"Snowflake rolls out mandatory MFA plan."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 11 December 2024, 1402 UTC.

Content and Source:  Email subscription via https://feedly.com.   https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fwww.darkreading.com%2Frss%2Fall.xml

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Dark Reading

160K followers39 articles per week#security#tech

17

Most popular

Snowflake Rolls Out Mandatory MFA Plan

Snowflake mandates multi-factor authentication

•

by Dark Reading Staff / 17min

As part of the commitment to CISA's Secure by Design pledge, Snowflake will begin blocking sign-ins using single-factor authentication next year.

FCC Proposes New Cybersecurity Rules for Telecoms

FCC proposes cybersecurity rules after hack

•

by Jennifer Lawinski / 52min

FCC Chairwoman Jessica Rosenworcel proposed "urgent action" to safeguard the nation's communications systems from real and present cybersecurity threats.

Microsoft NTLM Zero-Day to Remain Unpatched Until April

4 TTPs

•

by Jai Vijayan, Contributing Writer / 1d

The second zero-day vulnerability found in Windows NTLM in the past two months paves the way for relay attacks and credential theft. Microsoft has no patch, but released updated NTLM cyberattack mitigation advice.

Yesterday

Governments, Telcos Ward Off China's Hacking Typhoons

by Robert Lemos, Contributing Writer / 6h

Infiltrating other nations' telecom networks is a cornerstone of China's geopolitical strategy, and it's having the unintended consequence of driving the uptake of encrypted communications.

Actively Exploited Zero-Day, Critical RCEs Lead Microsoft Patch Tuesday

10 TTPs

•

by Tara Seals, Managing Editor, News, Dark Reading / 14h

•

PatchTuesday

The zero-day (CVE-2024-49138), plus a worryingly critical unauthenticated RCE security vulnerability (CVE-2024-49112), are unwanted gifts for security admins this season.

'Termite' Ransomware Likely Behind Cleo Zero-Day Attacks

7 TTPs

•

by Jai Vijayan, Contributing Writer / 16h

The threat actor group recently took credit for a similar attack on Blue Yonder that affected multiple organizations, including Starbucks.

Scottish Parliament TV at Risk From Deepfakes

Scottish Parliament TV faces deepfake risks

•

by Kristina Beek, Associate Editor, Dark Reading / 19h

Because the streaming service website offers no content restrictions, attackers are able to hijack and manipulate live streams.

Cybercrime Gangs Abscond With Thousands of AWS Credentials

3 TTPs

•

by Elizabeth Montalbano, Contributing Writer / 21h

•

AWS credentials stolen from misconfigured sites

The Nemesis and ShinyHunters attackers scanned millions of IP addresses to find exploitable cloud-based flaws, though their operation ironically was discovered due to a cloud misconfiguration of their own doing.

Lessons From the Largest Software Supply Chain Incidents

by Eldan Ben-Haim / 23h

The software supply chain is a growing target, and organizations need to take special care to safeguard it.

Sprawling 'Operation Digital Eye' Attack Targets European IT Orgs

13 TTPs

•

by Nate Nelson, Contributing Writer / 1d

A Chinese threat actor infiltrated several IT and security companies in a bring-your-own VS code, with an eye to carrying out a supply-chain-based espionage attack.

Dec 9, 2024

Google Launches Open Source Patch Validation Tool

Google launches open-source Vanir tool

•

by Jennifer Lawinski / 1d

Vanir automates the process of scanning source code to identify missing security patches.

How Art Appreciation Supplements Cybersecurity Skills

by Joshua Goldfarb / 1d

Using different parts of our brains gives us different perspectives on the world around us and new approaches to the problems we face in security.

Millionaire Airbnb Phishing Ring Busted Up by Police

Eight arrested in phone phishing

•

by Becky Bracken, Senior Editor, Dark Reading / 1d

Scammers set up call centers in luxury rentals to run bank help-desk fraud, as well as large-scale phishing campaigns, across at least 10 European countries, according to law enforcement.

Attackers Can Use QR Codes to Bypass Browser Isolation

10 TTPs

•

by Elizabeth Montalbano, Contributing Writer / 1d

•

Circumventing browser isolation security

Researchers demonstrate a proof-of-concept cyberattack vector that gets around remote, on-premises, and local versions of browser isolation security technology to send malicious communications from an attacker-controlled server.

Compromised Software Code Poses New Systemic Risk to U.S. Critical Infrastructure

Compromised software threatens US infrastructure

•

1d

New Fortress Information Security research shows 90% of software products used by critical infrastructure organizations contain code developed in China.

Genetec Physical Security Report Shows Accelerating Hybrid Cloud Adoption

1d

More than 4% of US attempted e-commerce transactions between Thanksgiving and Cyber Monday suspected to be fraudulent.

Large-Scale Incidents & the Art of Vulnerability Prioritization

by Audra Streetman / 1d

We can anticipate a growing number of emerging vulnerabilities in the near future, emphasizing the need for an effective prioritization strategy.

End of feed