"Follina" vulnerability in Microsoft Support Diagnostic Tool (MSDT) affects all currently supported Windows versions and can be triggered via specially crafted Office documents.
Follow Dark Reading:
 June 02, 2022
LATEST SECURITY NEWS & COMMENTARY
New Microsoft Zero-Day Attack Underway
"Follina" vulnerability in Microsoft Support Diagnostic Tool (MSDT) affects all currently supported Windows versions and can be triggered via specially crafted Office documents.
Fighting Follina: Application Vulnerabilities and Detection Possibilities
Although organizations should perform proper risk analysis and patch as soon as practical after there's a fix for this vulnerability, defenders still have options before that's released.
FluBot Android Malware Operation Disrupted, Infrastructure Seized
Security researchers have described the malware as among the fastest-spreading mobile threats in recent years.
VMware, Airline Targeted as Ransomware Chaos Reigns
Global ransomware incidents target everything from enterprise servers to grounding an airline, with one India-based group even taking a Robin Hood approach to extortion with the "GoodWill" strain.
EnemyBot Puts Enterprises in the Crosshairs With Raft of '1-Day' Bugs
EnemyBot DDoS botnet is rapidly weaponizing security bugs disclosed in CMS systems like WordPress plug-ins, Android devices, commercial Web servers, and other enterprise applications.
Security at the Edge: Why It's Complicated
Edge technology widens the attack surface by bringing data analysis closer to where it's collected. Now is the time for public and private sector groups to establish guidelines and identify security best-practices frameworks.
The FDA's New Cybersecurity Guidance for Medical Devices Reminds Us That Safety & Security Go Hand in Hand
The new draft guidance on premarket submissions incorporates quality system regulations and doubles down on a life-cycle approach to product security.
How to Keep Your Enterprise Safe From Digital Supply Chain Attacks
Digital supply chains are more vulnerable than ever; here's what you need to do to secure them.
12K Misconfigured Elasticsearch Buckets Ravaged by Extortionists
The cloud instances were left open to the public Internet with no authentication, allowing attackers to wipe the data.
3.6M MySQL Servers Found Exposed Online
Researchers from Shadowserver recommend removing the servers from the Internet to shrink external attack surface.
Broadcom Snaps Up VMware in $61B Deal
Massive merger will put Broadcom's Symantec and VMware's Carbon Black under one roof.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Physical Security Teams' Impact Is Far-Reaching
Here's how physical security teams can integrate with the business to identify better solutions to security problems.

Microsoft Unveils Dev Box, a Workstation-as-a-Service
Microsoft Dev Box will make it easier for developers and hybrid teams to get up and running with workstations already preconfigured with required applications and tools.

6 Steps to Ensure Cyber Resilience
To minimize the impact of cyber incidents, organizations must be pragmatic and develop a strategy of resilience for dealing with break-ins, advanced malware, and data theft.

MORE
EDITORS' CHOICE

ChromeLoader Malware Hijacks Browsers With ISO Files
The malware's abuse of PowerShell makes it more dangerous, allowing for more advanced attacks such as ransomware, fileless malware, and malicious code memory injections.
LATEST FROM THE EDGE

Biometric Data Offers Added Security — But Don't Lose Sight of These Important Risks
With rising fraud, businesses are seeking authentication methods that are security- and user-friendly. But with that comes a few complications.
LATEST FROM DR TECHNOLOGY

Meet the 10 Finalists in the RSA Conference Innovation Sandbox
This year's finalists tackle such vital security concerns as permissions management, software supply chain vulnerability, and data governance. Winners will be announced June 6.
Tech Resources
ACCESS TECH LIBRARY NOW

  • Using Threat Modeling to Improve Enterprise Cyber Defenses

    As enterprises deal with multiple threats coming in different forms, security teams are shifting to a risk-based security to handle these challenges. One of the key tools is threat modeling, a process intended to help identify potential weaknesses and prioritize ...

  • Harnessing the Power of Security Automation

    With many organizations pinched for both dollars and manpower, security and IT teams are turning to a new class of technology and practices designed to automate repetitive and time-consuming tasks in security operations. How can companies truly unleash the potential ...
MORE WEBINARS
FEATURED REPORTS
MORE REPORTS
CURRENT ISSUE

6 Elements of a Solid IoT Security Strategy
DOWNLOAD THIS ISSUE SUBSCRIBE NOW
BACK ISSUES | MUST READS | TECH DIGEST
PRODUCTS & RELEASES
Netenrich Debuts Resolution Intelligence Secure Digital Operations Platform at RSA 2022
ReliaQuest to Acquire Digital Shadows
Lookout Acquires SaferPass To Address The Rising Threat Of Identity Theft
New CyberCatch Research Discovers Alarming Increase in Cyber Vulnerabilities for Small and Medium Sized Businesses in US and Canada
Zero Trust Research Reveals Nearly Half of All Security Leaders Do Not Believe They Will Be Breached Despite Increasing Attacks and Adoption of Zero Trust Strategies
MORE PRODUCTS & RELEASES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To update your profile, change your e-mail address, or unsubscribe, click here.
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2022  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us