Rogue Azure AD Guests Can Steal Data via Power Apps

A few default guest setting manipulations in Azure AD and over-promiscuous low-code app developer connections can upend data protections. [TechWeb]( Follow Dark Reading: [RSS]( July 17, 2023 LATEST SECURITY NEWS & COMMENTARY [Rogue Azure AD Guests Can Steal Data via Power Apps]( A few default guest setting manipulations in Azure AD and over-promiscuous low-code app developer connections can upend data protections. [Zimbra Zero-Day Demands Urgent Manual Update]( A bug in Zimbra email servers is already being exploited in the wild, Google TAG researchers warn. [Cisco Flags Critical SD-WAN Vulnerability]( A flaw in the REST API of Cisco's SD_WAN vManage software could allow remote, unauthenticated attackers to perform data exfiltration. [Electrical Grid Stability Relies on Balancing Digital Substation Security]( Because digital substations are critical elements of electrical systems, they are a prime target for sophisticated cyberattacks. [Training's New Understanding]( Risk reduction is the new gold standard for cybersecurity awareness training. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Linux Hacker Exploits Researchers With Fake PoCs Posted to GitHub]( A cyber attacker gives defenders a taste of their own medicine, with GitHub honeypots concealing infostealers. [White House Fills in Details of National Cybersecurity Strategy]( While the plan may convey the right kind of urgency, it lacks both funding and bipartisan support, industry professionals say. [Creating a Patch Management Playbook: 6 Key Questions]( The vulnerability gap continues to persist, and IT and security teams can play a major role in reducing their attack surface. [Okta, Ping Identity, CyberArk & Oracle Lead the IDaaS Omdia Universe]( Omdia has published its Omdia Universe on IDaaS. This vendor comparison study highlights the capabilities of the vendors in the space. [MORE]( EDITORS' CHOICE [WormGPT Cybercrime Tool Heralds an Era of AI Malware vs. AI Defenses]( A black-hat alternative to GPT models specifically designed for malicious activities like BEC, malware, and phishing attacks is here, and will push organizations to level up with generative AI themselves. LATEST FROM DR TECHNOLOGY [SBOMs Still More Mandate Than Security]( A software bills of materials standard gets an update, but the driver is compliance rather than security. LATEST FROM THE EDGE [How Hackers Can Hijack a Satellite]( We rely on them for communications, military activity, and everyday tasks. How long before attackers really start to look up at the stars? LATEST FROM DR GLOBAL [Brand Impersonation Scams in Middle East & Africa See Massive Growth]( The Middle East and Africa region saw a whopping 135% increase in scams over the past year, with finance, telecommunications, and logistics the most-targeted sectors. WEBINARS - [State of DDoS: Mid-Year Threat Report]( Killnet, REvil and Anonymous Sudan - it's been a busy quarter in the DDoS realm. Threat actor groups have been targeting Western organizations in an attempt to disrupt our way of life. If you're finding it hard to keep track ... - [Finding a Backup Strategy That Works For You]( You've been hit with a ransomware, DDoS, natural disaster, or destructive cyberattack. One of the first questions: can we get our data back? Good back-ups are key to business continuity and disaster recovery, but backing up your data in preparation ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [9 Traits You Need to Succeed as a Cybersecurity Leader]( - [The Ultimate Guide to the CISSP]( - [Rediscovering Your Identity]( - [2023 Global Future of Cyber Report]( - [Cybersecurity in a post pandemic world: A focus on financial services]( - [Cybersecurity in 2023 and beyond: 12 leaders share their forecasts]( - [Know your customer: Enable a 360-degree view with customer identity & access management]( [View More White Papers >>]( FEATURED REPORTS - [How to Use Threat Intelligence to Mitigate Third-Party Risk]( The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ... - [Everything You Need to Know About DNS Attacks]( - [The 10 Most Impactful Types of Vulnerabilities for Enterprises Today]( The enterprise attack surface is constantly expanding. Enterprises have to think beyond zero day vulnerabilities. It's imperative security teams start looking at vulnerabilities in 5G, firmware, edge, and ICS/OT, among others. Managing system vulnerabilities is one of the old ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Secure Code Warrior Raises $50M to Accelerate Product Innovation]( [Black Hat Announces Sustainability Pledge]( [Introducing EncryptionSafe: A Free and Easy-to-Use Encryption App for Windows PC]( [Facebook and Microsoft are the Most Impersonated Brands in Phishing Attacks]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [How to Use Threat Intelligence to Mitigate Third-Party Risk]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)