Microsoft Fixes 69 Bugs, but None Are Zero-Days

Click here to subscribe to Informationweek.com

Categories: Services | Professionals Business goods Financially Kantoor Marketing Retail Retail Industry Machines Age: 14 until 18 year 19 until 30 year 31 until 64 years

1 year ago

Html
Text

The June 2023 Patch Tuesday security update included fixes for a bypass for two previously addressed issues in Microsoft Exchange and a critical elevation of privilege flaw in SharePoint Server.

Follow Dark Reading:

June 14, 2023

LATEST SECURITY NEWS & COMMENTARY

Microsoft Fixes 69 Bugs, but None Are Zero-Days The June 2023 Patch Tuesday security update included fixes for a bypass for two previously addressed issues in Microsoft Exchange and a critical elevation of privilege flaw in SharePoint Server. Chinese Threat Actor Abused ESXi Zero-Day to Pilfer Files From Guest VMs Mandiant's ongoing investigation of UNC3886 has uncovered new details of threat actors' TTPs. Analysis: Social Engineering Drives BEC Losses to $50B Globally Threat actors have grown increasingly sophisticated in applying social engineering tactics against their victims, which is key to this oft-underrated cybercriminal scam's success. Popular Apparel, Clothing Brands Being Used in Massive Phishing Scam Threat actors have created over 3,000 domains, some as old as two years, to lure in customers to false, name brand websites for personal financial gain. How Security Leaders Should Approach Cybersecurity Startups Vendors and buyers both have the power to make the industry a better place. What's needed is more collaboration, mutual support, and respect. Why Critical Infrastructure Remains a Ransomware Target While protecting critical infrastructure seems daunting, here are some critical steps the industry can take now to become more cyber resilient and mitigate risks. (Sponsored Article) The Key to Zero Trust Identity Is Automation In a zero-trust world, a trusted identity is the key that unlocks access for people and devices to enter your enterprise’s key networks, systems, and resources. MORE NEWS / MORE COMMENTARY


HOT TOPICS
Supply Chain Attack Defense Demands Mature Threat Hunting Active threat hunting is the best protection against supply chain attacks like MOVEit and 3CX, experts say. DOS Attacks Dominate, but System Intrusions Cause Most Pain In the latest Verizon "Data Breach Investigations Report," denial-of-service attacks are the most common type of security incident, but when it comes to breaches, nearly four-in-ten attackers compromise systems. Doing Less With Less: Focusing on Value Always reach for defense in depth with proposed security changes. Measure and test results, focus on items of greatest impact, and get C-suite members involved to drive better outcomes. MORE

EDITORS' CHOICE

Researchers Report First Instance of Automated SaaS Ransomware Extortion The attack highlights growing interest among threat actors to target data from software-as-a-service providers. LATEST FROM DR GLOBAL
'Stealth Soldier' Attacks Target Libyan Government Entities With Surveillance Malware Surveillance malware targets Libyan government entities, with possible links to a 2019 Egypt attack campaign. LATEST FROM THE EDGE
Ways to Help Cybersecurity's Essential Workers Avoid Burnout To support and retain the people who protect assets against bad actors, organizations should create a more defensible environment. LATEST FROM DR TECHNOLOGY
2 Lenses for Examining the Safety of Open Source SoftwareImproving the security of open source repositories while keeping malicious components out requires a combination of technology and people.

WEBINARS

Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy

Threat intelligence -- collecting data about broad trends in online attacks -- helps security teams improve their defenses by identifying online exploits that have the potential to hit their organizations and to prioritize their security resources accordingly. But how should ...

The Future is CNAPP: Cloud Security From Prevention To Threat Detection

Cloud-native development introduces unique attack vectors that are challenging to identify and are evolving rapidly. Join us as we take a deeper look into common cloud attack paths in the wild and discuss strategies for how to combat them before ...

View More Dark Reading Webinars >>

WHITE PAPERS

The Ultimate Guide to the CISSP Top 5 Reasons to Prioritize Privileged Access Management A Security Leader's Guide to Leveraging MDR for Security Maturity and Development 2023 Gartner Market Guide for Cloud-Native Application Protection Platforms (CNAPP) Top Ten Tips: Securing Multi-Cloud with Modern CSPM Cybersecurity in a post pandemic world: A focus on financial services Cybersecurity in 2023 and beyond: 12 leaders share their forecasts

View More White Papers >>

FEATURED REPORTS

How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment

Concerns over API security and low-code/no-code use added to an already-full plate of application security challenges for many organizations over the last year. IT and security decision-makers are deeply concerned about compromises resulting from vulnerabilities in the software supply ...

The 10 Most Impactful Types of Vulnerabilities for Enterprises Today

The enterprise attack surface is constantly expanding. Enterprises have to think beyond zero day vulnerabilities. It's imperative security teams start looking at vulnerabilities in 5G, firmware, edge, and ICS/OT, among others. Managing system vulnerabilities is one of the old ...

Shoring Up the Software Supply Chain Across Enterprise Applications

Supply chain security attacks are growing at an alarming pace, and things are going to keep getting worse until DevSecOps teams get on the same page. A little help from the feds could also be welcome Modern-day software development depends ...

View More Dark Reading Reports >>

PRODUCTS & RELEASES

Cycode Launches CI/CD Pipeline Monitoring Solution (Cimon) to Prevent Supply Chain Attacks Use of Multifactor Authentication (MFA) Nearly Doubles Since 2020, Okta Secure Sign-in Trends Report Finds QuSecure Awarded US Army Contract for Post-Quantum Cybersecurity Solutions BioCatch Strengthens Collaboration With Microsoft Cloud for Financial Services MORE PRODUCTS & RELEASES

CURRENT ISSUE

How to Use Threat Intelligence to Mitigate Third-Party Risk
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES

Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA

To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.

Thoughts about this newsletter? Give us feedback.

Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:

If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.

We take your privacy very seriously. Please review our Privacy Statement.

Share on

Other newsletters from Informationweek.com

Faux ChatGPT, Claude API Packages Deliver JarkaStealer Informationweek.com
an hour ago
Final Chance: Urgent Invite for December 3rd Informationweek.com
2 hours ago
Deals to Feast on This Thanksgiving 🥧 Informationweek.com
2 hours ago

More newsletters from Informationweek.com

Related newsletters

View other categories

Services | Professionals Business goods Financially Kantoor Marketing Retail Retail Industry Machines

Microsoft Fixes 69 Bugs, but None Are Zero-Days

How to Use Threat Intelligence to Mitigate Third-Party Risk

Share on

Other newsletters from Informationweek.com

Related newsletters

View other categories