Microsoft Patches 97 CVEs, Including Zero-Day & Wormable Bugs

The April 2023 Patch Tuesday security update also included a reissue of a fix for a 10-year-old bug that a threat actor recently exploited in the supply chain attack on 3CX. [TechWeb]( Follow Dark Reading: [RSS]( April 12, 2023 LATEST SECURITY NEWS & COMMENTARY [Microsoft Patches 97 CVEs, Including Zero-Day & Wormable Bugs]( The April 2023 Patch Tuesday security update also included a reissue of a fix for a 10-year-old bug that a threat actor recently exploited in the supply chain attack on 3CX. ['Blatantly Obvious': Spyware Offered to Cyberattackers via PyPI Python Repository]( Malware-as-a-service hackers from Spain decided to use a public code repository to openly advertise their wares. [Attackers Hide RedLine Stealer Behind ChatGPT, Google Bard Facebook Ads]( The campaign shrouds the commodity infostealer in OpenAI files in a play that aims to take advantage of the growing public interest in AI-based chatbots. [Microsoft Azure Shared Key Misconfiguration Could Lead to RCE]( Azure admins are urged to disable shared key access and implement Azure Active Directory authentication. [Israeli Irrigation Water Controllers & Postal Service Breached]( Israel's National Cyber Defense is warning of increased cyberattacks by anti-Israel groups during the month of Ramadan. [Samsung Engineers Feed Sensitive Data to ChatGPT, Sparking Workplace AI Warnings]( In three separate incidents, engineers at the Korean electronics giant reportedly shared sensitive corporate data with the AI-powered chatbot. [How Password Managers Can Get Hacked]( Password managers aren't foolproof, but they do help mitigate risks from weak credentials and password reuse. Following best practices can contribute to a company's defenses. [Where Are the Women? Making Cybersecurity More Inclusive]( Stepped-up recruiting efforts along with better work-life balance policies and mentoring and recruitment programs will help balance the scales. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Pair of Apple Zero-Days Under Active Exploit; Patch & Update Accordingly]( Unpatched Macs, iPhones, and iPads open to browser takeover and system kernel-level malicious code execution, Apple warns. [Rethinking Cybersecurity's Structure & the Role of the Modern CISO]( A CISO with a focused role will be better prepared to thrive in an organization and accelerate adoption and understanding of cybersecurity. [Apps for Sale: Cybercriminals Sell Android Hacks for Up to $20K a Pop]( The marketplace for malicious Google Play applications and app-takeover tools is thriving, thanks to novel hacking techniques and lax enterprise security. [MORE]( EDITORS' CHOICE [7 Things Your Ransomware Response Playbook Is Likely Missing]( Incident response experts share their secrets for success when it comes to creating a professional-grade ransomware response playbook. Are you ready for the worst? LATEST FROM THE EDGE [Name That Edge Toon: Tower of Babble]( Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card. LATEST FROM DR TECHNOLOGY [CrowdStrike Expands Falcon to Include IoT]( CrowdStrike Falcon Insight for IoT covers Internet of Things, Industrial IoT, Operations Technology, as well as medical devices. WEBINARS - [What's "CNAPP-ening"? Bring Your Cloud Security into Focus!]( What's CNAPP-ening is your organization is churning out code every day to make your business more money, but traditional security approaches fail to provide adequate controls for cloud-native applications. Modernize your perspective by embracing an application-centric view of security in ... - [Expert Advice for Getting the Most from Security Orchestration, Automaton & Response Enterprise Tools]( Over the past few years, many enterprises have been improving cybersecurity by implementing the Security Orchestration, Automation, and Response (SOAR) framework, which provides a path to collect threat data from multiple sources and respond to some security events automatically. How ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [The Essential Guide to Secure Web Gateway]( - [Evaluator's Guide for Managed Detection and Response (MDR) Services]( - [The Relationship Between Security Maturity and Business Enablement]( - [Making Cybersecurity Mesh a Reality]( - [How to Simplify Security with a Cybersecurity Mesh Architecture]( - [Cloud Incident Response Datasheet]( - [Transform Your Security Strategy]( [View More White Papers >>]( FEATURED REPORTS - [The 10 Most Impactful Types of Vulnerabilities for Enterprises Today]( The enterprise attack surface is constantly expanding. Enterprises have to think beyond zero day vulnerabilities. It's imperative security teams start looking at vulnerabilities in 5G, firmware, edge, and ICS/OT, among others. Managing system vulnerabilities is one of the old ... - [10 Hot Talks From Black Hat USA 2022]( Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ... - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Noname Security Announces Hardened API Security Platform]( [Cybereason Secures $100M in Funding Led by SoftBank Corp.]( [Industrial Defender Launches Phoenix: OT Visibility & Security Solution for Small to Midsized Operations]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [The 10 Most Impactful Types of Vulnerabilities for Enterprises Today]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)