| LATEST SECURITY NEWS & COMMENTARY | Microsoft Warns of Vuln That Allowed Access to Azure Infrastructure Microsoft ran a five-year-old component that allowed vulnerability researchers to punch through the isolation that normally protects cloud tenants, researchers found. Nearly 50% of On-Premises Databases Have Vulnerabilities A network compromise shouldn't mean "game over" for corporate data, but survey data shows many companies fail to protect their crown jewels. REvil Ransomware Group's Sudden Re-emergence Sparks Concerns Some had hoped the notorious Russia-based group had been pressured to quit for good after a couple of especially egregious attacks on US targets earlier this year. Microsoft Patches MSHTML Vuln Among 66 CVEs This month's Patch Tuesday release addresses a remote code execution bug under active attack and a publicly known flaw in Windows DNS. API Security Startup Neosec Launches With $20.7M Series A Neosec, founded by the security experts behind LightCyber, aims to bring principles from extended detection and response to API security. How Your Printer Is Like Swiss Cheese Follow these best practices to avoid the security holes created by these often-overlooked, but ubiquitous, devices. Magecart: How Its Attack Techniques Evolved Shape-shifting Magecart has shown itself to be highly adaptable in its ability to compromise third-party websites, especially during the pandemic. Outlining Risks to the World's Vital Cyber-Physical Systems The key to protecting these systems is not only to ensure the control environment is secure and protected but also to deploy emerging technologies such as confidential computing. In the Hybrid Future, Secure Everything Like You're Never Going Back Security practices must change to reflect the reality that remote/hybrid work is the new norm. Here are three risk mitigation measures for a remote-first world. First Initiatives for the First National Cyber Director The US appointed Chris Inglis as the first National Cyber Director (NCD). Here are three key problems he must now address. Microsoft Lets Users Fully Remove Account Passwords Users can now delete passwords from their Microsoft account and instead use Windows Hello, Microsoft Authenticator, or physical security keys to log in. Apple Patches Zero-Days in iOS 14.8 Update An important security update addresses vulnerabilities in CoreGraphics and WebKit that may have been actively exploited. MORE NEWS / MORE COMMENTARY | | |
|
Dark Reading Weekly -- Published By Dark Reading Informa Tech 303 Second St., Suite 900 South Tower, San Francisco, CA 94107 | To update your profile, change your e-mail address, or unsubscribe, click here. | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | We take your privacy very seriously. Please review our Privacy Statement. |
|
|