Vercel Employee's AI Tool Access Led to Data Breach
Stolen OAuth tokens, which are at the root of these breaches, "are the new attack surface, the new lateral movement," a researcher notes.
Lateral movement lets attackers reach more systems after entry; network segmentation, least privilege, and monitoring can limit its impact.
Search across headline titles and summaries.
Background for this topic.
Lateral movement is an attacker’s progress from an initially compromised device or account to other systems, accounts, or network segments. It commonly uses stolen credentials, remote administration services, shared drives, exposed management interfaces, or vulnerabilities. The objective may be to reach higher-value assets, obtain greater privileges, or establish access that supports data theft or disruption. Because these actions can resemble normal administration, a single endpoint compromise can become a broader intrusion without clear perimeter breaches.
The most relevant defenses limit both reach and credential reuse: segment networks and sensitive environments, apply least privilege, require strong authentication for administrative access, and remove unnecessary remote services. Monitor authentication patterns, new administrative relationships, unusual remote execution, and access between systems that rarely communicate; correlate these signals with endpoint and identity telemetry. Rapidly disabling compromised accounts, isolating affected hosts, and rotating exposed credentials can contain movement, while vulnerability management reduces exploitable paths that bypass authentication.
Weekly headline count for the current query.
Stolen OAuth tokens, which are at the root of these breaches, "are the new attack surface, the new lateral movement," a researcher notes.
A China-related attacker has exploited the vendor flaw since mid-2024, allowing it to move laterally, maintain persistent access, and deploy malware.
'Broadside' is targeting a critical flaw in DVR systems to conduct command injection attacks, which can hijack devices to achieve persistence and move laterally.
The notorious nation-state-backed threat actor has added two new keyloggers, a lateral movement tool, and an endpoint detection and response (EDR) evasion driver to its arsenal.
In the latest Windows preview, Microsoft adds a feature — Administrator Protection — designed to prevent threat actors from easily escalating privileges and restrict lateral movement.
Microsoft warns that ransomware group Storm-0501 has shifted from buying initial access to leveraging weak credentials to gain on-premises access before moving laterally to the cloud.
Once attackers have control over a workload in the cluster, they can leverage access for lateral movement both inside the cluster and to external resources.
A pair of critical bugs could open the door to complete system compromise, including access to location information, iPhone camera and mic, and messages. Rootkitted attackers could theoretically perform lateral movement to corporate networks, too.
Threat actors convince employees to reset MFA for Super Admin accounts in the IAM service to leverage compromised accounts, impersonating users and moving laterally within an organization.
A China-nexus cyber espionage campaign rages on with the fourth backdoor to surface in the wild that takes advantage of the CVE-2023-2868 zero-day security bug — with severe threat of lateral movement, CISA warns.
Rick McElroy of VMware joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss lateral movement and cloud operations.
Detailing how extended IoT (xIoT) devices can be used at scale by attackers to establish persistence across networks and what enterprises should start doing about the risk.
The framework-as-a-service signals an intensification of the cat-and-mouse game between defenders detecting lateral movement, and cybercriminals looking to go unnoticed.
Unpatched Cisco bugs, tracked as CVE-2023-20025 and CVE-2023-20026, allow lateral movement, data theft, and malware infestations.
Threat actors can weaponize code within AI technology to gain initial network access, move laterally, deploy malware, steal data, or even poison an organization's supply chain.
New functionality further reduces the risk of lateral movement.
The ransomware group is using Qakbot to make the initial point of entry before moving laterally within an organization’s network.
Interactive intrusion campaigns jumped nearly 50%, while the breakout time between initial access and lateral movement shrank to less than 90 minutes, putting pressure on defenders to react quickly.
Unusually, SOVA, which targets US users, now allows lateral movement for deeper data access. Version 5 adds an encryption capability.