Skip to main content

Darkreading.com: Latest Cybersecurity News

Cookies for MFA bypass gain traction among cyber attackers.

Views expressed in this cybersecurity, cybercrime update are those of the reporters and correspondents.  Accessed on 14 November 2022, 0032 UTC.  Content provided by "Darkreading.com."

Source:  https://www.darkreading.com/latest/news

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net and https://paper.li/RussellRoberts).

NEWS

Chocolate biscuit cookies. Chocolate cookies on white linen napkin on wooden table.
Cookies for MFA Bypass Gain Traction Among Cyberattackers
Multifactor authentication has gained adoption among organizations as a way of improving security over passwords alone, but increasing theft of browser cookies undermines that security.
Robert Lemos Headshot
by Robert Lemos, Contributing Writer, Dark Reading
November 11, 2022
THREAT INTELLIGENCE
4 MIN READ
Article Icon
ARTICLE
an open front door
Knock, Knock: Aiphone Bug Allows Cyberattackers to Literally Open (Physical) Doors
The bug affects several Aiphone GT models using NFC technology and allows malicious actors to potentially gain access to sensitive facilities.
Dark Reading Logo
by Nathan Eddy, Contributing Writer, Dark Reading
November 11, 2022
IOT
5 MIN READ
Article Icon
ARTICLE
Images of apps spoofed for malicious activities
Uyghurs Targeted With Spyware, Courtesy of PRC
Chinese government employs spyware to detect so-called "pre-crimes" including using a VPN, religious apps, or WhatsApp, new analysis reveals.
Photo of Becky Bracken, Editor, Dark Reading
by Becky Bracken, Editor, Dark Reading
November 11, 2022
THREAT INTELLIGENCE
2 MIN READ
Article Icon
ARTICLE
twitter logo
Twitter's CISO Takes Off, Leaving Security an Open Question
Lea Kissner was one of three senior executives to quit this week, leaving many to wonder if the social media giant is ripe for a breach and FTC action.
Jai Vijayan
by Jai Vijayan, Contributing Writer, Dark Reading
November 10, 2022
RISK
5 MIN READ
Article Icon
ARTICLE
The word Botnet in an industrial font
Evasive KmsdBot Cryptominer/DDoS Bot Targets Gaming, Enterprises
KmsdBot takes advantage of SSH connections with weak login credentials to mine currency and deplete network resources, as it gains a foothold on enterprise systems.
headshot of Elizabeth Montalbano
by Elizabeth Montalbano, Contributor, Dark Reading
November 10, 2022
THREAT INTELLIGENCE
3 MIN READ
Article Icon
ARTICLE
Cloud misconfiguration leads to security incidents.
Amazon, Microsoft Cloud Leaks Highlight Lingering Misconfiguration Issues
Cloud storage databases, often deployed as "rogue servers" without the blessing of the IT department, continue to put companies and their sensitive data at risk.
Robert Lemos Headshot
by Robert Lemos, Contributing Writer, Dark Reading
November 10, 2022
CLOUD
4 MIN READ
Article Icon
ARTICLE
ticking stop watch indicating shrinking lead time
Patch ASAP: Critical Citrix, VMware Bugs Threaten Remote Workspaces With Takeover
Hole-y software alert, Batman: Cybercriminal faves Citrix Gateway and VMware Workspace ONE have authentication-bypass bugs that could offer up total access to attackers.
Tara Seals Headshot 2022
by Tara Seals, Managing Editor, News, Dark Reading
November 09, 2022
VULNERABILITIES/THREATS
3 MIN READ
Article Icon
ARTICLE
Cosmic landscape with nebula, stardust, spiral galaxy and bright shining stars
InterPlanetary File System Increasingly Weaponized for Phishing, Malware Delivery
Cyberattackers like IPFS because it is resilient to content blocking and takedown efforts.
Jai Vijayan
by Jai Vijayan, Contributing Writer, Dark Reading
November 09, 2022
VULNERABILITIES/THREATS
4 MIN READ
Article Icon
ARTICLE
Sun rays shine through the clouds as dusk approaches
Cloud9 Malware Offers a Paradise of Cyberattack Methods
The Swiss Army knife-like browser extension is heaven for attackers — and can be hell for enterprise users.
headshot of Elizabeth Montalbano
by Elizabeth Montalbano, Contributor, Dark Reading
November 09, 2022
THREAT INTELLIGENCE
5 MIN READ
Article Icon
ARTICLE
man with flyswatter attempting to swat bugs
Microsoft Quashes Bevy of Actively Exploited Zero-Days for November Patch Tuesday
Long-awaited security fixes for ProxyNotShell and Mark of the Web bypasses are part of a glut of actively exploited zero-day vulnerabilities and other critical flaws that admins need to prioritize in the coming hours.
Tara Seals Headshot 2022
by Tara Seals, Managing Editor, News, Dark Reading
November 08, 2022
THREAT INTELLIGENCE
5 MIN READ
Article Icon
ARTICLE
Couple sitting on a couch online-shopping on their tablet, with a Christmas tree in the background
Retail Sector Prepares for Annual Holiday Cybercrime Onslaught
Retailers and hospitality companies expect to battle credential harvesting, phishing, bots, and various malware variants.
headshot of Elizabeth Montalbano
by Elizabeth Montalbano, Contributor, Dark Reading
November 08, 2022
RISK
5 MIN READ
Article Icon
ARTICLE
Entrance to SolarWinds headquarters building
SolarWinds Faces Potential SEC Enforcement Act Over Orion Breach
In the nearly two years since the company discovered the cyber intrusion, SolarWinds has fundamentally rearchitected its development environment to make it much harder to compromise, CISO Tim Brown tells Dark Reading.
Jai Vijayan
by Jai Vijayan, Contributing Writer, Dark Reading
November 07, 2022
APPLICATION SECURITY
4 MIN READ
Article Icon
ARTICLE
Mousetrap with a "Free Wi-Fi" sign depicting the potential for missteps in public Wi-Fi
Unencrypted Traffic Still Undermining Wi-Fi Security
An analysis by RSA Conference's security operations center found 20% of data over its network was unencrypted and more than 55,000 passwords were sent in the clear.
Robert Lemos Headshot
by Robert Lemos, Contributing Writer, Dark Reading
November 07, 2022
REMOTE WORKFORCE
4 MIN READ
Article Icon
ARTICLE
concept illustration showing apt threat
Microsoft Warns on Zero-Day Spike as Nation-State Groups Shift Tactics
The software giant also recorded an increase in attacks on IT services companies as state-backed threat actors have adapted to better enterprise defenses and cast a wider net, Microsoft says.
Jai Vijayan
by Jai Vijayan, Contributing Writer, Dark Reading
November 04, 2022
ATTACKS/BREACHES
4 MIN READ
Article Icon
ARTICLE
Image of spoofed KeePass page
RomCom Malware Woos Victims With 'Wrapped' SolarWinds, KeePass Software
An analysis of the RomCom APT shows the group is expanding its efforts beyond the Ukrainian military into the UK and other English-speaking countries.
Photo of Becky Bracken, Editor, Dark Reading
by Becky Bracken, Editor, Dark Reading
November 04, 2022
THREAT INTELLIGENCE
3 MIN READ
Article Icon
ARTICLE

Comments

Popular posts from this blog

BleepingComputer.com

The Cyberwire Daily Briefing

SecurityWeek Briefing