Microsoft Patches 'Follina' Zero-Day Flaw in Monthly Security Update

Here are which Microsoft patches to prioritize among the June Patch Tuesday batch. [TechWeb]( Follow Dark Reading: [RSS]( June 15, 2022 LATEST SECURITY NEWS & COMMENTARY [Microsoft Patches 'Follina' Zero-Day Flaw in Monthly Security Update]( Here are which Microsoft patches to prioritize among the June Patch Tuesday batch. [Beware the 'Secret Agent' Cloud Middleware]( New open source database details the software that cloud service providers typically silently install on enterprises' virtual machines — often unbeknownst to customers. [Chinese Threat Actor Employs Fake Removable Devices as Lures in Cyber-Espionage Campaign]( "Aoqin Dragon" has been operating since at least 2013, with targets including government and telecommunications companies in multiple countries. [Google: SBOMs Effective Only if They Map to Known Vulns]( SBOMs should be connected with vulnerability databases to fulfill their promise of reducing risk, Google security team says. [In Case You Missed RSA Conference 2022: A News Digest]( Here's a rundown of Dark Reading's reporting and commentary from and surrounding the first in-person RSA Conference since the pandemic began in 2020. [Understanding and Mitigating Single Sign-on Risk]( SSO's one-to-many architecture is both a big advantage and a weakness. [How Can Security Partnerships Help to Mitigate the Increasing Cyber Threat?]( Martyn Ryder from Morphean explains why forging trusted partnerships is integral to the future of physical security in a world of networks, systems, and the cloud. [DDoS Subscription Service Operator Gets 2 Years in Prison]( The distributed denial-as-a-service websites were behind more than 200K attacks on targets including schools and hospitals. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Design Weakness Discovered in Apple M1 Kernel Protections]( The proof-of-concept attack from MIT CSAIL researchers undermines the pointer authentication feature used to defend the Apple chip's OS kernel. [Artificial Intelligence and Security: What You Should Know]( Next-generation AI products learn proactively and identify changes in the networks, users, and databases using "data drift" to adapt to specific threats as they evolve. [MORE]( EDITORS' CHOICE [CISA Recommends Organizations Update to the Latest Version of Google Chrome]( Google last week reported seven vulnerabilities in the browser, four of which it rated as high severity. LATEST FROM THE EDGE [Veterans Explain How Military Service Prepared Them for Cybersecurity Careers]( The ability to handle intense pressure is just one of the skills that veterans bring to corporate cybersecurity work. LATEST FROM DR TECHNOLOGY [Quantifying the SaaS Supply Chain and Its Risks]( Organizations do not have good visibility into all the software-as-a-service applications that connect to and access data stored in core business. WEBINARS - [Using Threat Modeling to Improve Enterprise Cyber Defenses]( As enterprises deal with multiple threats coming in different forms, security teams are shifting to a risk-based security to handle these challenges. One of the key tools is threat modeling, a process intended to help identify potential weaknesses and prioritize ... - [Vendors as Your Largest BEC Threat]( The tactics that worked for your business five years ago likely aren't still working today, and cybercrime is no different. The CEO fraud that dominated the last few years is not nearly as successful as it used to be, partially ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Sumo Logic for Continuous Intelligence]( - [Gartner, Quick Answer: How Can Organizations Use DNS to Improve Their Security Posture?]( - [5 Critical Cyber Range Exercises from the Experts]( - [What is a data vault? Why do you need it?]( - [Considerations for Evaluating Endpoint Detection and Response Solutions]( - [Endpoint Detection Net Suite Use Cases]( - [Ambush Attackers at the Endpoint with the Endpoint Detection Net (EDN) Suite]( [View More White Papers >>]( FEATURED REPORTS - [Incorporating a Prevention Mindset into Threat Detection and Response]( - [Practical Network Security Approaches for a Multicloud, Hybrid IT World]( The report covers areas enterprises should focus on for their multicloud/hybrid cloud security strategy: -increase visibility over the environment -learning cloud-specific skills -relying on established security frameworks -re-architecting the network - [Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal]( With attacks and breaches on the rise, enterprise security teams need full visibility over what they have in their network. DNS is a key tool for visibility and asset discovery. Proactive DNS-layer security - such as using DNS data to ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Incognia Introduces Location-Based Liveness Spoofing Detection Solution]( [Optiv MXDR Enhances Detection Coverage With Expanded Cloud Integration]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Improving Enterprise Cybersecurity With XDR]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)