Windows Mark of the Web Zero-Days Remain Patchless, Under Exploit

A pair of Microsoft bugs allow cyberattackers to bypass native Windows Internet download security, says former CERT CC researcher who discovered the flaws. [TechWeb]( Follow Dark Reading: [RSS]( October 26, 2022 LATEST SECURITY NEWS & COMMENTARY [Windows Mark of the Web Zero-Days Remain Patchless, Under Exploit]( A pair of Microsoft bugs allow cyberattackers to bypass native Windows Internet download security, says former CERT CC researcher who discovered the flaws. [Threat Groups Repurpose Banking Trojans into Backdoors]( Ursnif, a one-time banking Trojan also known as Gozi, becomes the latest codebase to be repurposed as a more general backdoor, as malware developers trend toward modularity. [Cybersecurity Risks & Stats This Spooky Season]( From ransomware to remote workers to cyber-extortion gangs to Fred in shipping who clicks on the wrong link, cybersecurity concerns can keep you awake this season and all seasons. [HR Departments Play a Key Role in Cybersecurity]( A more secure organization starts with stronger alignment between HR and the IT operation. [LinkedIn Phishing Spoof Bypasses Google Workspace Security]( A credential-stealing attack that spoofed LinkedIn and targeted a national travel organization skates past DMARC and other email protections. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [List of Common Passwords Accounts for Nearly All Cyberattacks]( Half of a million passwords from the RockYou2021 list account for 99.997% of all credential attacks against a variety of honeypots, suggesting attackers are just taking the easy road. [8 Trends Driving Cybersecurity in the Public Sector]( CISOs and security leaders in state and local governments are dealing with increasing threats like ransomware — with varying degrees of cyber maturity. [Cybersecurity's Role in Combating Midterm Election Disinformation]( A multilayered attack technique that took center stage in 2020 and has only grown more endemic. [MORE]( EDITORS' CHOICE [Atlassian Vulnerabilities Highlight Criticality of Cloud Services]( Two flaws in the popular developer cloud platform show how weaknesses in authorization functions and SaaS flaws can put cloud apps at risk. LATEST FROM THE EDGE [Equifax's Lessons Are Still Relevant, 5 Years Later]( Cybersecurity pros discuss a trio of lessons from the Equifax hack and how to prevent similar attacks in the enterprise. LATEST FROM DR TECHNOLOGY [Hardware Makers Standardize Server Chip Security With Caliptra]( The new open source specification from Open Compute Project is backed by Google, Nvidia, Microsoft, and AMD. WEBINARS - [Penetration Testing, Red Teaming, and More: Improving Your Defenses By Thinking Like an Attacker]( Enterprises are increasingly discovering that the best way to expose vulnerabilities in their defenses is to think like an attacker. Penetration testing, red teaming, threat hunting, and other offensive strategies are helping organizations quickly find the holes in their cyber ... - [Hacks That Bypass Multi-Factor Authentication and How to Make Your MFA Solution Phishing Resistant]( The average person believes using Multi-Factor Authentication (MFA) makes them significantly less likely to be hacked. That is simply not true! Hackers can bypass 90-95% of MFA solutions much easier than you would think. Using a regular looking phishing email, ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [State of Email Security]( - [Why Legacy Point Tools Are Failing in Today's Environment]( - [How Hybrid Work Fuels Ransomware Attacks]( - [BotGuard for Streaming Service Case Study]( - [BotGuard for Denial of Inventory & Stockouts]( - [BotGuard for Applications Higher Education Case Study]( - [The Threat Landscape HEATs Up with Highly Evasive Adaptive Threats]( [View More White Papers >>]( FEATURED REPORTS - [Breaches Prompt Changes to Enterprise IR Plans and Processes]( - [6 Elements of a Solid IoT Security Strategy]( - [Incorporating a Prevention Mindset into Threat Detection and Response]( [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Spyderbat Raises Series A to Deliver Runtime Security Throughout Cloud Native Software Development Environments]( [MSP Market Opportunity Report Finds Cybersecurity as Primary Growth Driver as SMBs Lack Resources to Develop Security Program In-House]( [Security Leaders are Calling for Industry to Take Action and Programmatically Improve Secure Coding Education]( [Study Finds Significant Correlation Between BitSight Analytics and Cybersecurity Incidents]( [Dealers Report Dramatic Increase in Identity Fraud: Most Lack Effective Protection]( [SealPath Data Classification Powered by Getvisibility Applies Artificial Intelligence to Improve Accuracy and Efficiency of Data Labelling and Protection]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Building the SOC of the Future]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)