Memory Safety Is Key to Preventing Hardware Hacks – Dark Reading
Spectre and Meltdown exposed just how easy a target computer memory was for attackers. Several efforts are underway to protect memory. – Read More
Dark Reading
CrowdStrike’s Legal Pressures Mount, Could Blaze Path to Liability – Dark Reading
Following the July 19 outages caused by a bad update, the cybersecurity firm faces shareholder lawsuits and pressure to pay damages for at least one major customer, Delta Airlines. Will…
How to Weaponize Microsoft Copilot for Cyberattackers – Dark Reading
At Black Hat USA, security researcher Michael Bargury released a “LOLCopilot” ethical hacking module to demonstrate how attackers can exploit Microsoft Copilot — and offered advice for defensive tooling. –…
Microsoft on CISOs: Thriving Community Means Stronger Security – Dark Reading
Microsoft execs detailed the company’s reaction to the CrowdStrike incident and emphasized the value of a collective identity. – Read More
‘0.0.0.0 Day’ Flaw Puts Chrome, Firefox, Mozilla Browsers at RCE Risk – Dark Reading
Attackers can use a seemingly innocuous IP address to exploit localhost APIs to conduct a range of malicious activity, including unauthorized access to user data and the delivery of malware.…
Building an Effective Strategy to Manage AI Risks – Dark Reading
As AI technologies continue to advance at a rapid pace, privacy, security and governance teams can’t expect to achieve strong AI governance while working in isolation. – Read More
SaaS Apps Present an Abbreviated Kill Chain for Attackers – Dark Reading
Black Hat presentation reveals adversaries don’t need to complete all seven stages of a traditional kill chain to achieve their objectives. – Read More
Critical AWS Vulnerabilities Allow S3 Attack Bonanza – Dark Reading
Researchers at Aqua Security discovered the “Shadow Resource” attack vector and the “Bucket Monopoly” problem, where threat actors can guess the name of S3 buckets based on their public account…
Hazy Issue in Entra ID Allows Privileged Users to Become Global Admins – Dark Reading
Invisible authentication mechanisms in Microsoft allow any attacker to escalate from privileged to super-duper privileged in cloud environments, paving the way for complete takeover. – Read More
Monitoring Changes in KEV List Can Guide Security Teams – Dark Reading
The number of additions to the Known Exploited Vulnerabilities catalog is growing quickly, but even silent changes to already-documented flaws can help security teams prioritize. – Read More
CrowdStrike Will Give Customers Control Over Falcon Sensor Updates – Dark Reading
The security vendor has also implemented several changes to protect against the kind of snafu that crashed 8.5 million Windows computers worldwide last month. – Read More
Knostic Wins 2024 Black Hat Startup Spotlight Competition – Dark Reading
During a “Shark Tank”-like final, each startup’s representative spent five minutes detailing their company and product, with an additional five minutes to take questions from eight judges from Omdia, investment…
Chameleon Banking Trojan Makes a Comeback Cloaked as CRM App – Dark Reading
The evolving malware is targeting hospitality and other B2C workers in Canada and Europe with capabilities that can evade Android 13 security restrictions. – Read More
Creating Insecure AI Assistants With Microsoft Copilot Studio Is Easy – Dark Reading
Microsoft claims 50,000 organizations are using its new Copilot Creation tool, but researcher Michael Bargury demonstrated at Black Hat USA ways it could unleash insecure chatbots. – Read More
The API Security Crisis: Why Your Company Could Be Next – Dark Reading
You’re only as strong as your weakest security link. – Read More