In Microsoft's lightest Patch Tuesday update of the year so far, several security vulnerabilities stand out as must-patch, researchers warn.
Follow Dark Reading:
 September 14, 2022
LATEST SECURITY NEWS & COMMENTARY
Microsoft Quashes Actively Exploited Zero-Day, Wormable Critical Bugs
In Microsoft's lightest Patch Tuesday update of the year so far, several security vulnerabilities stand out as must-patch, researchers warn.
ShadowPad Threat Actors Return With Fresh Government Strikes, Updated Tools
Cyber spies are using legitimate apps for DLL sideloading, deploying an updated range of malware, including the new "Logdatter" info-stealer.
Cyberattackers Abuse Facebook Ad Manager in Savvy Credential-Harvesting Campaign
Facebook lead-generation forms are being repurposed to collect passwords and credit card information from unsuspecting Facebook advertisers.
Lorenz Ransomware Goes After SMBs via Mitel VoIP Phone Systems
The ransomware gang has been seen exploiting a Mitel RCE flaw discovered in VoIP devices in April (and patched in July) to perform double-extortion attacks.
U-Haul Customer Contract Search Tool Compromised
Password compromise led to unauthorized access to a customer contract search tool over a five-month window, according to the company.
Business Security Starts With Identity
How identity-centric security can support business objectives.
Name That Toon: Shiver Me Timbers!
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Vulnerability Exploits, Not Phishing, Are the Top Cyberattack Vector for Initial Compromise
A slew of Microsoft Exchange vulnerabilities (including ProxyLogon) fueled a surge in attacks targeting software flaws in 2021, but the trend has continued this year.

Attackers Exploit Zero-Day WordPress Plug-in Vulnerability in BackupBuddy
The critical flaw in BackupBuddy is one of thousands of security issues reported in recent years in products that WordPress sites use to extend functionality.

Security Awareness Training Must Evolve to Align With Growing E-Commerce Security Threats
Users must continually be made aware of new threats, including attacks targeting shipping, the supply chain, email, and hybrid workers.

MORE
EDITORS' CHOICE
Attackers Can Compromise Most Cloud Data in Just 3 Steps
An analysis of cloud services finds that known vulnerabilities typically open the door for attackers, while insecure cloud architectures allow them to gain access to the crown jewels.
LATEST FROM THE EDGE

Key Takeaways From the Twitter Whistleblower's Testimony
Twitter did not know what data it had nor who had access to it, Peiter "Mudge" Zatko told Congressional lawmakers during a Senate panel hearing.
LATEST FROM DR TECHNOLOGY

Bishop Fox Releases Cloud Enumeration Tool CloudFox
CloudFox is a command-line tool to help penetration testers understand unknown cloud environments.
WEBINARS
  • Understanding Cyber Attackers & Their Methods

    Every day, your enterprise is at risk of being hacked. But just who are the cyber attackers, and what are their motivations? What methods might they use to crack enterprise data, and how do they stage their attacks? Do you ...

  • Emerging Cyber Vulnerabilities That Every Enterprise Should Know About

    Every day, black hat attackers and white hat researchers are discovering new security vulnerabilities in widely-used systems and applications that might be exploited to compromise your data. Are you aware of the newest-and potentially most impactful-vulnerabilities that have been discovered/...
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
PRODUCTS & RELEASES
Opus Security Emerges from Stealth with $10M in Funding for Cloud SecOps and Remediation Processes
Arcserve Independent Global Study Finds Businesses Still Losing Mission-Critical Company Data
Gartner Survey Shows 75% of Organizations Are Pursuing Security Vendor Consolidation in 2022
MORE PRODUCTS & RELEASES
CURRENT ISSUE

Ransomware Resilience and Response: The Next-Generation
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2022   |   Informa Tech  |   Privacy Statement   |   Terms & Conditions  |  Contact Us