Microsoft Squashes Zero-Day, Actively Exploited Bugs in Dec. Update | Uber Breached, Again

Here's what you need to patch now, including six critical updates for Microsoft's final Patch Tuesday of the year. [TechWeb]( Follow Dark Reading: [RSS]( December 15, 2022 LATEST SECURITY NEWS & COMMENTARY [Microsoft Squashes Zero-Day, Actively Exploited Bugs in Dec. Update]( Here's what you need to patch now, including six critical updates for Microsoft's final Patch Tuesday of the year. [Uber Breached, Again, After Attackers Compromise Third-Party Cloud]( Threat actors leak employee email addresses, corporate reports, and IT asset information on a hacker forum after an attack on an Uber technology partner. [Microsoft-Signed Malicious Drivers Usher In EDR-Killers, Ransomware]( Malicious Windows drivers signed as legit by Microsoft have been spotted as part of a toolkit used to kill off security processes in post-exploitation cyber activity. [3 Ways Attackers Bypass Cloud Security]( At Black Hat Europe, a security researcher details the main evasion techniques attackers are currently using in the cloud. [Report: Air-Gapped Networks Vulnerable to DNS Attacks]( Common mistakes in network configuration can jeopardize the security of highly protected assets and allow attackers to steal critical data from the enterprise. [Metaparasites & the Dark Web: Scammers Turn on Their Own]( Sophos research unveiled at Black Hat Europe details a thriving subeconomy of fraud on the cybercrime underground, aimed at Dark Web forum users. [Rash of New Ransomware Variants Springs Up in the Wild]( Vohuk, ScareCrow, and AESRT add to the ransomware chaos that organizations have to contend with on a daily basis. [Amid Outrage, Rackspace Sends Users Email Touting Its Incident Response]( More than 10 days after a ransomware attack, affected Rackspace customers are being told the incident had a "limited impact," and have been invited to a webinar for additional details. [Where to Find the Best Open Source Security Technology]( A free resource, updated monthly, lists the most-popular, highly rated OSS projects. [The Cybersecurity Industry Doesn't Have a Stress Problem — It Has a Leadership Problem]( Organizations need servant leaders to step forward and make their teams' professional effectiveness and happiness a priority. [CSAF Is the Future of Vulnerability Management]( Version 2.0 of the Common Security Advisory Framework will enable organizations to automate vulnerability remediation. [Phishing in the Cloud: We're Gonna Need a Bigger Boat]( SasS security is everyone's problem. [When Companies Compensate the Hackers, We All Foot the Bill]( Ensuring stronger in-house defenses is integral to retaining customer loyalty. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Accelerating Vulnerability Identification and Remediation]( Software teams can now fix bugs faster with faster release cycles, but breach pressure is increasing. Using SBOM and automation will help better detect, prevent, and remediate security issues throughout the software development life cycle. [How Our Behavioral Bad Habits Are a Community Trait and Security Problem]( Learn to think three moves ahead of hackers so you're playing chess, not checkers. Instead of reacting to opponents' moves, be strategic, and disrupt expected patterns of vulnerability. [How Naming Can Change the Game in Software Supply Chain Security]( A reliance on CPE names currently makes accurate searching for high-risk security vulnerabilities difficult. [MORE]( EDITORS' CHOICE [Popular WAFs Subverted by JSON Bypass]( Web application firewalls from AWS, Cloudflare, F5, Imperva, and Palo Alto Networks are vulnerable to a database attack using the popular JavaScript Object Notation (JSON) format. LATEST FROM THE EDGE [Cybersecurity Drives Improvements in Business Goals]( Deloitte's Future of Cyber study highlights the fact that cybersecurity is an essential part of business success and should not be limited to just mitigating IT risks. LATEST FROM DR TECHNOLOGY [Google Launches Scanner to Uncover Open Source Vulnerabilities]( OSV-Scanner generates a list of dependencies in a project and checks the OSV database for known vulnerabilities, Google says. WEBINARS - [Network Segmentation and Microsegmentation: Keys to the Next Generation of Enterprise Defense]( Stolen credentials allow attackers to move laterally within the IT environment to steal information and cause damage - all the while looking like a legitimate user. Or a ransomware attack tries to encrypt as many systems as possible to hold ... - [Security Considerations for Working with Cloud Services Providers]( With so many workloads in the could these days, enterprises are working with one or more of the major cloud services providers. How you can be ensured that these providers are handling data securely? What is the plan if there ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( - [State of Email Security]( - [Ransomware Resilience and Response: The Next-Generation]( - [Ransomware Is On The Rise]( - [State of Ransomware Readiness: Facing the Reality Gap]( - [How Hybrid Work Fuels Ransomware Attacks]( - [Implementing Zero Trust In Your Enterprise: How to Get Started]( [View More White Papers >>]( FEATURED REPORTS - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( - [Implementing Zero Trust In Your Enterprise: How to Get Started]( - [2022 State of Network Management (a $499 Value FREE)]( We surveyed networking professionals about their networking budgets, spending priorities, and concerns. Find out how big of a role security is playing and how they plan to address it. Download the report today! [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Cybereason Warns Global Organizations Against Destructive Ransomware Attacks From Black Basta Gang]( [Epic Management Provides Notice of Data Security Incident]( [Niels Provos Joins Lacework as Head of Security Efficacy]( [Keysight Announces 400GE Network Cybersecurity Test Platform]( [Google Cloud and Palo Alto Networks Team to Protect the Modern Workforce]( [Third Annual Global CISO Report Identifies Significant Shifts in Hiring and Retaining Security Talent]( [Report: 79% of Employees Are Distracted at Work Amid a Year of Permacrisis]( [KnowBe4 Supports Metaverse Safety Week]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Creating an Effective Incident Response Plan]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)