New Microsoft Zero-Day Attack Underway

"Follina" vulnerability in Microsoft Support Diagnostic Tool (MSDT) affects all currently supported Windows versions and can be triggered via specially crafted Office documents. [TechWeb]( Follow Dark Reading: [RSS]( June 01, 2022 LATEST SECURITY NEWS & COMMENTARY [New Microsoft Zero-Day Attack Underway]( "Follina" vulnerability in Microsoft Support Diagnostic Tool (MSDT) affects all currently supported Windows versions and can be triggered via specially crafted Office documents. [How to Keep Your Enterprise Safe From Digital Supply Chain Attacks]( Digital supply chains are more vulnerable than ever; here's what you need to do to secure them. [3.6M MySQL Servers Found Exposed Online]( Researchers from Shadowserver recommend removing the servers from the Internet to shrink external attack surface. [Fewer DDoS Attacks in 2021, Still Above Pre-Pandemic Levels]( New research finds a rise in TCP acknowledgement (ACK) DDoS attacks, which rely on a smaller amount of traffic to disrupt targets. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Critical OAS Bugs Open Industrial Systems to Takeover]( The most serious flaw gives attackers a way to remotely execute code on systems that many organizations use to move data in critical ICS environments, security vendor says. [Zero-Click Zoom Bug Allows Code Execution Just by Sending a Message]( Google has disclosed a nasty set of six bugs affecting Zoom chat that can be chained together for MitM and RCE attacks, no user interaction required. [6 Steps to Ensure Cyber Resilience]( To minimize the impact of cyber incidents, organizations must be pragmatic and develop a strategy of resilience for dealing with break-ins, advanced malware, and data theft. [MORE]( EDITORS' CHOICE [ChromeLoader Malware Hijacks Browsers With ISO Files]( The malware's abuse of PowerShell makes it more dangerous, allowing for more advanced attacks such as ransomware, fileless malware, and malicious code memory injections. LATEST FROM THE EDGE [Biometric Data Offers Added Security — But Don't Lose Sight of These Important Risks]( With rising fraud, businesses are seeking authentication methods that are security- and user-friendly. But with that comes a few complications. LATEST FROM DR TECHNOLOGY [DBIR Makes a Case for Passwordless]( Verizon's "2022 Data Breach Investigations Report" repeatedly makes the point that criminals are stealing credentials to carry out their attacks. Tech Resources - [Incorporating a Prevention Mindset into Threat Detection and Response]( - [Gartner, Quick Answer: How Can Organizations Use DNS to Improve Their Security Posture?]( - [Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal]( - [The Case for Cyber Risk Management Platforms]( - [Five Cardinal Sins of Data Security and Privacy]( - [Five Keys to a Secure Work-From-Anywhere Solution]( - [Protecting Medical Device IP From Cybersecurity Threats]( [ACCESS TECH LIBRARY NOW]( - [Vendors as Your Largest BEC Threat]( The tactics that worked for your business five years ago likely aren't still working today, and cybercrime is no different. The CEO fraud that dominated the last few years is not nearly as successful as it used to be, partially ... - [Implementing Zero Trust in Your Enterprise]( Attackers have shown time and again that perimeter security is no longer enough to keep them out. The concept of internal users and outsiders doesn't work in network defense when attackers use credential theft and lateral movement to pretend they ... [MORE WEBINARS]( FEATURED REPORTS - [Practical Network Security Approaches for a Multicloud, Hybrid IT World]( The report covers areas enterprises should focus on for their multicloud/hybrid cloud security strategy: -increase visibility over the environment -learning cloud-specific skills -relying on established security frameworks -re-architecting the network - [State of the Cloud: A Security Perspective]( Cloud computing has evolved over the years from a nice-to-have item on the IT wish list to a core technology driving business initiatives. But despite widespread adoption, cloud-based IT systems continue to be saddled with issues related to data security, ... [MORE REPORTS]( CURRENT ISSUE [Incorporating a Prevention Mindset into Threat Detection and Response]( [DOWNLOAD THIS ISSUE]( [SUBSCRIBE NOW]( [BACK ISSUES]( | [MUST READS]( | [TECH DIGEST]( PRODUCTS & RELEASES [Surefire Cyber Launches to Help Cyber Insurance Ecosystem from Response to Resilience, with $10 Million in Funding by Forgepoint Capital]( [New CyberCatch Research Discovers Alarming Increase in Cyber Vulnerabilities for Small and Medium Sized Businesses in US and Canada]( [Forescout Launches Forescout Frontline to Help Organizations Tackle Ransomware and Real Time Threats]( [MORE PRODUCTS & RELEASES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To update your profile, change your e-mail address, or unsubscribe, [click here.]( To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:customerservice_informationhub@techweb.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:customerservice_informationhub@techweb.com)