Threat actors convince employees to reset MFA for Super Admin accounts in the IAM service to leverage compromised accounts, impersonating users and moving laterally within an organization. [TechWeb]( Follow Dark Reading:
[RSS](
September 06, 2023 LATEST SECURITY NEWS & COMMENTARY [Hackers Target High-Privileged Okta Accounts via Help Desk](
Threat actors convince employees to reset MFA for Super Admin accounts in the IAM service to leverage compromised accounts, impersonating users and moving laterally within an organization.
[Researchers Discover Critical Vulnerability in PHPFusion CMS](
No patch is available yet for the bug, which can enable remote code execution under the correct circumstances.
[LockBit Leaks Documents Filched From UK Defense Contractor](
A company that builds physical perimeter defenses failed to keep the LockBit group from penetrating its cyber defenses.
[Data Initiatives Force Closer Partnership Between CISOs, CDOs](
Though security leaders and chief data officers both care about data management, their different missions have created a tension that needs addressing.
[GhostSec Leaks Source Code of Alleged Iranian Surveillance Tool](
GhostSec has made the source code for what it calls a powerful surveillance tool openly available in a 26GB file, but FANAP denies its legitimacy.
[Peiter 'Mudge' Zatko Lands Role as CISA Senior Technical Adviser](
The former hacker and Twitter security executive will use his role to help fulfill the Biden administration's plans for the National Cybersecurity Strategy.
[As LotL Attacks Evolve, So Must Defenses](
Because living-off-the-land (LotL) attacks masquerade as frequently used, legitimate companies, they are very difficult to block and detect.
[How Companies Can Cope With the Risks of Generative AI Tools](
To benefit from AI yet minimize risk, companies should be cautious about information they share, be aware of AI's limitations, and stay vigilant about business implications.
[(Sponsored Article) How to Choose a Managed Detection and Response (MDR) Solution](
MDR empowers organizations with enhanced security. Look for these four capabilities when selecting an MDR product. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [MSSQL Databases Under Fire From FreeWorld Ransomware]( The sophisticated attacks, tracked as DB#JAMMER, run shell commands to impair defenses and deploy tools to establish persistence on the host.
[A Brief History of ICS-Tailored Attacks]( It's on the cyber defenders to learn from the past and make industrial control system networks hostile to attackers.
[NYC Subway Disables Trip-History Feature Over Tap-and-Go Privacy Concerns]( The move by New York's Metropolitan Transit Authority (MTA) follows a report that showed how easy it is for someone to pull up another individual's seven-day ride history through the One Metro New York (OMNY) website.
[Should Senior IT Professionals Be Accountable for Professional Decisions?]( Everyone makes mistakes â but what if your mistakes risk the security of millions of people? [MORE]( EDITORS' CHOICE [Proposed SEC Cybersecurity Rule Will Put Unnecessary Strain on CISOs](
The Security and Exchange Commission's Proposed Rule for Public Companies (PPRC) is ambiguous. LATEST FROM THE EDGE [Name That Edge Toon: Prized Possessions](
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card. LATEST FROM DR TECHNOLOGY [NIST Publishes First Draft Standards for Post-Quantum Cryptography](
Publication of the first draft PQC standards opens a 90-day period for public comment and paves the way for interoperability testing. LATEST FROM DR GLOBAL [Russia Undertakes Disinformation Campaign Across Africa](
Following coups in some African nations, Russia is exploiting the instability with the manipulation of media channels to stoke anti-French sentiment, among other things. WEBINARS - [Tips for A Streamlined Transition to Zero Trust]( From identifying the potential attack surface to determining policy, there is a clear path to zero trust and best practices to make the transition as smooth as possible - both for your organization and your customers. Zero trust is more ... - [The Threat Hunter's Playbook: Mastering Cloud Defense Strategies]( Secure your spot now for this unforgettable cybersecurity adventure, filled with real-world examples, best practices, and expert insights from our threat research team. Level up your cloud security defense. When you attend this webinar, you will hear from the Sysdig's ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [The Forrester Wave: External Threat Intelligence Service Providers, Q3 2023](
- [Threat Intelligence: Data, People and Processes](
- [Mandiant Threat Intelligence at Penn State Health](
- [Crucial Considerations when Enabling Secure Industrial Digital Transformation](
- [Causes and Consequences of IT and OT Convergence](
- [Work From Anywhere Doesn't Have to Be Complicated](
- [The Ultimate Guide to the CISSP]( [View More White Papers >>]( FEATURED REPORTS - [How to Use Threat Intelligence to Mitigate Third-Party Risk]( The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ... - [Everything You Need to Know About DNS Attacks](
- [How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment]( Concerns over API security and low-code/no-code use added to an already-full plate of application security challenges for many organizations over the last year. IT and security decision-makers are deeply concerned about compromises resulting from vulnerabilities in the software supply ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Global Cloud Security Market to Reach $62.9B by 2028]( [Tuya Smart and Amazon Web Services Collaborate to Establish an IoT Security Lab]( [Hornetsecurity Releases 365 Total Protection Plan 4 for Microsoft 365]( [ReasonLabs Summer 2023 Trends Report Reveals Top Consumer Security Threats](
[MORE PRODUCTS & RELEASES]( CURRENT ISSUE
[Where and When Automation Makes Sense for Enterprise Security](
[DOWNLOAD THIS ISSUE](
[VIEW BACK ISSUES]( Dark Reading Daily
-- Published By [Dark Reading](
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.](
Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com)
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=118015&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_09.06.23&sp_cid=49699&utm_content=DR_NL_Dark%20Reading%20Daily_09.06.23&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#ad
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)