Fixes for more than 100 vulnerabilities affect numerous products, including Windows, Office, .Net, and Azure Active Directory, among others.
| | | LATEST SECURITY NEWS & COMMENTARY | | Microsoft Discloses 5 Zero-Days in Voluminous July Security Update Fixes for more than 100 vulnerabilities affect numerous products, including Windows, Office, .Net, and Azure Active Directory, among others. Apple's Rapid Zero-Day Patch Causes Safari Issues, Users Say Apple's emergency fix for a code-execution bug being actively exploited in the wild is reportedly buggy itself, and some indications point to the Cupertino giant halting patch rollouts. Chinese APT Cracks Microsoft Outlook Emails at 25 Government Agencies Foreign state-sponsored actors likely had access to privileged state emails for weeks, thanks to a token validation vulnerability. Hackers Exploit Policy Loophole in Windows Kernel Drivers Using open source tools, attackers target Chinese speakers with malicious drivers with expired certificates, potentially allowing for full system takeover. Amazon Prime Day Draws Out Cyber Scammers Cybercriminals lining up to score off Amazon Prime Day shoppers, who spent more than $22B in US online sales alone last year, according to estimates. Banking Firms Under Attack by Sophisticated 'Toitoin' Campaign An attack involves a multistage infection chain with custom malware hosted on Amazon EC2 that ultimately steals critical system and browser data; so far, targets have been located in Latin America. 'ScarletEel' Hackers Worm Into AWS Cloud A toolset upgrade is making ScarletEel more slippery than ever while it continues to manipulate the cloud to perform cryptojacking, DDoS, and more. Google Searches for 'USPS Package Tracking' Lead to Banking Theft Attackers are leveraging well-executed brand impersonation in a Google ads malvertising effort that collects both credit card and bank details from victims. MOVEit Transfer Faces Another Critical Data-Theft Bug Users need to patch the latest SQL injection vulnerability as soon as possible. Meanwhile, Cl0p's data extortion rampage gallops on. CISOs Find 'Business as Usual' Shows the Harsh Realities of Cyber-Risk C-suite security leaders are feeling less prepared to cope with cyberattacks and more at risk than last year. Top Takeaways From Table Talks With Fortune 100 CISOs As organizations struggle to keep up with new regulations and hiring challenges, chief information security officers share common challenges and experiences. How to Put Generative AI to Work in Your Security Operations Center Generative AI is the cybersecurity resource that never sleeps. Here are some of the ways security-focused generative AI can benefit different members of the SOC team. Ransomware, From a Different Perspective A good backup strategy can be effective at mitigating a ransomware attack, but how many organizations consider that their backup data can also be targeted? MORE NEWS / MORE COMMENTARY | | |
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
