Microsoft customer service code exposed by Azure app service bug.

Accessed on 23 December 2021, 1432 UTC.

Views expressed in this cybersecurity summary are those of the reporters and correspondents.

Content provided by “Dark Reading Daily.”

Source:

https://mail.google.com/mail/u/0/?ogbl#inbox/FMfcgzGllVtJXVRpfVRkFbpkBbfZlKTl

Please click link or scroll down to read your selections.

Dark Reading Daily darkreading@nw.nwsltechwebresources.com Unsubscribe

4:07 AM (27 minutes ago)
to me
Follow Dark Reading:
 December 23, 2021
LATEST SECURITY NEWS & COMMENTARY
Microsoft Customer Source Code Exposed via Azure App Service Bug
Researchers found an insecure default behavior in Azure App Service exposing source code of some customer applications deployed using “Local Git.”
Nearly 50% of People Will Abandon Sites Prohibiting Password Reuse
A new study investigating consumer password use found 25% of online shoppers would abandon their carts of $100 if prompted to reset a password at checkout.
Log4j Reveals Cybersecurity’s Dirty Little Secret
Once the dust settles on Log4j, many IT teams will brush aside the need for the fundamental, not-exciting need for better asset and application management.
Future of Identity-Based Security: All-in-One Platforms or Do-It-Yourself Solutions?
The functionality of all-in-one platforms is being deconstructed into a smorgasbord of services that can be used to develop bespoke end-user security procedures for specific work groups, lines of businesses, or customer communities.
CISA’s New Log4j Scanner Aims to Find Vulnerable Apps
The open-sourced scanner was derived from scanners built by members across the open source community, CISA reports.

MORE NEWS / MORE COMMENTARY

HOT TOPICS
Preemptive Strategies to Stop Log4j and Its Variants
Zero trust is key to not falling victim to the next big vulnerability.
New Log4j Attack Vector Discovered
Meanwhile, Apache Foundation releases third update to logging tool in 10 days to address yet another flaw.
How Risky Is the Log4J Vulnerability?
Security teams around the world are on high alert dealing with the Log4j vulnerability, but how risky is it, really?

MORE

EDITORS’ CHOICE
93% of Tested Networks Vulnerable to Breach, Pen Testers Find
Data from dozens of penetration tests and security assessments suggest nearly every organization can be infiltrated by cyberattackers.
LATEST FROM THE EDGE
Why We Need to Consolidate Digital Identity Management Before Zero Trust
Zero trust may be one of the hottest trends in cybersecurity, but just eliminating trust from networks isn’t enough to prevent successful organizational data breaches, says Wes Wright, CTO of Imprivata.
LATEST FROM DR TECHNOLOGY
How Do I Find My Servers With the Log4j Vulnerability?
This Tech Tip outlines how enterprises can use Canarytokens to find servers in their organization vulnerable to CVE-2021-44228.
Tech Resources
ACCESS TECH LIBRARY NOW
  • Beyond Spam and Phishing: Emerging Email-based ThreatsEven as enterprises adopt real-time messaging tools and platforms, email remains the hub of enterprise communications. Adversaries are increasingly targeting the enterprise email inbox, and security teams need to look further than just spam and phishing attacks. In this webinar, …
  • Cloud Security Strategies for Today’s EnterprisesThe typical enterprise relies on dozens, even hundreds, of cloud applications and services sprawled across different platforms and service providers. Security teams need to shoulder the responsibility of coordinating security and incident response and not leave it up to individual …
MORE WEBINARS
FEATURED REPORTS
MORE REPORTS
CURRENT ISSUE
How Data Breaches Affect the Enterprise
DOWNLOAD THIS ISSUE SUBSCRIBE NOW
BACK ISSUES | MUST READS | TECH DIGEST
PRODUCTS & RELEASES
Dark Reading Daily
— Published By Dark Reading
Informa Tech
303 Second St., Suite 900 South Tower, San Francisco, CA 94107
To update your profile, change your e-mail address, or unsubscribe, click here.
To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don’t let future editions go missing. Take a moment to add the newsletter’s address to your anti-spam white list:
If you’re not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility’s documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2021  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us

For the latest cybersecurity news and information, please check the blog sidebar, links, and twitter posts.