MinIO Attack Showcases Fresh Corporate Cloud Attack Vector

The open source object storage service was the target of a never-before-seen attack on corporate cloud services, which researchers said should put DevOps in particular on notice.

https://www.darkreading.com/cloud/minio-attack-corporate-cloud-attack-vector

Russia's 'Fancy Bear' APT Targets Ukrainian Energy Facility

The group, best known for 2016 US election interference and other attacks on Ukraine, used phishing emails offering pictures of women to lure its victim into opening a malicious attachment.

https://www.darkreading.com/attacks-breaches/russia-fancy-bear-apt-ukrainian-energy-facility

Google's Souped-up Chrome Store Review Process Foiled by Data-Stealer

Researchers have discovered that despite Google's adoption of the Manifest V3 security standard to protect against malicious plug-ins, attackers can still get bad extensions past its review process.

https://www.darkreading.com/application-security/google-chrome-store-review-process-data-stealer

Securing Your Legacy: Identities, Data, and Processes

Legacy systems of all kinds pose significant cybersecurity risks. Here's how to mitigate them.

https://www.darkreading.com/vulnerabilities-threats/securing-your-legacy-identities-data-and-processes

LockBit Leaks Documents Filched From UK Defense Contractor

A company that builds physical perimeter defenses failed to keep the LockBit group from penetrating its cyber defenses.

https://www.darkreading.com/attacks-breaches/lockbit-leaks-documents-filched-from-uk-defence-contractor

Researchers Discover Critical Vulnerability in PHPFusion CMS

No patch is available yet for the bug, which can enable remote code execution under the correct circumstances.

https://www.darkreading.com/application-security/researchers-discover-critical-vulnerability-in-phpfusion-cms

Tuya Smart and Amazon Web Services Collaborate to Establish an IoT Security Lab

https://www.darkreading.com/ics-ot/tuya-smart-and-amazon-web-services-collaborate-to-establish-an-iot-security-lab

Hornetsecurity Releases 365 Total Protection Plan 4 for Microsoft 365

https://www.darkreading.com/application-security/hornetsecurity-releases-365-total-protection-plan-4-for-microsoft-365

Global Cloud Security Market to Reach $62.9B by 2028

https://www.darkreading.com/cloud/global-cloud-security-market-to-reach-62-9b-by-2028

GhostSec Leaks Source Code of Alleged Iranian Surveillance Tool

GhostSec has made the source code for what it calls a powerful surveillance tool openly available in a 26GB file, but FANAP denies its legitimacy.

https://www.darkreading.com/dr-global/ghostsec-source-code-alleged-iranian-surveillance-tool

Peiter 'Mudge' Zatko Lands Role as CISA Senior Technical Adviser

The former hacker and Twitter security executive will use his role to help fulfill the Biden administration's plans for the National Cybersecurity Strategy.

https://www.darkreading.com/careers-and-people/peiter-mudge-zatko-lands-role-as-cisa-senior-technical-

Hackers Target High-Privileged Okta Accounts via Help Desk

Threat actors convince employees to reset MFA for Super Admin accounts in the IAM service to leverage compromised accounts, impersonating users and moving laterally within an organization.

https://www.darkreading.com/cloud/hackers-target-high-privileged-okta-accounts-via-help-desk

Data Initiatives Force Closer Partnership Between CISOs, CDOs

Though security leaders and chief data officers both care about data management, their different missions have created a tension that needs addressing.

https://www.darkreading.com/risk/data-initiatives-force-closer-partnership-ciso-cdo

Russia Undertakes Disinformation Campaign Across Africa

Following coups in some African nations, Russia is exploiting instability with manipulation of media channels.

https://www.darkreading.com/dr-global/russia-undertakes-disinformation-campaign-across-africa-follwnfg-coups

How Companies Can Cope With the Risks of Generative AI Tools

To benefit from AI yet minimize risk, companies should be cautious about information they share, be aware of AI's limitations, and stay vigilant about business implications.

https://www.darkreading.com/vulnerabilities-threats/how-companies-can-cope-risk-generative-ai-tools

Name That Edge Toon: Prized Possessions

Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

https://www.darkreading.com/edge-articles/name-that-edge-toon-prized-collection

As LotL Attacks Evolve, So Must Defenses

Because living-off-the-land (LotL) attacks masquerade as frequently used, legitimate companies, they are very difficult to block and detect.

https://www.darkreading.com/vulnerabilities-threats/as-lotl-attacks-evolve-so-must-defenses

Realism Reigns on AI at Black Hat and DEF CON

Realistic expectations and caution began to replace wonder and confusion for generative AI at the recent security industry gatherings.

https://www.darkreading.com/omdia/realism-reigns-on-ai-at-black-hat-and-def-con

Facing Third-Party Threats With Non-Employee Risk Management

As businesses continue to grapple with third-party threats, a revamped approach to non-employee risk management can help limit their potential exposure.

https://www.darkreading.com/risk/facing-third-party-threats-with-non-employee-risk-management

ReasonLabs Summer 2023 Trends Report Reveals Top Consumer Security Threats

https://www.darkreading.com/threat-intelligence/reasonlabs-summer-2023-trends-report-reveals-top-consumer-security-threats