Dark Reading Weekly -- June 15, 2023

XSS Vulnerabilities Found in Microsoft Azure Cloud Services

Microsoft quickly issued patches for the two security issues, which could allow unauthorized access to cloud sessions.

Microsoft Fixes 69 Bugs, but None Are Zero-Days

The June 2023 Patch Tuesday security update included fixes for a bypass for two previously addressed issues in Microsoft Exchange and a critical elevation of privilege flaw in SharePoint Server.

Cl0P Gang Sat on Exploit for MOVEit Flaw for Nearly 2 Years

Over that time, the group carried multiple tests to see if the exploit worked and to identify potential victims. It was like "turning the doorknob" to check for access, a researcher says.

Brand-New Security Bugs Affect All MOVEit Transfer Versions

Progress has issued a second patch for additional SQL flaws that are distinct from the zero-day that the Cl0p ransomware gang is exploiting.

Russian APT 'Cadet Blizzard' Behind Ukraine Wiper Attacks

Microsoft says Cadet Blizzard wielded a custom wiper malware in the weeks leading up to Russia's invasion of Ukraine, and it remains capable of wanton destruction.

Analysis: Social Engineering Drives BEC Losses to $50B Globally

Threat actors have grown increasingly sophisticated in applying social engineering tactics against their victims, which is key to this oft-underrated cybercriminal scam's success.

Chinese Threat Actor Abused ESXi Zero-Day to Pilfer Files From Guest VMs

Mandiant's ongoing investigation of UNC3886 has uncovered new details of threat actors' TTPs.

Researchers Report First Instance of Automated SaaS Ransomware Extortion

The attack highlights growing interest among threat actors to target data from software-as-a-service providers.

It's time to include messaging tool security in your cloud security program. Good first steps include tightening filter parameters on Slack and Teams.

Why Critical Infrastructure Remains a Ransomware Target

While protecting critical infrastructure seems daunting, here are some critical steps the industry can take now to become more cyber resilient and mitigate risks.

5 Tips for Modernizing Your Security Operations Center Strategy

A solid, dependable SOC strategy that is scalable in the face of various security threats is essential to reduce cybersecurity risks to your business.

Doing Less With Less: Focusing on Value

Always reach for defense in depth with proposed security changes. Measure and test results, focus on items of greatest impact, and get C-suite members involved to drive better outcomes.

The Growing Cyber Threats of Generative AI: Who's Accountable?

In the wrong hands, malicious actors can use chatbots to unleash sophisticated cyberattacks that could have devastating consequences.

Cybercrooks Scrape OpenAI API Keys to Pirate GPT-4

With more than 50,000 publicly leaked OpenAI keys on GitHub alone, OpenAI developer accounts are the third-most exposed in the world.

LATEST FROM THE EDGE

3 Elite Communication Skills to Help Security Pros Get Projects Funded

It's not enough to know how to better protect the enterprise — you have to be able to convince decision-makers that your plans are necessary.

LATEST FROM DR TECHNOLOGY

Passkeys See Fresh Momentum With New Pilot Programs

Apple adds API that will enable sharing of passkeys across platforms, and Google offers passkey authentication in beta for Google Workspace and Google Cloud.

LATEST FROM DR GLOBAL

'Stealth Soldier' Attacks Target Libyan Government Entities With Surveillance Malware

Surveillance malware targets Libyan government entities, with possible links to a 2019 Egypt attack campaign.

How to Use Threat Intelligence to Mitigate Third-Party Risk