OAuth apps. [Firmware Flaws Could Spell 'Lights Out' for Servers]( Five vulnerabilities in the baseboard management controller (BMC) software used by 15 major vendors could allow remote code execution if attackers gain network access. [Critical VMware RCE Vulnerabilities Targeted by Public Exploit Code]( Security vulnerabilities in VMware's vRealize Log Insight platform can be chained together to offer a cybercriminals a gaping hole to access corporate crown jewels. [Poser Hackers Impersonate LockBit in SMB Cyberattacks]( Recent cyberattacks against SMBs across Europe have been traced back to copycat groups using leaked LockBit locker malware. [Will Cybersecurity Remain Recession-Proof in 2023?]( Demand for skilled professionals will remain high, but cyber budgets will be eaten away. [Are Your Employees Thinking Critically About Their Online Behaviors?]( Three mindset shifts will help employees build a habit of vigilance and make better security decisions. Move past security theater to reframe thinking so employees understand data's value, act with intention, and follow data best practices. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Cybercrime Ecosystem Spawns Lucrative Underground Gig Economy]( The complex nature of cyberattacks has increased demand for software developers, reverse engineers, and offensive specialists — attracting workers facing financial insecurity. [Convincing, Malicious Google Ads Look to Lift Password Manager Logins]( Users searching for Bitwarden and 1Password's Web vaults on Google have recently reported seeing paid ads with links to cleverly spoofed sites for stealing credentials to their password vaults. [Spotlight on 2023 DevSecOps Trends]( Solutions that provide more actionable results — remediation that frees up engineers, processes which integrate security into software development from its design, along with automation, IAC, and tool consolidation — are among the DevSecOps strategies that will prevail this year. [MORE]( EDITORS' CHOICE [Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine]( The incidents are the latest indication of the growing popularity of dangerous disk wipers, created to disrupt and degrade critical infrastructure and other organizations. LATEST FROM THE EDGE [How Can Disrupting DNS Communications Thwart a Malware Attack?]( Malware eventually has to exfiltrate the data it accessed. By watching DNS traffic for suspicious activity, organizations can halt the damage. LATEST FROM DR TECHNOLOGY [Snyk Gets Nod of Approval With ServiceNow Strategic Investment]( One of the most closely watched security startups continues to build bank because its platform appeals to both developers and security pros. WEBINARS - [Rethinking Authentication: MFA, Passwordless, Certificates, and More]( Today's data protection requires stronger, better authentication. What does going beyond passwords look like? What are some of the latest strategies around authentication and authorization? What is continuous authentication and what would it look like in your organization? What kind ... - [A Roadmap to Zero Trust: Steps for Meaningful Progress Amongst the Hype]( Join this webinar as our Zero Trust experts discuss "quick wins" like: --Enforcing strong multifactor authentication and Zero Trust policies for critical applications. --Closing inbound ports open to the Internet. --Areas not always included in the Zero Trust conversation, like ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( - [State of Email Security]( - [Ransomware Resilience and Response: The Next-Generation]( - [Ransomware Is On The Rise]( - [State of Ransomware Readiness: Facing the Reality Gap]( - [How Hybrid Work Fuels Ransomware Attacks]( [View More White Papers >>]( FEATURED REPORTS - [The Promise and Reality of Cloud Security]( Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ... - [10 Hot Talks From Black Hat USA 2022]( Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ... - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [NanoLock Addresses Global Industrial & OT Cyber Demand with Expansions into Europe and North America]( [New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year]( [Aura and Nonprofit Cyversity Partner to Support a More Inclusive Cyber Workforce]( [SentinelOne and KPMG Announce Alliance To Accelerate Cyber Investigations and Response]( [Sentra Raises $30 Million Series A Financing to Meet Growing Demand for Data Security in the Cloud]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [The Promise and Reality of Cloud Security]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)