Experts: Several CVEs From Microsoft's February Security Update Require Prompt Attention

Microsoft's release of relatively sparse vulnerability information makes it difficult for organizations to prioritize mitigation efforts, security experts say. [TechWeb]( Follow Dark Reading: [RSS]( February 10, 2022 LATEST SECURITY NEWS & COMMENTARY [Experts: Several CVEs From Microsoft's February Security Update Require Prompt Attention]( Microsoft's release of relatively sparse vulnerability information makes it difficult for organizations to prioritize mitigation efforts, security experts say. [Linux Malware on the Rise]( Ransomware, cryptojacking, and a cracked version of the penetration-testing tool Cobalt Strike have increasingly targeted Linux in multicloud infrastructure, report states. [Log4j and the Role of SBOMs in Reducing Software Security Risk]( Enterprises are spending a pittance on securing their software supply chain, which makes COTS software dangerous — vulnerabilities can be "hidden" in open source components. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Millions of Routers, IoT Devices at Risk as Malware Source Code Surfaces on GitHub]( "BotenaGo" contains exploits for more than 30 vulnerabilities in multiple vendor products and is being used to spread Mirai botnet malware, security vendor says. [Want to Be an Ethical Hacker? Here's Where to Begin]( By utilizing these resources, beginner hackers can find their specific passions within the cybersecurity space and eventually make their own mark in the ethical hacking profession. [8 Security Dinosaurs and What Filled Their Footprints]( Security technology has to evolve as new threats emerge and defenses improve. Here is a look back at the old breeds that are dying out. [MORE]( EDITORS' CHOICE [Threat Actors Revive 20-Year-Old Tactic in Microsoft 365 Phishing Attacks]( Recent attacks involving so-called "right-to-left override" spoofing aimed at Microsoft 365 users show how attackers sometimes modify and improve old methods to try and stay one step ahead of defenders. LATEST FROM THE EDGE [The 3 Most Common Causes of Data Breaches in 2021]( Phishing, smishing, and business email compromise continue to do their dirty work. LATEST FROM DR TECHNOLOGY [Putting AI to Practical Use in Cybersecurity]( Almost every cybersecurity product has an AI component. Here is where it's working in the real world. Tech Resources - [Mitigate the Risk of Ransomware Attacks Against Critical Infrastructure]( - [Endpoint Security Buyers Guide]( - [Extended Detection and Response (XDR) - Beginner's Guide]( - [Minimizing the Risk of Supply Chain Attacks: Best Practice Guidelines]( - [Sophos 2022 Threat Report]( - [EMA - Security Cloud Assets: How IT Security Pros Grade Their Own Progress]( - [Security Predictions for 2022 Insights]( [ACCESS TECH LIBRARY NOW]( - [Strategies For Securing Your Supply Chain]( Recent attacks like the zero-day Log4j vulnerability have brought new scrutiny to cyber threats from suppliers and enterprise trading partners. But what does an effective supply-chain security strategy look like? How can you ensure that customers, suppliers, contractors, and ... - [Best Practices for Extending Identity & Access Management to the Cloud]( Managing and securing user credentials was never easy, and now that they are scattered across cloud platforms, software-as-a-service tools, mobile devices, and on-premises systems, the task has become even more complex. With adversaries increasingly targeting their attention to credential theft, ... [MORE WEBINARS]( FEATURED REPORTS - [How Enterprises Are Assessing Cybersecurity Risk in Today's Environment]( - [Zero Trust in Real Life]( [MORE REPORTS]( CURRENT ISSUE [How Enterprises Are Assessing Cybersecurity Risk in Today's Environment]( [DOWNLOAD THIS ISSUE]( [SUBSCRIBE NOW]( [BACK ISSUES]( | [MUST READS]( | [TECH DIGEST]( PRODUCTS & RELEASES [Auth0 Credential Guard Detects Breached Passwords to Prevent Account Takeover]( [Qualys Launches Context XDR]( [InterVision Unveils Ransomware Protection as a Service]( [MORE PRODUCTS & RELEASES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To update your profile, change your e-mail address, or unsubscribe, [click here.]( To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:customerservice_informationhub@techweb.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:customerservice_informationhub@techweb.com)