Microsoft Fixes Exchange Server Zero-Day | How InfoSec Should Use the Minimum Viable Secure Product Checklist

Click here to subscribe to Informationweek.com

Categories: Services | Professionals Business goods Financially Kantoor Marketing Retail Retail Industry Machines Age: 14 until 18 year 19 until 30 year 31 until 64 years

3 years ago

Html
Text

Follow Dark Reading:

November 11, 2021

LATEST SECURITY NEWS & COMMENTARY

Microsoft Fixes Exchange Server Zero-Day November security update contains patches for 55 bugs — including six zero-days across various products. How InfoSec Should Use the Minimum Viable Secure Product Checklist Google and Salesforce executives discuss the need for the newly released MVSP, how tech companies came together to work on it, and how organizations should use it. ChaosDB: Researchers Share Technical Details of Azure Flaw Wiz researchers who discovered a severe flaw in the Azure Cosmos DB database discussed the full extent of the vulnerability at Black Hat Europe. US Charges Ukrainian National for Kaseya Ransomware Attack Yaroslav Vasinskyi is one of seven individuals believed to be responsible for deploying REvil ransomware in attacks against 5,000 organizations. API Security Issues Hinder Application Delivery A new survey explains why nearly all organizations experience API security problems to varying degrees. Dark Reading Video News Desk Comes to Black Hat Europe While attendees join Black Hat Europe 2021 virtually and live in London, we bring you prerecorded interviews from remote offices around the world. Phishing Attack Blends Spoofed Amazon Order and Fraudulent Customer Service Agents It's the latest in a series of clever brand impersonation scams that use multiple vectors to lure victims. Securing the Public: Who Should Take Charge? International policy expert Marietke Schaake explores the intricacies of protecting the public as governments depend on private companies to build and secure digital infrastructure. 4 Tips to Secure the OT Cybersecurity Budget You Require OT security engineers and personnel should approach senior management with an emphasis on risk reduction benefits and with a concrete plan to secure budget and funding before it's too late. Having Trouble Finding Cybersecurity Talent? You Might Be the Problem Hiring managers must rethink old-school practices to find the right candidates and be ready to engage in meaningful conversations about their company's values. Here are three ways to start. US Offers $10M Reward For ID, Location of DarkSide Leadership The State Department offers multimillion-dollar rewards for information related to the leaders and members involved in DarkSide ransomware. US Defense Contractor Discloses Data Breach Electronic Warfare Associates says an attackers infiltrated EWA email in August, which led to the exfiltration of files with personal data. MORE NEWS / MORE COMMENTARY


HOT TOPICS
CISA Issues New Directive for Patching Known Exploited Vulnerabilities The goal is to reduce civilian federal agency exposure to attacks that threat actors are actively using in campaigns, agency says. 4 Tips on How Small to Midsize Businesses Can Combat Cyberattacks The first step in improving your cybersecurity is understanding your risk of attack. How Is Zero Trust Different From Traditional Security? Unlike traditional security approaches, the zero-trust security model verifies a user's identity each and every time they need specific system access. MORE

EDITORS' CHOICE
To Secure DevOps, Security Teams Must be Agile The evolution of agile development and infrastructure-as-code has given security teams the tools they need to gain visibility, find vulnerabilities early, and continuously evaluate infrastructure. LATEST FROM THE EDGE
Who's Minding Your Company's Crypto Decisions? Security teams must first evaluate security protocols and the reputation of the cryptocurrency payment platform before their companies can proceed to accept the alternative currency as payment. LATEST FROM DR TECHNOLOGY
3 Ways to Deal With the Trojan Source Attack These scripts and commands provide short-term fixes for blocking the Trojan Source attack that abuses Unicode to inject malicious backdoors int source code.

Tech Resources

2021 Ransomware Threat Report 2021 Cyberthreat Defense Report Cyber-Resilience Is a Must Have in the Next Normal Unit 42 & ESG Incident Response Ebook The State of Cloud Guide to Enabling a Work from Anywhere Organization How five organizations are elevating WFH into a long-term strategy

ACCESS TECH LIBRARY NOW

Protecting Enterprise Data from Malicious Insiders

It's a sad truth: not all employees are nice. Corporate espionage, sabotage and other security incidents could be committed or aided by any insider with something to gain. How do you know when a once-trustworthy employee is about to do ...

Using Machine Learning, Deep Learning and Artificial Intelligence for Cybersecurity

A new wave of machine learning, deep learning, and artificial intelligence technology promises to help IT security operations teams detect cyber threats sooner and respond to them more quickly. But machine learning/Deep Learning/AI are used in a wide ...

MORE WEBINARS

FEATURED REPORTS

10 Hot Talks From Black Hat USA 2021 The State of Malware Threats

MORE REPORTS

CURRENT ISSUE

How Data Breaches Affect the Enterprise
DOWNLOAD THIS ISSUE	SUBSCRIBE NOW
BACK ISSUES \| MUST READS \| TECH DIGEST

PRODUCTS & RELEASES

83% of Critical Infrastructure Organizations Suffered Breaches, 2021 Cybersecurity Research Reveals CISA and State and Local Partners Test Emergency Response Plans at Chevron Salt Lake Refinery SafeBreach Closes $53.5 Million Series D in New Funding to Fuel Momentum Appsian Security Announces Acquisition of Q Software, a Leader in JD Edwards Security and Compliance Arctic Wolf Security Operations Cloud Reaches Massive Scale and a Global Footprint Kaspersky Finds DDoS Attacks in Q3 Grow by 24%, Become More Sophisticated Banking Malware Threats Surging as Mobile Banking Increases – Nokia Threat Intelligence Report Coalfire Expands Application Security Vision With Major Upgrade to Application Security Platform, ThreadFix Valeo Networks Acquires On Time Tech, Accelerating National Growth Strategy MORE PRODUCTS & RELEASES

Dark Reading Weekly
-- Published By Dark Reading
Informa Tech
303 Second St., Suite 900 South Tower, San Francisco, CA 94107

To update your profile, change your e-mail address, or unsubscribe, click here.

To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.

Thoughts about this newsletter? Give us feedback.

Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:

If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.

We take your privacy very seriously. Please review our Privacy Statement.

Share on

Other newsletters from Informationweek.com

Beyond Washington, DC: The State of State-Based Data Privacy Laws Informationweek.com
15 hours ago
Faux ChatGPT, Claude API Packages Deliver JarkaStealer Informationweek.com
17 hours ago
Final Chance: Urgent Invite for December 3rd Informationweek.com
18 hours ago

More newsletters from Informationweek.com

Related newsletters

View other categories

Services | Professionals Business goods Financially Kantoor Marketing Retail Retail Industry Machines

Microsoft Fixes Exchange Server Zero-Day | How InfoSec Should Use the Minimum Viable Secure Product Checklist

How Data Breaches Affect the Enterprise

Share on

Other newsletters from Informationweek.com

Related newsletters

View other categories