Microsoft Warns of Rise in Stolen Cloud Tokens Used to Bypass MFA
Dark Reading 21.11.2022 21:50
Analysts see an uptick in token theft from authenticated users, allowing threat actors to bypass MFA protections.
Major Security Breach From Business Users' Low-Code Apps Could Come in 2023, Analysts Warn
Dark Reading 21.11.2022 19:30
Here’s what that means about our current state as an industry, and why we should be happy about it.
MIT Research Documents Effectiveness of Consensus Cyber Risk Oversight Principles
Dark Reading 21.11.2022 18:10
Organizations that use the consensus principles can significantly improve their cyber resilience without raising costs, MIT research shows.
Notorious Emotet Malware Returns With High-Volume Malspam Campaign
The Hacker News 21.11.2022 15:24
The notorious Emotet malware has returned with renewed vigor as part of a high-volume malspam campaign designed to drop payloads like IcedID and Bumblebee.
"Hundreds of thousands of emails per day" have been sent since early November 2022, enterprise security company Proofpoint said last week, adding, "the new activity suggests Emotet is returning to its full functionality acting as a delivery
Google Identifies 34 Cracked Versions of Popular Cobalt Strike Hacking Toolkit in the Wild
The Hacker News 21.11.2022 6:42
Google Cloud last week disclosed that it identified 34 different hacked release versions of the Cobalt Strike tool in the wild, the earliest of which shipped in November 2012.
The versions, spanning 1.44 to 4.7, add up to a total of 275 unique JAR files, according to findings from the Google Cloud Threat Intelligence (GCTI) team. The latest version of Cobalt Strike is version 4.7.2.
Cobalt