Here's what you need to patch now, including six critical updates for Microsoft's final Patch Tuesday of the year.
Follow Dark Reading:
 December 15, 2022
LATEST SECURITY NEWS & COMMENTARY
Microsoft Squashes Zero-Day, Actively Exploited Bugs in Dec. Update
Here's what you need to patch now, including six critical updates for Microsoft's final Patch Tuesday of the year.
Uber Breached, Again, After Attackers Compromise Third-Party Cloud
Threat actors leak employee email addresses, corporate reports, and IT asset information on a hacker forum after an attack on an Uber technology partner.
Microsoft-Signed Malicious Drivers Usher In EDR-Killers, Ransomware
Malicious Windows drivers signed as legit by Microsoft have been spotted as part of a toolkit used to kill off security processes in post-exploitation cyber activity.
3 Ways Attackers Bypass Cloud Security
At Black Hat Europe, a security researcher details the main evasion techniques attackers are currently using in the cloud.
Report: Air-Gapped Networks Vulnerable to DNS Attacks
Common mistakes in network configuration can jeopardize the security of highly protected assets and allow attackers to steal critical data from the enterprise.
Metaparasites & the Dark Web: Scammers Turn on Their Own
Sophos research unveiled at Black Hat Europe details a thriving subeconomy of fraud on the cybercrime underground, aimed at Dark Web forum users.
Rash of New Ransomware Variants Springs Up in the Wild
Vohuk, ScareCrow, and AESRT add to the ransomware chaos that organizations have to contend with on a daily basis.
Amid Outrage, Rackspace Sends Users Email Touting Its Incident Response
More than 10 days after a ransomware attack, affected Rackspace customers are being told the incident had a "limited impact," and have been invited to a webinar for additional details.
Where to Find the Best Open Source Security Technology
A free resource, updated monthly, lists the most-popular, highly rated OSS projects.
The Cybersecurity Industry Doesn't Have a Stress Problem — It Has a Leadership Problem
Organizations need servant leaders to step forward and make their teams' professional effectiveness and happiness a priority.
CSAF Is the Future of Vulnerability Management
Version 2.0 of the Common Security Advisory Framework will enable organizations to automate vulnerability remediation.
Phishing in the Cloud: We're Gonna Need a Bigger Boat
SasS security is everyone's problem.
When Companies Compensate the Hackers, We All Foot the Bill
Ensuring stronger in-house defenses is integral to retaining customer loyalty.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Accelerating Vulnerability Identification and Remediation
Software teams can now fix bugs faster with faster release cycles, but breach pressure is increasing. Using SBOM and automation will help better detect, prevent, and remediate security issues throughout the software development life cycle.

How Our Behavioral Bad Habits Are a Community Trait and Security Problem
Learn to think three moves ahead of hackers so you're playing chess, not checkers. Instead of reacting to opponents' moves, be strategic, and disrupt expected patterns of vulnerability.

How Naming Can Change the Game in Software Supply Chain Security
A reliance on CPE names currently makes accurate searching for high-risk security vulnerabilities difficult.

MORE
EDITORS' CHOICE
Popular WAFs Subverted by JSON Bypass
Web application firewalls from AWS, Cloudflare, F5, Imperva, and Palo Alto Networks are vulnerable to a database attack using the popular JavaScript Object Notation (JSON) format.
LATEST FROM THE EDGE

Cybersecurity Drives Improvements in Business Goals
Deloitte's Future of Cyber study highlights the fact that cybersecurity is an essential part of business success and should not be limited to just mitigating IT risks.
LATEST FROM DR TECHNOLOGY

Google Launches Scanner to Uncover Open Source Vulnerabilities
OSV-Scanner generates a list of dependencies in a project and checks the OSV database for known vulnerabilities, Google says.
WEBINARS
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
PRODUCTS & RELEASES
Cybereason Warns Global Organizations Against Destructive Ransomware Attacks From Black Basta Gang
Epic Management Provides Notice of Data Security Incident
Niels Provos Joins Lacework as Head of Security Efficacy
Keysight Announces 400GE Network Cybersecurity Test Platform
Google Cloud and Palo Alto Networks Team to Protect the Modern Workforce
Third Annual Global CISO Report Identifies Significant Shifts in Hiring and Retaining Security Talent
Report: 79% of Employees Are Distracted at Work Amid a Year of Permacrisis
KnowBe4 Supports Metaverse Safety Week
MORE PRODUCTS & RELEASES
CURRENT ISSUE

Creating an Effective Incident Response Plan
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2022  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us