Fixes for more than 100 vulnerabilities affect numerous products, including Windows, Office, .Net, and Azure Active Directory, among others.
Follow Dark Reading:
 July 13, 2023
LATEST SECURITY NEWS & COMMENTARY
Microsoft Discloses 5 Zero-Days in Voluminous July Security Update
Fixes for more than 100 vulnerabilities affect numerous products, including Windows, Office, .Net, and Azure Active Directory, among others.
Apple's Rapid Zero-Day Patch Causes Safari Issues, Users Say
Apple's emergency fix for a code-execution bug being actively exploited in the wild is reportedly buggy itself, and some indications point to the Cupertino giant halting patch rollouts.
Chinese APT Cracks Microsoft Outlook Emails at 25 Government Agencies
Foreign state-sponsored actors likely had access to privileged state emails for weeks, thanks to a token validation vulnerability.
Hackers Exploit Policy Loophole in Windows Kernel Drivers
Using open source tools, attackers target Chinese speakers with malicious drivers with expired certificates, potentially allowing for full system takeover.
Amazon Prime Day Draws Out Cyber Scammers
Cybercriminals lining up to score off Amazon Prime Day shoppers, who spent more than $22B in US online sales alone last year, according to estimates.
Banking Firms Under Attack by Sophisticated 'Toitoin' Campaign
An attack involves a multistage infection chain with custom malware hosted on Amazon EC2 that ultimately steals critical system and browser data; so far, targets have been located in Latin America.
'ScarletEel' Hackers Worm Into AWS Cloud
A toolset upgrade is making ScarletEel more slippery than ever while it continues to manipulate the cloud to perform cryptojacking, DDoS, and more.
Google Searches for 'USPS Package Tracking' Lead to Banking Theft
Attackers are leveraging well-executed brand impersonation in a Google ads malvertising effort that collects both credit card and bank details from victims.
MOVEit Transfer Faces Another Critical Data-Theft Bug
Users need to patch the latest SQL injection vulnerability as soon as possible. Meanwhile, Cl0p's data extortion rampage gallops on.
CISOs Find 'Business as Usual' Shows the Harsh Realities of Cyber-Risk
C-suite security leaders are feeling less prepared to cope with cyberattacks and more at risk than last year.
Top Takeaways From Table Talks With Fortune 100 CISOs
As organizations struggle to keep up with new regulations and hiring challenges, chief information security officers share common challenges and experiences.
How to Put Generative AI to Work in Your Security Operations Center
Generative AI is the cybersecurity resource that never sleeps. Here are some of the ways security-focused generative AI can benefit different members of the SOC team.
Ransomware, From a Different Perspective
A good backup strategy can be effective at mitigating a ransomware attack, but how many organizations consider that their backup data can also be targeted?
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Patchless Cisco Flaw Breaks Cloud Encryption for ACI Traffic
Vulnerable Nexus 9000 Series Fabric Switches in ACI mode should be disabled, Cisco advises.

Can Generative AI Be Trusted to Fix Your Code?
Not yet — but it can help make incremental progress in reducing vulnerability backlogs.

Zero Trust Keeps Digital Attacks From Entering the Real World
Amid IT/OT convergence, organizations must adopt an "assume breach" mindset to stop bad actors and limit their impact.

MORE
EDITORS' CHOICE
Spyware Gamed 1.5M Users of Google Play Store
Malware spoofed file management applications thanks to elevated permissions, enabling exfiltration of sensitive data with no user interaction, researchers find.
LATEST FROM DR TECHOLOGY

Microsoft Expands Entra Into Secure Service Edge
Among a handful of product announcements are two new offerings — Entra Internet Access and Entra Private Access — plus Azure AD has been renamed.
LATEST FROM THE EDGE

10 Features an API Security Service Needs to Offer
Securing APIs is specialized work. Here's what organizations should look for when selecting an outside partner.
LATEST FROM DR GLOBAL

APT35 Develops Mac Bespoke Malware
Iran-linked APT35 group crafted specific Mac malware when targeting a member of the media with new tools to add backdoors.
WEBINARS
  • Finding a Backup Strategy That Works For You

    You've been hit with a ransomware, DDoS, natural disaster, or destructive cyberattack. One of the first questions: can we get our data back? Good back-ups are key to business continuity and disaster recovery, but backing up your data in preparation ...

  • Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy

    Threat intelligence -- collecting data about broad trends in online attacks -- helps security teams improve their defenses by identifying online exploits that have the potential to hit their organizations and to prioritize their security resources accordingly. But how should ...

View More Dark Reading Webinars >>
WHITE PAPERS
FEATURED REPORTS
  • Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks

    The most profound change to enterprise security with the rise of remote work is the way endpoint security has moved from last line of defense to being on the frontline. The user's endpoint is the first device attackers encounter, making ...

  • Shoring Up the Software Supply Chain Across Enterprise Applications

    Supply chain security attacks are growing at an alarming pace, and things are going to keep getting worse until DevSecOps teams get on the same page. A little help from the feds could also be welcome Modern-day software development depends ...

  • The Promise and Reality of Cloud Security

    Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ...

View More Dark Reading Reports >>
PRODUCTS & RELEASES
CURRENT ISSUE
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.