The computing giant didn't fix ProxyNotLogon in October's Patch Tuesday, but it disclosed a rare 10-out-of-10 bug and patched two other zero-days, including one being exploited.
Follow Dark Reading:
 October 13, 2022
LATEST SECURITY NEWS & COMMENTARY
Microsoft Addresses Zero-Days, but Exchange Server Exploit Chain Remains Unpatched
The computing giant didn't fix ProxyNotLogon in October's Patch Tuesday, but it disclosed a rare 10-out-of-10 bug and patched two other zero-days, including one being exploited.
US Airports in Cyberattack Crosshairs for Pro-Russian Group Killnet
Killnet calls on other groups to launch similar attacks against US civilian infrastructure, including marine terminals and logistics facilities, weather monitoring centers, and healthcare systems.
WhatsApp Users Beware: Dangerous Mobile Trojan Being Distributed via Malicious Mod
Among other things, users who download the app could end up having their WhatsApp account details stolen.
Email Defenses Under Siege: Phishing Attacks Dramatically Improve
About 1 in 5 phishing email messages reach workers' inboxes, as attackers get better at dodging Microsoft's platform defenses and defenders run into processing limitations.
Emotet Rises Again With More Sophistication, Evasion
An analysis of the malware and its infection strategies finds nearly 21,000 minor and 139 major variations on the malware — complexity that helps it dodge analysis.
AI and Residual Finger Heat Could Be a Password Cracker's Latest Tools
New research demonstrates the use of thermal camera images of keyboards and screens in concert with AI to correctly guess computer passwords faster and more accurately.
Meta Flags Malicious Android, iOS Apps Affecting 1M Facebook Users
Some 400 mobile apps have posed as legitimate software on Google Play and the Apple App Store over the past year, and were designed to steal Facebook user credentials.
Hackers Have It Out for Microsoft Email Defenses
Cybercriminals are focusing more and more on crafting special email attacks that evade Microsoft Defender and Office security.
6 Things Every CISO Should Do the First 90 Days on the Job
A CISO's responsibilities have evolved immensely in recent years, so their first three months on the job should look a different today than they might have several years ago.
Proposed SEC Disclosure Rules Could Transform Cyber-Incident Response
It's not too early for firms to start preparing for change.
School Is in Session: 5 Lessons for Future Cybersecurity Pros
Opportunities in the field continue to grow — and show no signs of slowing down.
Thoma Bravo to Acquire ForgeRock in $2.3B Deal
This marks the third identity and access management (IAM) company acquired by Thoma Bravo in just the past few months.
KnowBe4 to Be Acquired for $4.6B by Private Equity Firm Vista
Vista Equity Partners plans take the publicly traded security-awareness training vendor private.
OT Cybersecurity Leader Paul Brager Passes Away
The IT security executive led ICS/OT, IT/OT integration, and other security programs, as well as diversity and inclusion efforts in the industry.
Patch Now: Fortinet FortiGate & FortiProxy Contain Critical Vuln
The bug is under active exploitation; Fortinet issued a customer advisory urging customers to apply its update immediately.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
7 IoT Devices That Make Security Pros Cringe
A look at everything from truly dumb smart devices to cool-looking IoT tech with huge cybersecurity and privacy implications.

Cloud Data Breaches Are Running Rampant. What Are the Common Characteristics?
Protecting against data breaches requires detailed analysis of recent attacks for remediation and prevention.

It's Time to Make Security an Innovation Enabler
How data-driven security can best safeguard your unique cloud operations.

MORE
EDITORS' CHOICE
Critical Open Source vm2 Sandbox Escape Bug Affects Millions
Attackers could exploit the "Sandbreak" security bug, which has earned a 10 out of 10 on the CVSS scale, to execute a sandbox escape, achieve RCE, and run shell commands on a hosting machine.
LATEST FROM THE EDGE

Credential Harvesting Is Retail Industry's Top Threat
Why bother with new tactics and exploits when the old tricks are still effective?
LATEST FROM DR TECHNOLOGY

Cybersecurity Will Account for Nearly One-Quarter of AI Software Market Through 2025
A boom in artificial intelligence-powered detection and remediation tools pushes security spending to the top of the AI market, according to Forrester.
WEBINARS
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
PRODUCTS & RELEASES
E-Commerce Losses to Online Payment Fraud to Exceed $48B Globally in 2023, as Fraud Incursions Evolve
Refund Fraud-as-a-Service Ads on Hacker Forums Increase by 60%
2 Out of 3 Companies See Zero Trust Network Access as Key to Mitigate Work-From-Anywhere Risks, According to New EMA Report
InterVision Announces Study Identifying Ransomware as No. 1 Threat to Business Longevity
Cybersecurity Survey of State CISOs Identifies Many Positive Trends
State Bar of Georgia Notifies Members and Employees of Cybersecurity Incident
CyberRatings.org Invites Industry Participation in Forthcoming Enterprise Firewall and Data Center Firewall Tests
Delinea Releases 'Cloud Server Privilege Management for Dummies' eBook
Research Reveals Microsoft Teams Security and Backup Flaws, With Over Half of Users Sharing Business-Critical Information on the Platform
New SonicWall Survey Data Reveals 91% of Organizations Fear Ransomware Attacks in 2022
MORE PRODUCTS & RELEASES
CURRENT ISSUE

Emerging Cyber Vulnerabilities That Every Enterprise Should Know About
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2022  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us