Reddit Hack Shows Limits of MFA, Strengths of Security Training

A tailored spear-phishing attack successfully convinced a Reddit employee to hand over their credentials and their one-time password, but soon after, the same worker notified security. [TechWeb]( Follow Dark Reading: [RSS]( February 13, 2023 LATEST SECURITY NEWS & COMMENTARY [Reddit Hack Shows Limits of MFA, Strengths of Security Training]( A tailored spear-phishing attack successfully convinced a Reddit employee to hand over their credentials and their one-time password, but soon after, the same worker notified security. [Attacker Allure: A Look at the Super Bowl's Operational Cyber-Risks]( Event organizers should be exercising various cyberattack scenarios to ensure they have the proper checks and balances in place to respond accordingly and maintain resilience. [Trickbot Members Sanctioned for Pandemic-Era Ransomware Hits]( The US Treasury Department linked the notorious cybercrime gang to Russian Intelligence Services because cyberattacks that disrupted hospitals and other critical infrastructure align with Russian state interests. [MagicWeb Mystery Highlights Nobelium Attacker's Sophistication]( The authentication bypass used by the Nobelium group, best known for the supply chain attack on SolarWinds, required a massive, real-time investigation to uncover, Microsoft says. [Malicious Game Mods Target Dota 2 Game Users]( Valve's unpatched JavaScript engine and incomplete modification vetting process for Steam-delivered mods led to user systems being backdoored. [Addressing the Elephant in the Room: Getting Developers & Security Teams to Work Together]( Bridging the divide between developers and security can create a culture change organically. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Phishing Surges Ahead, as ChatGPT & AI Loom]( AI and phishing-as-a-service (PaaS) kits are making it easier for threat actors to create malicious email campaigns, which continue to target high-volume applications using popular brand names. [Lessons From the Cold War: How Quality Trumps Quantity in Cybersecurity]( High-quality tools and standards remain critical components in cybersecurity efforts even as budgets decline. It's important that staff knows response procedures and their roles, and also communicates well. [NewsPenguin Goes Phishing for Maritime & Military Secrets]( A sophisticated cyber-espionage attack against high-value targets attending a maritime technology conference in Pakistan this weekend has been in the works since last year. [In Perfect Harmony: Cybersecurity Regulation Harmonization]( By simplifying compliance management, security and risk teams can focus on managing operational risk, not compliance risk — and better counter threats. [MORE]( EDITORS' CHOICE [7 Critical Cloud Threats Facing the Enterprise in 2023]( From shadow data to misconfigurations, and overpermissioning to multicloud sprawl, Dark Reading's cloud security slideshow helps security pros understand the threat horizon. LATEST FROM THE EDGE [5 Ways to Survive Scam Season — or Rather, Tax Season]( Security pros need to look beyond user education to find and disarm fraudulent actors. LATEST FROM DR TECHNOLOGY [Cloud Apps Still Demand Way More Privileges Than They Use]( Hackers can't steal a credential that doesn't exist. WEBINARS - [Shoring Up the Software Supply Chain Across Enterprise Applications]( Modern-day software development depends heavily on third-party components, libraries, and frameworks. Attackers are increasingly targeting these software building blocks to compromise enterprise applications. In this webinar, experts discuss the ever-expanding software attack surface. Find out where potential attack vectors are ... - [Deciphering the Hype Around XDR]( Security teams are increasingly being asked about the organization's Extended Detection and Response capabilities. There is still a lot of confusion and misunderstanding about XDR and what it can accomplish. XDR goes beyond endpoint monitoring and detection, while extending visibility ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( - [State of Email Security]( - [Ransomware Resilience and Response: The Next-Generation]( - [Ransomware Is On The Rise]( - [State of Ransomware Readiness: Facing the Reality Gap]( [View More White Papers >>]( FEATURED REPORTS - [The Promise and Reality of Cloud Security]( Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ... - [10 Hot Talks From Black Hat USA 2022]( Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ... - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Integreon Launches Cyber Incident Response Offering with Development of AI-Based Review and Integration of RadarFirst]( [SynSaber Releases ICS CVE Retrospective: 3 Years of CISA Advisories]( [Avast Threat Report: Consumers Plagued With Refund Fraud, Tech Support Scams, and Adware]( [Kaspersky Finds Growing Number of Parents Experiencing Ransomware Attacks on Children's Schools]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [The Promise and Reality of Cloud Security]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)