Microsoft Zero-Day Bugs Allow Security Feature Bypass

Campaign demonstrates the DPRK-backed cyberattackers are gaining tools to avoid EDR tools. Campaign demonstrates the DPRK-backed cyberattackers are gaining tools to avoid EDR tools. [TechWeb]( Follow Dark Reading: [RSS]( March 15, 2023 LATEST SECURITY NEWS & COMMENTARY [Microsoft Zero-Day Bugs Allow Security Feature Bypass]( Security vendors urge organizations to fix the actively exploited bugs, in Microsoft Outlook and the Mark of the Web feature, immediately. [Access Control Gap in Microsoft Active Directory Widens Enterprise Attack Surface]( One researcher thinks trust is broken in AD. Microsoft disagrees that there's a security vulnerability. But enterprise IT environments should be aware of an authentication gap either way. [Emotet, QSnatch Malware Dominate Malicious DNS Traffic]( An analysis of trillions of DNS requests shows a shocking amount of malicious traffic inside enterprise networks, with threats using DNS as a sort of malicious Autobahn. [LockBit Threatens to Leak Stolen SpaceX Schematics]( The ransomware group sent a message directly to Elon Musk: Pay or the confidential SpaceX information goes up for grabs on the Dark Web. [Are We Doing Enough to Protect Our Unstructured Data?]( Organizations are coming under pressure to protect their data, but does all data need the same security? To secure it, you first need to know what and where it is. [How Businesses Can Get Ready for AI-Powered Security Threats]( Organizations need to take steps now to strengthen their cyber defenses. [Why Healthcare Boards Lag Other Industries in Preparing for Cyberattacks]( Only by working collaboratively can boards and security leaders make progress and agree about cybersecurity threats and priorities. [CISA Trials Ransomware Warning System for Critical Infrastructure Orgs]( An agency team will identify vulnerabilities being exploited by ransomware groups and alert organizations ahead of attacks, CISA says. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Brand Names in Finance, Telecom, Tech Lead Successful Phishing Lures]( AT&T, PayPal, and Microsoft top the list of domains that victims visit following a link in a phishing email, as firms fight to prevent fraud and credential harvesting. [5 Lessons Learned From Hundreds of Penetration Tests]( Developers must balance creativity with security frameworks to keep applications safe. Correlating business logic with security logic will pay in safety dividends. [ChatGPT Browser Extension Hijacks Facebook Business Accounts]( Between March 3 and March 9, at least 2,000 people a day downloaded the malicious "Quick access to ChatGPT" Chrome extension from the Google Play app store. [MORE]( EDITORS' CHOICE [SVB Meltdown: What It Means for Cybersecurity Startups' Access to Capital]( The implosion of Silicon Valley Bank will impact investors, startups, and enterprise customers as they become more cautious over the near term, security experts say. LATEST FROM THE EDGE [How Patch Tuesday Keeps the Beat After 20 Years]( Patch Tuesday turned security updates from chaotic events into a routine. Here's how we got here and where things might be heading. LATEST FROM DR TECHNOLOGY [Machine Learning Improves Prediction of Exploited Vulnerabilities]( The third iteration of the Exploit Prediction Scoring System (EPSS) performs 82% better than previous versions, giving companies a better tool for evaluating vulnerabilities and prioritizing patching. WEBINARS - [Expert Advice for Getting the Most from Security Orchestration, Automaton & Response Enterprise Tools]( Over the past few years, many enterprises have been improving cybersecurity by implementing the Security Orchestration, Automation, and Response (SOAR) framework, which provides a path to collect threat data from multiple sources and respond to some security events automatically. How ... - [How Applications Are Attacked: A Year in Application Security]( Cloudflare sees up to 61 million requests per second, meaning we have an unprecedented view into Internet trends like application attacks and API traffic, and automated bot activity. We have put that incredible visibility to use by profiling a year of ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [The Essential Guide to Secure Web Gateway]( - [Evaluator's Guide for Managed Detection and Response (MDR) Services]( - [The Relationship Between Security Maturity and Business Enablement]( - [Why Account Security Doesn't Stop at Login]( - [IT/OT Security Platform Navigator 2022]( - [Cloud Journey Adoption Stage: Securing Hybrid and Multi-cloud Environments]( - [Attack Surface Management v2.0 by Brad LaPorte]( [View More White Papers >>]( FEATURED REPORTS - [The Promise and Reality of Cloud Security]( Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ... - [10 Hot Talks From Black Hat USA 2022]( Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ... - [2022 State of Network Management (a $499 Value FREE)]( We surveyed networking professionals about their networking budgets, spending priorities, and concerns. Find out how big of a role security is playing and how they plan to address it. Download the report today! [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Camozzi Group and Radiflow Announce Collaboration on Industrial Systems Cybersecurity]( [Samsung Next Invests in Mitiga, Brings Total Funding to $45M]( [Optiv More Than Doubles Federal Presence With ClearShark Acquisition]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [The Promise and Reality of Cloud Security]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)