The 49 CVEs in Microsoft's May security update is the lowest volume in nearly two years.
Follow Dark Reading:
 May 10, 2023
LATEST SECURITY NEWS & COMMENTARY
Microsoft Patches 2 Zero-Day Vulnerabilities
The 49 CVEs in Microsoft's May security update is the lowest volume in nearly two years.
FBI Disarms Russian FSB 'Snake' Malware Network
Operation "Medusa" disabled Turla's Snake malware with an FBI-created tool called Perseus.
SideWinder Strikes Victims in Pakistan, Turkey in Multiphase Polymorphic Attack
The APT is exploiting a remote template injection flaw to deliver malicious documents that lure in government officials and other targets with topics of potential interest.
Royal Ransomware Expands to Target Linux, VMware ESXi
The ransomware gang has also started using the BatLoader dropper and SEO poisoning for initial access.
Npm Packages Vulnerable to Old-School Weapon: the 'Shift' Key
For years, hackers could have tricked enterprises into downloading malware by simply de-capitalizing letters in uppercase-named npm packages.
The Problem of Old Vulnerabilities — and What to Do About It
The vulnerabilities most often exploited by ransomware attackers are already known to us.
Keep Your Company Cyber Competent Without Adding Cyber Anxiety
With the right attitude, businesses can maximize employee satisfaction and protection, without sacrificing productivity.
Justice Department Targets 13 Websites Linked to DDoS-for-Hire
Ten of the domains targeted today were "reincarnations" of services seized in December 2022.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
North Korean APT Uses Malicious Microsoft OneDrive Links to Spread New Malware
ReconShark, aimed at gaining initial access to targeted systems, is a component of previous malware used by the Kimsuky group.

Judge Spares Former Uber CISO Jail Time Over 2016 Data Breach Charges
Tell other CISOs "you got a break," judge says in handing down a three-year probation sentence to Joseph Sullivan.

Why the FTX Collapse Was an Identity Problem
Cryptocurrency has a valuable role to play in a Web3 world — but only if the public can fully trust it.

MORE
EDITORS' CHOICE
1M NextGen Patient Records Compromised in Data Breach
Company says a database was accessed by an "unknown third party" with stolen credentials.
LATEST FROM THE EDGE

Identifying Compromised Data Can Be a Logistical Nightmare
Being able to trace an incident backward from breach to data source is vital in restoring and improving cybersecurity.
LATEST FROM DR TECHNOLOGY

New Startup SquareX Targets Brower-Based Attacks
SquareX runs headless browsers in data centers on the user's behalf so that threats never reach the user's machine.
WEBINARS
  • Next-Generation Supply Chain Security

    Supply chain attacks are on the rise. Attackers are injecting malicious code into software and hardware components to create backdoors into the organization. As the Kaseya attack demonstrated, compromising a widely used product gives attackers privileged access into corporate networks. ...

  • Securing the Remote Worker: How to Monitor and Mitigate Offsite Cyberattacks

    Even as the debate over return to work rages on, it is clear the enterprise network will never be the same. Remote work is now the norm, and many organizations have shifted to digital business models. Network architectures, and the ...
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
  • How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment

    Concerns over API security and low-code/no-code use added to an already-full plate of application security challenges for many organizations over the last year. IT and security decision-makers are deeply concerned about compromises resulting from vulnerabilities in the software supply ...

  • Successfully Managing Identity in Modern Cloud and Hybrid Environments

    Cloud promised to simplify the security and management of enterprise systems. In many ways it has, but when it comes to identity management it's as complicated as ever. This report details how to get identity programs on track -- and ...

  • The Promise and Reality of Cloud Security

    Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ...
View More Dark Reading Reports >>
PRODUCTS & RELEASES
Keeper Security Announces Minority Growth Equity Investment From Summit Partners
Privoro and Samsung Partner to Provide Trusted Control Over Smartphone Radios and Sensors
ESET APT Report: Attacks by China-, North Korea-, and Iran-aligned Threat Actors; Russia Eyes Ukraine and the EU
MORE PRODUCTS & RELEASES
CURRENT ISSUE

How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2023  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us