Microsoft Patches 2 Zero-Day Vulnerabilities

The 49 CVEs in Microsoft's May security update is the lowest volume in nearly two years. [TechWeb]( Follow Dark Reading: [RSS]( May 10, 2023 LATEST SECURITY NEWS & COMMENTARY [Microsoft Patches 2 Zero-Day Vulnerabilities]( The 49 CVEs in Microsoft's May security update is the lowest volume in nearly two years. [FBI Disarms Russian FSB 'Snake' Malware Network]( Operation "Medusa" disabled Turla's Snake malware with an FBI-created tool called Perseus. [SideWinder Strikes Victims in Pakistan, Turkey in Multiphase Polymorphic Attack]( The APT is exploiting a remote template injection flaw to deliver malicious documents that lure in government officials and other targets with topics of potential interest. [Royal Ransomware Expands to Target Linux, VMware ESXi]( The ransomware gang has also started using the BatLoader dropper and SEO poisoning for initial access. [Npm Packages Vulnerable to Old-School Weapon: the 'Shift' Key]( For years, hackers could have tricked enterprises into downloading malware by simply de-capitalizing letters in uppercase-named npm packages. [The Problem of Old Vulnerabilities — and What to Do About It]( The vulnerabilities most often exploited by ransomware attackers are already known to us. [Keep Your Company Cyber Competent Without Adding Cyber Anxiety]( With the right attitude, businesses can maximize employee satisfaction and protection, without sacrificing productivity. [Justice Department Targets 13 Websites Linked to DDoS-for-Hire]( Ten of the domains targeted today were "reincarnations" of services seized in December 2022. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [North Korean APT Uses Malicious Microsoft OneDrive Links to Spread New Malware]( ReconShark, aimed at gaining initial access to targeted systems, is a component of previous malware used by the Kimsuky group. [Judge Spares Former Uber CISO Jail Time Over 2016 Data Breach Charges]( Tell other CISOs "you got a break," judge says in handing down a three-year probation sentence to Joseph Sullivan. [Why the FTX Collapse Was an Identity Problem]( Cryptocurrency has a valuable role to play in a Web3 world — but only if the public can fully trust it. [MORE]( EDITORS' CHOICE [1M NextGen Patient Records Compromised in Data Breach]( Company says a database was accessed by an "unknown third party" with stolen credentials. LATEST FROM THE EDGE [Identifying Compromised Data Can Be a Logistical Nightmare]( Being able to trace an incident backward from breach to data source is vital in restoring and improving cybersecurity. LATEST FROM DR TECHNOLOGY [New Startup SquareX Targets Brower-Based Attacks]( SquareX runs headless browsers in data centers on the user's behalf so that threats never reach the user's machine. WEBINARS - [Next-Generation Supply Chain Security]( Supply chain attacks are on the rise. Attackers are injecting malicious code into software and hardware components to create backdoors into the organization. As the Kaseya attack demonstrated, compromising a widely used product gives attackers privileged access into corporate networks. ... - [Securing the Remote Worker: How to Monitor and Mitigate Offsite Cyberattacks]( Even as the debate over return to work rages on, it is clear the enterprise network will never be the same. Remote work is now the norm, and many organizations have shifted to digital business models. Network architectures, and the ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [ESG Report: Automated Application Security Testing for Faster Development]( - [AppSec Best Practices: Where Speed, Security, and Innovation Meet in the Middle]( - [Cybersecurity Maturity Model Certification (CMMC) Version 1.02]( - [The Big Business Of Cybercrime: A Deep Dive Guide]( - [Understanding Vulnerability Prioritization Technologies - From Generic VM to VPT]( - [The Cloud Security Workflow Handbook]( - [Rediscovering Your Identity]( [View More White Papers >>]( FEATURED REPORTS - [How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment]( Concerns over API security and low-code/no-code use added to an already-full plate of application security challenges for many organizations over the last year. IT and security decision-makers are deeply concerned about compromises resulting from vulnerabilities in the software supply ... - [Successfully Managing Identity in Modern Cloud and Hybrid Environments]( Cloud promised to simplify the security and management of enterprise systems. In many ways it has, but when it comes to identity management it's as complicated as ever. This report details how to get identity programs on track -- and ... - [The Promise and Reality of Cloud Security]( Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Keeper Security Announces Minority Growth Equity Investment From Summit Partners]( [Privoro and Samsung Partner to Provide Trusted Control Over Smartphone Radios and Sensors]( [ESET APT Report: Attacks by China-, North Korea-, and Iran-aligned Threat Actors; Russia Eyes Ukraine and the EU]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)