Exploit for Critical Windows Defender Bypass Goes Public

Click here to subscribe to Informationweek.com

Categories: Services | Professionals Business goods Financially Kantoor Marketing Retail Retail Industry Machines Age: 14 until 18 year 19 until 30 year 31 until 64 years

1 year ago

Html
Text

Threat actors were actively exploiting CVE-2023-36025 in Windows SmartScreen as a zero-day vulnerability before Microsoft patched it in November.

Follow Dark Reading:

November 22, 2023

LATEST SECURITY NEWS & COMMENTARY

Exploit for Critical Windows Defender Bypass Goes Public Threat actors were actively exploiting CVE-2023-36025 in Windows SmartScreen as a zero-day vulnerability before Microsoft patched it in November. DPRK Hackers Masquerade as Tech Recruiters, Job Seekers No one has turned the job market into an attack surface quite like North Korea, which plays both sides for financial gain and, possibly, espionage. Citrix Bleed Bug Inflicts Mounting Wounds, CISA Warns Patch or isolate now: Organizations in every sector run the risk of hemorrhaging data as opportunistic attacks from LockBit ransomware and others grow. Kinsing Cyberattackers Target Apache ActiveMQ Flaw to Mine Crypto Active exploit of the critical RCE flaw targets Linux systems to achieve full system compromise. Inside Job: Cyber Exec Admits to Hospital Hacks Healthcare cyber services executive Vikas Singla admits to hobbling hospital operations, then using the incidents to try and gin up extra business. AutoZone Files MOVEit Data Breach Notice With State of Maine The company temporarily disabled the application and patched the vulnerability, though affected individuals should still remain vigilant. Maximize Cybersecurity Returns: 5 Key Steps to Enhancing ROI Cybersecurity isn't a one-time task. It's an ongoing effort that needs regular checks, updates, and teamwork. (Sponsored Article) Leveraging Sandbox and Threat Intelligence Feeds to Combat Cyber Threats Combining a malware sandbox with threat intelligence feeds improves security detection, analysis, and response capabilities. MORE NEWS / MORE COMMENTARY


HOT TOPICS
Amid Military Buildup, China Deploys Mustang Panda in the Philippines China pairs cyber and kinetic attacks in the South Pacific as it continues to wrangle control of the South China Sea. How the Evolving Role of the CISO Impacts Cybersecurity Startups CISOs and vendors must work together to keep up with emerging threats and find solutions, says a group of CISOs and security entrepreneurs. SEC Suit Ushers in New Era of Cyber Enforcement A federal push to enforce cybersecurity requirements is holding public companies and government contractors accountable as a matter of law and for national security. MORE

EDITORS' CHOICE

Malware Uses Trigonometry to Track Mouse Strokes The latest LummaC2 infostealer version includes a novel anti-sandbox trick to avoid detonating when no human mouse movements are detected. LATEST FROM THE EDGE
The 7 Deadly Sins of Security Awareness Training Stay away from using these tactics when trying to educate employees about risk. LATEST FROM DR TECHNOLOGY
First Wave of Vulnerability-Fixing AIs Available for Developers GitHub joins a handful of startups and established firms in the market, but all the products are essentially "caveat developer" — let the developer beware. LATEST FROM DR GLOBAL
Major Saudi University to Offer AI, Cybersecurity Studies University of Jeddah partners with Resecurity to teach cybersecurity skills.

WEBINARS

Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing

Many of today's most damaging cyberattacks begin with a phishing lure delivered over corporate email. The attacks against Microsoft Exchange illustrated the extent of damage attackers can inflict by targeting enterprise email servers. Many enterprises still don't have a unified ...

Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication Methods

Inadequate authentication measures leave your digital identity vulnerable to cybercriminals. Tools like multi-factor authentication, biometrics, passwords, PINs, and tokens are all more vulnerable to attacks and social engineering than you realize. And one wrong move leaves you and your organization ...

View More Dark Reading Webinars >>

WHITE PAPERS

9 Traits You Need to Succeed as a Cybersecurity Leader The Ultimate Guide to the CISSP

View More White Papers >>

FEATURED REPORTS

Passwords Are Passe: Next Gen Authentication Addresses Today's Threats Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks

The most profound change to enterprise security with the rise of remote work is the way endpoint security has moved from last line of defense to being on the frontline. The user's endpoint is the first device attackers encounter, making ...

How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment

Concerns over API security and low-code/no-code use added to an already-full plate of application security challenges for many organizations over the last year. IT and security decision-makers are deeply concerned about compromises resulting from vulnerabilities in the software supply ...

View More Dark Reading Reports >>

PRODUCTS & RELEASES

Lasso Security Emerges From Stealth With $6M Seed Funding for Gen AI and Advanced LLM Cybersecurity VicOne and Block Harbor Deliver Integrated Workflow-Based Cybersecurity System CompTIA Advises Retailers to Check their Cybersecurity Preparedness Ahead of the Holiday Shopping Season ALTR Closes $25M Series C Financing MORE PRODUCTS & RELEASES

CURRENT ISSUE

Key DevSecOps Principles for Enterprise Mobile App Development
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES

Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA

To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.

Thoughts about this newsletter? Give us feedback.

Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:

If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.

We take your privacy very seriously. Please review our Privacy Statement.

Share on

Other newsletters from Informationweek.com

Achieving Optimal Security Outcomes Through Platformization Informationweek.com
16 hours ago
FEATURES EDITION | Microsoft Highlights Security Exposure Management at Ignite Informationweek.com
18 hours ago
Chinese APT Gelsemium Deploys 'Wolfsbane' Linux Variant Informationweek.com
Yesterday at 14:04

More newsletters from Informationweek.com

Related newsletters

View other categories

Services | Professionals Business goods Financially Kantoor Marketing Retail Retail Industry Machines

Exploit for Critical Windows Defender Bypass Goes Public

Key DevSecOps Principles for Enterprise Mobile App Development

Share on

Other newsletters from Informationweek.com

Related newsletters

View other categories