Microsoft ID Security Gaps That Let Threat Actor Steal Signing Key

China's Storm-0558 accessed user emails at some 25 enterprise organizations earlier this year using forged tokens. [TechWeb]( Follow Dark Reading: [RSS]( September 08, 2023 LATEST SECURITY NEWS & COMMENTARY [Microsoft ID Security Gaps That Let Threat Actor Steal Signing Key]( China's Storm-0558 accessed user emails at some 25 enterprise organizations earlier this year using forged tokens. [NFL Security Chief: Generative AI Threats a Concern as New Season Kicks Off]( Deepfake videos and audio of NFL players and phishing communications via ChatGPT-like tools are a worry, the NFL's CISO says. [North Korean Hackers Target Security Researchers — Again]( This time, they're creating elaborate impostor profiles and using a fresh zero-day and a fake Windows tool to lure in the suspecting. [Peril vs. Promise: Companies, Developers Worry Over Generative AI Risk]( Executives and developers believe AI can help businesses thrive, but worry that reliance on generative AI brings significant risks. [Weaponized Windows Installers Target Graphic Designers in Crypto Heist]( Attackers use legitimate Windows installer to hide malicious scripts that install a backdoor and miners that leverage victims' graphics processing power. [How New SEC Rules Can Benefit Cybersecurity Teams]( Securities and Exchange Commission rules elevate cybersecurity to a critical strategic concern and compel businesses to prioritize cyber resilience. [Does Generative AI Comply With Asimov's 3 Laws of Robotics?]( Putting the top 10 generative AI tools to the ethical test reveals more about humanity than artificial intelligence. [Apple Hit By 2 No-Click Zero-Days in Blastpass Exploit Chain]( Researchers at Citizen Lab recommend immediately updating any iPhones and iPads to the latest OSes. [(Sponsored Article) Malware Unleashed: Public Sector Hit in Sudden Surge, Reveals New Research]( Report unmasks recent cybersecurity challenges for governments, healthcare, financial services, and vital infrastructure. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [W3LL Gang Compromises Thousands of Microsoft 365 Accounts]( A secretive phishing cabal boasts a sophisticated affiliate network and a modular, custom toolset that's claiming victims on three continents. [Researchers Discover Critical Vulnerability in PHPFusion CMS]( No patch is available yet for the bug, which can enable remote code execution under the correct circumstances. [Securing Your Legacy: Identities, Data, and Processes]( Legacy systems of all kinds pose significant cybersecurity risks. Here's how to mitigate them. [MORE]( EDITORS' CHOICE [AtlasVPN Linux Zero-Day Disconnects Users, Reveals IP Addresses]( All it takes is a simple copy-paste to undo a VPN service used by millions worldwide. LATEST FROM THE EDGE [Software Supply Chain Strategies to Parry Dependency Confusion Attacks]( Bad actors practice to deceive package managers with a tangled web of methods. Here's how to hoist them by their own petard. LATEST FROM DR TECHNOLOGY [Thoma Bravo's 'Practical' Decision to Merge ForgeRock Into Ping Identity]( The private equity from has invested billions of dollars in identity and access management (IAM) but now it’s on Ping founder and CEO Andre Durand and his team to rationalize overlapping product lines. LATEST FROM DR GLOBAL [Rwanda Launches Smart-City Investment Program]( The ambitious move by the nation also comes with cybersecurity risks. WEBINARS - [The Evolution of the Vulnerability Landscape in 2023]( While this summer has been jokingly called "zero-day summer" by some, 2023 fits Mandiant observations that zero-day exploitation has been trending upward for the last few years. As shown in our zero-day trends blog post, Mandiant tracked 55 zero-day vulnerabilities that we ... - [Passwords Are Passe: Next Gen Authentication for Today's Threats]( Cyber experts agree: end-user authentication needs more than the simple password. But what are the right tools and strategies for authentication in your organization? What does the world of passwordless look like for your organization? In this webinar, experts offer ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Building Cyber Resiliency: Key Strategies for Proactive Security Operations]( - [Essential SASE Must-haves]( - [2023 Work-From-Anywhere Global Study]( - [9 Traits You Need to Succeed as a Cybersecurity Leader]( - [The Ultimate Guide to the CISSP]( - [Rediscovering Your Identity]( - [2023 Global Future of Cyber Report]( [View More White Papers >>]( FEATURED REPORTS - [Everything You Need to Know About DNS Attacks]( - [How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment]( Concerns over API security and low-code/no-code use added to an already-full plate of application security challenges for many organizations over the last year. IT and security decision-makers are deeply concerned about compromises resulting from vulnerabilities in the software supply ... - [Successfully Managing Identity in Modern Cloud and Hybrid Environments]( Cloud promised to simplify the security and management of enterprise systems. In many ways it has, but when it comes to identity management it's as complicated as ever. This report details how to get identity programs on track -- and ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [CybeReady Provides Cybersecurity Awareness Month Kits As CISOs Defend Against AI Driven Attacks]( [IBM Addresses Data Incident for Janssen CarePath Database]( [IBM Expands Cloud Security and Compliance Center]( [Tuya Smart and Amazon Web Services Collaborate to Establish an IoT Security Lab]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [The Secrets of Successful SecOps Data Analytics]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=118084&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_09.08.23&sp_cid=49729&utm_content=DR_NL_Dark%20Reading%20Daily_09.08.23&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#ac If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)