Microsoft patched a record number of 147 new CVEs this month, though only three are rated "Critical." [TechWeb]( Follow Dark Reading:
[RSS](
April 11, 2024 LATEST SECURITY NEWS & COMMENTARY [Microsoft Patch Tuesday Tsunami: No Zero-Days, but an Asterisk](
Microsoft patched a record number of 147 new CVEs this month, though only three are rated "Critical."
[Round 2: Change Healthcare Targeted in Second Ransomware Attack](
RansomHub, which is speculated to have some connection to ALPHV, has stolen 4TB of sensitive data from the beleaguered healthcare company.
[XZ Utils Scare Exposes Hard Truths About Software Security](
Much of the open source code embedded in enterprise software stacks comes from small, under-resourced, volunteer-run projects.
[Home Depot Hammered by Supply Chain Data Breach](
SaaS vendor to blame for exposing employee data that was ultimately leaked on Dark Web forum, according to the home improvement retailer.
[Critical Bugs Put Hugging Face AI Platform in a 'Pickle'](
One issue would have allowed cross-tenant attacks, and another enabled access to a shared registry for container images; exploitation via an insecure Pickle file showcases emerging risks for AI-as-a-service more broadly.
[Top MITRE ATT&CK Techniques and How to Defend Against Them](
A cheat sheet for all of the most common techniques hackers use, and general principles for stopping them.
[Critical Security Flaw Exposes 1 Million WordPress Sites to SQL Injection](
A researcher received a $5,500 bug bounty for discovering a vulnerability (CVE-2024-2879) in LayerSlider, a plug-in with more than a million active installations.
[NSA Updates Zero-Trust Advice to Reduce Attack Surfaces](
Agency encourages broader use of encryption, data-loss prevention, as well as data rights management to safeguard data, networks, and users.
[Medusa Gang Strikes Again, Hits Nearly 300 Fort Worth Property Owners](
Though a municipal agency assures the public that few are affected, hundreds have their data held ransom for $100,000 by the ransomware gang.
[Attack on Consumer Electronics Manufacturer boAt Leaks Data on 7.5M Customers](
In a cyberattack more reminiscent of the 2010s, a seemingly lone hacker fleeced a major corporation for millions of open customer records.
[How CISOs Can Make Cybersecurity a Long-Term Priority for Boards](
Cybersecurity is far more than a check-the-box exercise. To create companywide buy-in, CISOs need to secure board support, up their communication game, and offer awareness-training programs to fight social engineering and help employees apply what they've learned.
[The Fight for Cybersecurity Awareness](
Investing in cybersecurity skills creates a safer digital world for everyone.
[How Nation-State DDoS Attacks Impact Us All](
Global organizations and geopolitical entities must adopt new strategies to combat the growing sophistication in attacks that parallel the complexities of our new geopolitical reality. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Why Liquid Cooling Systems Threaten Data Center Security & Our Water Supply]( We are potentially encroaching on a water supply crisis if data center operators, utilities, and the government don't implement preventative measures now.
[Frameworks, Guidelines & Bounties Alone Won't Defeat Ransomware]( We need more than "do-it-yourself" approaches to threats that clearly rise to the level of national security issues.
[White House's Call for Memory Safety Brings Challenges, Changes & Costs]( Improving security in the applications that drive the digital economy is a necessary undertaking, requiring ongoing collaboration between the public and private sectors. [MORE]( PRODUCTS & RELEASES [National Security Agency Announces Dave Luber As Director of Cybersecurity]( [Wiz Acquires Gem Security to Expand Cloud Detection and Response Offering]( [MedSec Launches Cybersecurity Program For Resource-Constrained Hospitals]( [ESET Launches a New Solution for Small Office/Home Office Businesses]( [Action1 Unveils 'School Defense' Program To Help Small Educational Institutions Thwart Cyberattacks]( [Wyden Releases Draft Legislation to End Federal Dependence on Insecure, Proprietary Software](
[MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [CISO Corner: Ivanti's Mea Culpa; World Cup Hack; CISOs & Cyber Awareness](
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: Dealing with a Ramadan cyber spike; funding Internet security; and Microsoft's Azure AI changes. LATEST FROM THE EDGE [Google Gives Gemini a Security Boost](
Google has integrated Mandiant's security offerings into its AI platform to detect, stop, and remediate cybersecurity attacks as quickly as possible. LATEST FROM DR TECHNOLOGY [Ambitious Training Initiative Taps Talents of Blind and Visually Impaired](
Novacoast's Apex Program prepares individuals with visual impairments for cybersecurity careers. LATEST FROM DR GLOBAL [Solar Spider Spins Up New Malware to Entrap Saudi Arabian Financial Firms](
An ongoing cyberattack campaign with apparent ties to China uses a new version of sophisticated JavaScript remote access Trojan JSOutProx and is now targeting banks in the Middle East. WEBINARS - [Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy](
- [Defending Against Today's Threat Landscape with MDR]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Application Security's New Mandate in a DevOps World](
- [Making Sense of Your Security Data: The 6 Hardest Problems](
- [The State of Incident Response](
- [Use the 2023 MITRE ATT&CK Evaluation Results for Turla to Inform EDR Buying Decisions](
- [Demystifying Zero Trust in OT](
- [FortiSASE Customer Success Stories - The Benefits of Single Vendor SASE](
- [Fortinet Named a Leader in the Forrester Wave: Zero Trust Edge (ZTE) Solutions]( [View More White Papers >>]( FEATURED REPORTS - [Industrial Networks in the Age of Digitalization](
- [Zero-Trust Adoption Driven by Data Protection](
- [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Weekly
-- Published By [Dark Reading](
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.](
Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com)
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=122773&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly_04.11.24&sp_cid=52968&utm_content=DR_NL_Dark%20Reading%20Weekly_04.11.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#a7
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)