Attackers Already Exploiting Flaws in Microsoft's July Security Update

In all, the company released fixes for a whopping 139 CVEs in its own products and four for non-Microsoft products. [TechWeb]( Follow Dark Reading: [RSS]( July 10, 2024 LATEST SECURITY NEWS & COMMENTARY [Attackers Already Exploiting Flaws in Microsoft's July Security Update]( In all, the company released fixes for a whopping 139 CVEs in its own products and four for non-Microsoft products. [Chinese Threat Group APT40 Exploits N-Day Vulns at Rapid Pace]( The state-sponsored threat group is capable of exploiting fresh software vulnerabilities within hours of their initial discovery. [Google Targets Passkey Support to High-Risk Execs, Civil Society]( The tech giant has rolled out passkey support for account authentication within its Advanced Protection Program to complement existing compatibility with FIDO2 hardware keys. [Eldorado Ransomware Cruises Onto the Scene to Target VMware ESXi]( The ransomware-as-a-service platform just rolled off the assembly line, also targets Windows, and uses Golang for cross-platform capabilities. [Evolve Bank & Trust Reveals 7M Impacted in LockBit Breach]( Though the company reassures its users that customer funds were not accessed, the same cannot be said for customer information. [Trojanized jQuery Packages Spread via 'Complex' Supply Chain Attack]( The campaign, which distributes dozens of malicious jQuery variants across npm, GitHub, and jsDelivr, appears to be a manual effort, and lacks the typical pattern that characterizes similar, related attacks. [CISA Takedown of Ivanti Systems Is a Wake-up Call]( The exploitation of vulnerabilities in Ivanti's software underscores the need for robust cybersecurity measures and proactive response strategies to mitigate risks and protect critical assets. [(Sponsored Article) How the CISO Can Transform Into a True Cyber Hero]( Three steps that can help CISOs bring calm to incident response, redefine how they are perceived, and emerge as the hero in a cyber crisis. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS Reading Confidential: Meet the Ransomware Negotiators]( Episode 2: Incident response experts-turned-ransomware negotiators Ed Dubrovsky, COO and managing partner of CYPFER, and Joe Tarraf, chief delivery officer of Surefire Cyber, explain how they interact with cyber threat actors who hold victim organizations' systems and data for ransom. [Cyber-Insurance Prices Plummet as Market Competition Grows]( Now may be a good time to find good deals on insurance coverage for ransomware and security incidents. [Deconstructing Security Assumptions to Ensure Future Resilience]( By breaking down fundamental assumptions, we can proactively plan for, and begin to achieve, future resilience. ['CloudSorcerer' Leverages Cloud Services in Cyber-Espionage Campaign]( The newly discovered APT's main weapon is a malware tool that can change behavior depending on the process in which it is running. [MORE]( PRODUCTS & RELEASES [2024 SANS SOC Survey Reveals Critical Trends and Technologies in Cyber Defense]( [Global Quantum Computing Market Expected to Reach $7.13B By 2031 As Data Protection Needs Increase]( [Implementing Zero Trust and Mitigating Risk: ISC2 Courses to Support Your Development]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Apple Geolocation API Exposes Wi-Fi Access Points Worldwide]( Beyond the devices that use them, Wi-Fi hubs themselves can leak interesting data, thanks to some quirks in Apple's geolocation system. LATEST FROM THE EDGE [5 Tips to Minimize the Costly Effects of Data Exfiltration]( The more sensitive data an organization collects, the more at risk it is to a cyberattack. Here's how to limit the damage. LATEST FROM DR TECHNOLOGY [Cloud-Based Investigations Platform Targets Complexity in Incident Response]( Software-as-a-service company Command Zero launches with a platform for investigating cybersecurity incidents that aims to minimize the grunt work. LATEST FROM DR GLOBAL [Houthi-Aligned APT Targets Mideast Militaries With 'GuardZoo' Spyware]( Simple malware and simple TTPs play against a backdrop of complex geopolitical conflict in the Arab world. WEBINARS - [The CIOs Guide to Enhancing GRC in 2024]( When structured correctly, Governance, Risk, and Compliance (GRC) can enable enterprises to align IT and business goals, while mitigating risks and abiding by industry and government requirements. Effectively manage your resources and unify your enterprise by utilizing emerging technology that ... - [Smart Service Management]( Attend this webinar to get real-life examples of how teams are expediting response time, decreasing team drain, and increasing self-service adoption. [View More Dark Reading Webinars >>]( WHITE PAPERS - [Decode the New SEC Cybersecurity Disclosure Ruling]( - [Threat Hunting's Evolution:From On-Premises to the Cloud]( - [The Three-Point Action Plan for new CISOs]( - [Data Protection Essentials: Proactive PII Leak Prevention and Data Mapping for GDPR]( - [How Cyber Threat Intelligence Empowers the C-Suite]( - [Generative AI Gifts]( - [SecOps Checklist]( [View More White Papers >>]( FEATURED REPORTS - [2024 InformationWeek US IT Salary Report]( - [Elastic named a Leader in The Forrester Wave™: Security Analytics Platforms, Q4 2022]( - [2023 Global Threat Report]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=124444&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_07.10.24&sp_cid=54201&utm_content=DR_NL_Dark%20Reading%20Daily_07.10.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#ac If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)