Critical MSMQ RCE Bug Opens Microsoft Servers to Complete Takeover

CVE-2024-30080 is the only critical issue in Microsoft's June 2024 Patch Tuesday update, but many others require prompt attention as well. [TechWeb]( Follow Dark Reading: [RSS]( June 12, 2024 LATEST SECURITY NEWS & COMMENTARY [Critical MSMQ RCE Bug Opens Microsoft Servers to Complete Takeover]( CVE-2024-30080 is the only critical issue in Microsoft's June 2024 Patch Tuesday update, but many others require prompt attention as well. [WarmCookie Gives Cyberattackers Tasty New Backdoor for Initial Access]( The fresh-baked malware is being widely distributed, but still specifically targets individuals with tailored lures. It's poised to evolve into a bigger threat, researchers warn. [RansomHub Brings Scattered Spider Into Its RaaS Fold]( The threat group behind breaches at Caesars and MGM moves its business over to a different ransomware-as-a-service operation. [The CEO Is Next]( If CEOs want to avoid being the target of government enforcement actions, they need to take a personal interest in ensuring that their corporation invests in cybersecurity. [Canada & UK Partner in Joint 23andMe Data Breach Investigation]( The two jurisdictions will work together to investigate the credential-stuffing attack that put the personal data of millions at risk. [Blood Shortages Hit London Hospitals After Ransomware Attack]( Operations at Synnovis medical labs have been disrupted for more than a week, prompting the NHS to implore the public to donate blood. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Microsoft Modifies 'Recall' AI Feature Amid Privacy, Security Failings]( In response to recent public outcry, Recall is getting new security accouterments. Will that be enough to quell concerns? [Understanding Security's New Blind Spot: Shadow Engineering]( In the rush to digital transformation, many organizations are exposed to security risks associated with citizen developer applications without even knowing it. [Is a US Nationwide Privacy Law Really Coming?]( If passed, APRA will be a giant leap forward for the rights and freedoms of Americans. [Snowflake Cloud Accounts Felled by Rampant Credential Issues]( A threat actor has accessed data belonging to at least 165 organizations using valid credentials to their Snowflake accounts, thanks to no MFA and poor password hygiene. [CISO Corner: Red Sox CloudSec; Deepfake Biz Risk; Ticketmaster Takeaways]( Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: Proactive playbooks, a US-Kenya partnership, and the trouble with shadow engineering. [MORE]( PRODUCTS & RELEASES [Checkmarx Application Security Posture Management and Cloud Insights Offer Enterprises Code-to-Cloud Visibility]( [Darktrace Launches Managed Detection & Response Service to Bolster Security Operations]( [DNSFilter Welcomes Cisco Veteran TK Keanini As CTO]( [Backslash Unveils Enterprise-Grade Capabilities to its Reachability-Based AppSec Platform]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [New York Times Internal Data Nabbed From GitHub]( The tranche of data, lifted from underprotected GitHub repositories, reportedly includes source code, though the country's paper of record has not yet confirmed the nature of the data accessed. LATEST FROM THE EDGE [Process to Verify Software Was Built Securely Begins Today]( The US government launched a self-attestation form asking software developers to affirm their software was developed securely. Compliance starts today for software used in critical infrastructure. LATEST FROM DR TECHNOLOGY [Fortinet Plans to Acquire Lacework]( Lacework has been looking for a buyer for some time, and this deal gives Fortinet a boost in the cloud security space. LATEST FROM DR GLOBAL [Forced-Labor Camps Fuel Billions of Dollars in Cyber Scams]( Greater collaboration between financial and law enforcement officials is needed to dismantle cybercrime scam centers in Cambodia, Laos, and Myanmar, which rake in tens of billions of dollars annually — and affect victims worldwide. WEBINARS - [Empowering Developers, Automating Security: The Future of AppSec]( - [Preventing Attackers From Wandering Through Your Enterprise Infrastructure]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [The Forrester Wave™: External Threat Intelligence Service Providers, Q3 2023]( - [Google Threat Intelligence]( - [2024 InformationWeek US IT Salary Report]( - [Leveling Up Cyber-Threat Intelligence Maturity for More Value and Better Insights]( - [SecOps Checklist]( - [Purple AI Datasheet]( - [2023 Global Threat Report]( [View More White Papers >>]( FEATURED REPORTS - [2024 InformationWeek US IT Salary Report]( - [2023 Global Threat Report]( - [Zero-Trust Adoption Driven by Data Protection]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=124015&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_06.12.24&sp_cid=53925&utm_content=DR_NL_Dark%20Reading%20Daily_06.12.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#60 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)