Microsoft Outlook Vulnerability Could Be 2023's 'It' Bug

Snowballing PoC exploits for CVE-2023-23397 and a massive attack surface means almost business user could be a victim. [TechWeb]( Follow Dark Reading: [RSS]( March 20, 2023 LATEST SECURITY NEWS & COMMENTARY [Microsoft Outlook Vulnerability Could Be 2023's 'It' Bug]( Snowballing PoC exploits for CVE-2023-23397 and a massive attack surface mean almost business user could be a victim. [Meta Proposes Revamped Approach to Online Kill Chain Frameworks]( A more holistic model beyond MITRE et al. is needed to help defenders better identify and understand commonalities in different online threat campaigns, the Facebook parent company says. [Low-Budget 'Winter Vivern' APT Awakens After 2-Year Hibernation]( The "underreported" APT has returned to focus after attacks promoting Russian and Belarusian government interests and going after targets with humor, zest, and scrappiness. [The Ethics of Network and Security Monitoring]( The chances of getting hacked are no longer low. Companies need to rethink their data collection and monitoring strategies to protect employee privacy and corporate integrity. [Microsoft Azure Warns on Killnet's Growing DDoS Onslaught Against Healthcare]( DDoS cyberattack campaigns from the pro-Russian group have spiked significantly. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Microsoft Zero-Day Bugs Allow Security Feature Bypass]( Security vendors urge organizations to fix the actively exploited bugs, in Microsoft Outlook and the Mark of the Web feature, immediately. [Cyberattackers Continue Assault Against Fortinet Devices]( Patched earlier this month, a code-execution vulnerability is the latest FortiOS weakness to be exploited by attackers, who see the devices as well-placed targets for initial access operations. [5 Ways to Fight School Ransomware Attacks]( The challenges are steep, but school districts can fight back with planning. [MORE]( EDITORS' CHOICE [BianLian Ransomware Pivots From Encryption to Pure Data-Theft Extortion]( The ransomware group has already claimed 116 victim organizations so far on its site, and it continues to mature as a thriving cybercriminal business, researchers said. LATEST FROM THE EDGE [How CISOs Can Work With the CFO to Get the Best Security Budget]( CISOs can and should push back when they're presented with budget costs that affect the business. Here's how. LATEST FROM DR TECHNOLOGY [Technology Firms Delivering Much-Sought Encryption-in-Use]( If the approaches stand up to scrutiny, companies may soon be able to encrypt most databases in a way that allows using data without needing to decrypt to plaintext. WEBINARS - [ChatGPT: Defending Your Business Against AI-Supercharged Ransomware]( This webinar will dig into the ways criminals are projected to take advantage of ChatGPT and other AI tools to improve the reach and effectiveness of their ransomware attacks. The session will conclude with a review of a 12-step plan ... - [Building Out the Best Response Playbook for Ransomware Attacks]( When ransomware locks up your business's critical data and essential gear, there is no time to panic. The organization needs answers fast: Is the infection going to spread to other endpoints? Will the attackers publicly dump the stolen information? How ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Evaluator's Guide for Managed Detection and Response (MDR) Services]( - [The Relationship Between Security Maturity and Business Enablement]( - [Why Account Security Doesn't Stop at Login]( - [2022 State of OT Cybersecurity Report]( - [Cloud Journey Consideration Stage: 2022 Cloud Security Report]( - [The 4 Major Safety Checks Needed to Launch Your ASM Program into Orbit]( - [Forrester Total Economic Impact Report Infographic]( [View More White Papers >>]( FEATURED REPORTS - [The 10 Most Impactful Types of Vulnerabilities for Enterprises Today]( The enterprise attack surface is constantly expanding. Enterprises have to think beyond zero day vulnerabilities. It's imperative security teams start looking at vulnerabilities in 5G, firmware, edge, and ICS/OT, among others. Managing system vulnerabilities is one of the old ... - [Shoring Up the Software Supply Chain Across Enterprise Applications]( Supply chain security attacks are growing at an alarming pace, and things are going to keep getting worse until DevSecOps teams get on the same page. A little help from the feds could also be welcome Modern-day software development depends ... - [The Promise and Reality of Cloud Security]( Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Prancer Announces Integration With ChatGPT for Enhanced Security Assessments]( [Samsung Next Invests in Mitiga, Brings Total Funding to $45M]( [Forrester Study Reveals Businesses Are Insufficiently Prepared to Manage Enterprise Risks]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Shoring Up the Software Supply Chain Across Enterprise Applications]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)