Microsoft Has Yet to Patch 7 Pwn2Own Zero-Days

A number of serious Windows bugs still haven't made their way into criminal circles, but that won't remain the case forever — and time is running short before ZDI releases exploit details. [TechWeb]( Follow Dark Reading: [RSS]( May 20, 2024 LATEST SECURITY NEWS & COMMENTARY [Microsoft Has Yet to Patch 7 Pwn2Own Zero-Days]( A number of serious Windows bugs still haven't made their way into criminal circles, but that won't remain the case forever — and time is running short before ZDI releases exploit details. [CISO Corner: What Cyber Labor Shortage?; Trouble Meeting SEC Disclosure Deadlines]( Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: DR's podcast on the CISO & the SEC; breaking down CISA's Secure by Design Pledge; Singapore puts cloud providers on notice. [Intel Discloses Max Severity Bug in Its AI Model Compression Software]( The improper input validation issue in Intel Neural Compressor enables remote attackers to execute arbitrary code on affected systems. [CISOs and Their Companies Struggle to Comply With SEC Disclosure Rules]( Most companies still can't determine whether a breach is material within the four days mandated by the SEC, skewing incident response. [Whose Data Is It Anyway? Equitable Access in Cybersecurity]( Cybersecurity cannot be solely about defending against threats; it must also empower organizations with their data. [(Sponsored Article) AI-Generated Code: A New Link in the Software Supply Chain]( Companies must apply the lessons learned from securing the open source software supply chain to the code they're generating with AI. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Patch Now: Another Google Zero-Day Under Exploit in the Wild]( Google has rolled an emergency patch for CVE-2024-4947, the third Chrome zero-day it's addressed in the past week. [The Fall of the National Vulnerability Database]( Since its inception, three key factors have affected the NVD's ability to classify security concerns — and what we're experiencing now is the result. [Microsoft Windows DWM Zero-Day Poised for Mass Exploit]( CVE-2024-30051, under active exploit, is the most concerning out of this month's Patch Tuesday offerings, and already being abused by several QakBot actors. [MORE]( PRODUCTS & RELEASES [87% of DDoS Attacks Targeted Windows OS Devices in 2023]( [Palo Alto Networks and IBM to Jointly Provide AI-Powered Security Offerings]( [Notice of a Data Breach]( [Alkira Raises $100M in Series C Funding to Simplify, Secure and Scale Critical Network Infrastructure]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [US AI Experts Targeted in SugarGh0st RAT Campaign]( Researchers believe the attacker is likely China-affiliated, since a previous version of the malware was used by a China nation-state attack group. LATEST FROM THE EDGE [CISO as a CTO: When and Why It Makes Sense]( Enterprises are increasingly recognizing that a CISO's skills and experience building risk-based cyber programs translate well to other C-suite positions. LATEST FROM DR TECHNOLOGY [CISOs Grapple With IBM's Unexpected Cybersecurity Software Exit]( IBM's abrupt divestiture of QRadar SaaS underscores the consolidation of SIEM, XDR, and AI technologies into unified platforms. LATEST FROM DR GLOBAL [400K Linux Servers Recruited by Resurrected Ebury Botnet]( Cryptocurrency theft and financial fraud are the new M.O. of the 15-year-old malware operation that has hit organizations around the globe. WEBINARS - [Why Effective Asset Management is Critical to Enterprise Cybersecurity]( - [Securing Code in the Age of AI]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Generative AI Gifts]( - [Shining a light in the dark: observability and security, a SANS profile]( - [Shining a light in the dark: observability and security, a SANS profile]( - [Cisco Panoptica for Simplified Cloud-Native Application Security]( - [ESG E-Book: Taking a Holistic Approach to Securing Cloud-Native Application Development]( - [The Cloud Threat Landscape: Security learnings from analyzing 500+ cloud environments]( - [The Future of Cloud Security: Attack Paths & Graph-based Technology]( [View More White Papers >>]( FEATURED REPORTS - [2023 Global Threat Report]( - [Industrial Networks in the Age of Digitalization]( - [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=123585&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_05.20.24&sp_cid=53561&utm_content=DR_NL_Dark%20Reading%20Daily_05.20.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#fd If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)