The computing giant didn't fix ProxyNotLogon in October's Patch Tuesday, but it disclosed a rare 10-out-of-10 bug and patched two other zero-days, including one being exploited.
| | | LATEST SECURITY NEWS & COMMENTARY | | Microsoft Addresses Zero-Days, but Exchange Server Exploit Chain Remains Unpatched The computing giant didn't fix ProxyNotLogon in October's Patch Tuesday, but it disclosed a rare 10-out-of-10 bug and patched two other zero-days, including one being exploited. US Airports in Cyberattack Crosshairs for Pro-Russian Group Killnet Killnet calls on other groups to launch similar attacks against US civilian infrastructure, including marine terminals and logistics facilities, weather monitoring centers, and healthcare systems. WhatsApp Users Beware: Dangerous Mobile Trojan Being Distributed via Malicious Mod Among other things, users who download the app could end up having their WhatsApp account details stolen. Email Defenses Under Siege: Phishing Attacks Dramatically Improve About 1 in 5 phishing email messages reach workers' inboxes, as attackers get better at dodging Microsoft's platform defenses and defenders run into processing limitations. Emotet Rises Again With More Sophistication, Evasion An analysis of the malware and its infection strategies finds nearly 21,000 minor and 139 major variations on the malware — complexity that helps it dodge analysis. AI and Residual Finger Heat Could Be a Password Cracker's Latest Tools New research demonstrates the use of thermal camera images of keyboards and screens in concert with AI to correctly guess computer passwords faster and more accurately. Meta Flags Malicious Android, iOS Apps Affecting 1M Facebook Users Some 400 mobile apps have posed as legitimate software on Google Play and the Apple App Store over the past year, and were designed to steal Facebook user credentials. Hackers Have It Out for Microsoft Email Defenses Cybercriminals are focusing more and more on crafting special email attacks that evade Microsoft Defender and Office security. 6 Things Every CISO Should Do the First 90 Days on the Job A CISO's responsibilities have evolved immensely in recent years, so their first three months on the job should look a different today than they might have several years ago. Proposed SEC Disclosure Rules Could Transform Cyber-Incident Response It's not too early for firms to start preparing for change. School Is in Session: 5 Lessons for Future Cybersecurity Pros Opportunities in the field continue to grow — and show no signs of slowing down. Thoma Bravo to Acquire ForgeRock in $2.3B Deal This marks the third identity and access management (IAM) company acquired by Thoma Bravo in just the past few months. KnowBe4 to Be Acquired for $4.6B by Private Equity Firm Vista Vista Equity Partners plans take the publicly traded security-awareness training vendor private. OT Cybersecurity Leader Paul Brager Passes Away The IT security executive led ICS/OT, IT/OT integration, and other security programs, as well as diversity and inclusion efforts in the industry. Patch Now: Fortinet FortiGate & FortiProxy Contain Critical Vuln The bug is under active exploitation; Fortinet issued a customer advisory urging customers to apply its update immediately. MORE NEWS / MORE COMMENTARY | | |
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
