Goodbye? Attackers Can Bypass ‘Windows Hello’ Strong Authentication – Dark Reading
Accenture researcher undercut WHfB’s default authentication using open source Evilginx adversary-in-the-middle (AitM) reverse-proxy attack framework. – Read More
Cyber
CrowdStrike failure: What you need to know – CSO Online
Cybersecurity vendor CrowdStrike initiated a series of computer system outages across the world on Friday, July 19, disrupting nearly every industry and sowing chaos at airports, financial institutions, and healthcare…
Sprawling CrowdStrike Incident Mitigation Showcases Resilience Gaps – Dark Reading
A painful recovery from arguably one of the worst IT outages ever continues, and the focus is shifting to what can be done to prevent something similar from happening again.…
Attackers Exploit ‘EvilVideo’ Telegram Zero-Day to Hide Malware – Dark Reading
An exploit sold on an underground forum requires user action to download an unspecified malicious payload. – Read More
Wanted: A SBOM Standard to Rule Them All – Dark Reading
A unified standard is essential for realizing the full potential of SBOMs in enhancing software supply chain security. – Read More
Shocked, Devastated, Stuck: Cybersecurity Pros Open Up About Their Layoffs – Dark Reading
Here’s a dose of reality from those on the frontlines and how they’re coping. – Read More
Chinese Hackers Target Taiwan and US NGO with MgBot Malware – The Hacker News
Organizations in Taiwan and a U.S. non-governmental organization (NGO) based in China have been targeted by a Beijing-affiliated state-sponsored hacking group called Daggerfly using an upgraded set of malware tools.…
Google abandons plans to drop third-party cookies in Chrome – CSO Online
As a major update to Chrome’s new cross-site tracking protection policy, Google announced that it is no longer considering dropping support for third-party cookies. Third-party cookies, which refer to the…
New ICS Malware ‘FrostyGoop’ Targeting Critical Infrastructure – The Hacker News
Cybersecurity researchers have discovered what they say is the ninth Industrial Control Systems (ICS)-focused malware that has been used in a disruptive cyber attack targeting an energy company in the…
Wiz shocks the tech world as it rejects Google’s $23 billion bid – CSO Online
In a surprising turn of events, Israeli cybersecurity startup Wiz has decided to end its acquisition talks with Google-parent Alphabet, which would have resulted in a $23 billion deal, the…
How to Securely Onboard New Employees Without Sharing Temporary Passwords – The Hacker News
The initial onboarding stage is a crucial step for both employees and employers. However, this process often involves the practice of sharing temporary first-day passwords, which can expose organizations to…
Magento Sites Targeted with Sneaky Credit Card Skimmer via Swap Files – The Hacker News
Threat actors have been observed using swap files in compromised websites to conceal a persistent credit card skimmer and harvest payment information. The sneaky technique, observed by Sucuri on a…
NHIs may be your biggest — and most neglected — security hole – CSO Online
Non-human identities (NHIs) have been a staple of enterprise IT for decades. Giving digital components credentials to access IT networks and devices, as IT would a human user, is key…
Chinese APT group Daggerfly revamps malware toolkit with new backdoors – CSO Online
Researchers have linked a previously unattributed Mac backdoor and a new Windows Trojan to a Chinese APT group known as Daggerfly that has been around for over a decade and…
Early IT takeaways from the CrowdStrike outage – CSO Online
Whether you’ve survived the CrowdStrike incident or didn’t use CrowdStrike and are merely seeing the impact to others, taking time to learn lessons from this event is vital. After all,…