Attackers Exploiting Flaws in Microsoft's July Security Update | 10B Passwords Pop Up on Dark Web 'RockYou2024' Release

In all, the company released fixes for a whopping 139 CVEs in its own products and four for non-Microsoft products. [TechWeb]( Follow Dark Reading: [RSS]( July 11, 2024 LATEST SECURITY NEWS & COMMENTARY [Attackers Already Exploiting Flaws in Microsoft's July Security Update]( In all, the company released fixes for a whopping 139 CVEs in its own products and four for non-Microsoft products. [10B Passwords Pop Up on Dark Web 'RockYou2024' Release]( The passwords, dumped on a cyber-underground forum on July 4 by a hacker called "ObamaCare," were collected from a variety of older and more recent breaches. [Attackers Have Been Leveraging Microsoft Zero-Day for 18 Months]( Likely two separate threat actors are using the just-patched CVE-2024-38112 in targeted, concurrent infostealer campaigns. [A CISO's Guide to Avoiding Jail After a Breach]( Yahoo, Uber, SolarWinds — increasingly, the government is incentivizing better corporate security by punishing the individuals leading it. Is that a good idea? And how can security pros avoid ending up on the butt end of a lawsuit? [Apple Geolocation API Exposes Wi-Fi Access Points Worldwide]( Beyond the devices that use them, Wi-Fi hubs themselves can leak interesting data, thanks to some quirks in Apple's geolocation system. [Euro Vishing Fraudsters Add Physical Intimidation to Arsenal]( The persistent threat of social engineering tactics sees cybercriminals blending technology with human manipulation to exploit individuals. [Attackers Have Been Leveraging Microsoft Zero-Day for 18 Months]( Likely two separate threat actors are using the just-patched CVE-2024-38112 in targeted, concurrent infostealer campaigns. [Evolve Bank & Trust Reveals 7M Impacted in LockBit Breach]( Though the company reassures its users that customer funds were not accessed, the same cannot be said for customer information. [Cyber-Insurance Prices Plummet as Market Competition Grows]( Now may be a good time to find good deals on insurance coverage for ransomware and security incidents. [Are SOC 2 Reports Sufficient for Vendor Risk Management?]( SOC 2 reports are a valuable tool for evaluating vendor security, but they shouldn't be the only piece of the puzzle. [Microsoft's Partnership With Middle East AI Firm Under Scrutiny]( The US government worries that Group 42 Holdings, an AI firm based in the United Arab Emirates, could become a backdoor for technology leaks to China. [Identity Orchestration Is Gaining Traction]( Identity orchestration products are increasingly projected to be introduced to the market in the next couple of years. Market trends and benefits of identity orchestration are explored. [CISA Takedown of Ivanti Systems Is a Wake-up Call]( The exploitation of vulnerabilities in Ivanti's software underscores the need for robust cybersecurity measures and proactive response strategies to mitigate risks and protect critical assets. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Deconstructing Security Assumptions to Ensure Future Resilience]( By breaking down fundamental assumptions, we can proactively plan for, and begin to achieve, future resilience. [Privacy & Security Concerns With AI Meeting Tools]( Businesses need to find a balance between harnessing the benefits of AI assistants and safeguarding sensitive information — maintaining trust with employees and clients. [MORE]( PRODUCTS & RELEASES [Gen Launches Scam Artists to Highlight Emotional Toll of Cybercrime Through Creative Artwork]( [Saviynt Expands Capabilities With EY Alliance, Elevating Approach to External User Management With its Identity Cloud]( [Global Quantum Computing Market Expected to Reach $7.13B By 2031 As Data Protection Needs Increase]( [2024 SANS SOC Survey Reveals Critical Trends and Technologies in Cyber Defense]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE Reading Confidential: Meet the Ransomware Negotiators]( Episode 2: Incident response experts-turned-ransomware negotiators Ed Dubrovsky, COO and managing partner of CYPFER, and Joe Tarraf, chief delivery officer of Surefire Cyber, explain how they interact with cyber threat actors who hold victim organizations' systems and data for ransom. LATEST FROM THE EDGE [Name That Edge Toon: Cyber Cloudburst]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. LATEST FROM DR TECHNOLOGY [Cloud-Based Investigations Platform Targets Complexity in Incident Response]( Software-as-a-service company Command Zero launches with a platform for investigating cybersecurity incidents that aims to minimize the grunt work. LATEST FROM DR GLOBAL [Houthi-Aligned APT Targets Mideast Militaries With 'GuardZoo' Spyware]( Simple malware and simple TTPs play against a backdrop of complex geopolitical conflict in the Arab world. WEBINARS - [Enhance Cloud Security with Cloud-Native Security]( In this webinar, learn how your current cloud security measures may be falling short as you shift to cloud-native, and what new tools and processes you will need to put in place to stay ahead of attackers. - [The CIOs Guide to Enhancing GRC in 2024]( When structured correctly, Governance, Risk, and Compliance (GRC) can enable enterprises to align IT and business goals, while mitigating risks and abiding by industry and government requirements. Effectively manage your resources and unify your enterprise by utilizing emerging technology that ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [The Future of Audit, Risk, and Compliance: Exploring AI's Transformative Impact, Use Cases, and Risks]( - [The Three-Point Action Plan for new CISOs]( - [Continuous Asset Discovery Do and Don'ts]( - [The Forrester Wave™: External Threat Intelligence Service Providers, Q3 2023]( - [Google Cloud Threat Horizons Report, H1 2024]( - [2024 InformationWeek US IT Salary Report]( - [Generative AI Gifts]( [View More White Papers >>]( FEATURED REPORTS - [2024 InformationWeek US IT Salary Report]( - [2023 Global Threat Report]( - [EMA: AI at your fingertips: How Elastic AI Assistant simplifies cybersecurity]( [View More Dark Reading Reports >>]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=124503&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly_07.11.24&sp_cid=54247&utm_content=DR_NL_Dark%20Reading%20Weekly_07.11.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#33 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)