Microsoft Patches 2 Zero-Day Vulnerabilities | Dark Reading Goes Global

Microsoft's May security update has the lowest number of CVEs — 49 — in nearly two years. [TechWeb]( Follow Dark Reading: [RSS]( May 11, 2023 LATEST SECURITY NEWS & COMMENTARY [Microsoft Patches 2 Zero-Day Vulnerabilities]( Microsoft's May security update has the lowest number of CVEs — 49 — in nearly two years. [Dark Reading Goes Global]( While the goal of the site's new DR Global section is to expand international coverage, the initial focus will be cybersecurity professionals in the Middle East and Africa. [1M NextGen Patient Records Compromised in Data Breach]( Company says a database was accessed by an "unknown third party" with stolen credentials. [Microsoft Fixes Failed Patch for Exploited Outlook Vulnerability]( Adding a single character to a function in the previous Outlook patch rendered that fix useless, researchers say. [Judge Spares Former Uber CISO Jail Time Over 2016 Data Breach Charges]( Tell other CISOs "you got a break," judge says in handing down a three-year probation sentence to Joseph Sullivan. [Leak of Intel Boot Guard Keys Could Have Security Repercussions for Years]( While Intel is still investigating the incident, the security industry is bracing itself for years of potential firmware insecurity if the keys indeed were exposed. [Microsoft Patches Serious Azure Cloud Security Flaws]( Three vulnerabilities in the platform's API Management Service could allow access sensitive data, mount further attacks, and even hijack developer portals. [New White House AI Initiatives Include AI Software-Vetting Event at DEF CON]( The Biden administration outlined its plans to ensure responsible AI development — cyber-risk is a core element. [Apple Patches Bluetooth Flaw in AirPods, Beats]( Users can check for the updated firmware version of their wireless headphones in the Bluetooth settings of their iPhone, iPad, or Mac devices. [The (Security) Cost of Too Much Data Privacy]( The online fraud prevention industry has taken the brunt of increased privacy actions. [The Industrywide Consequences of Making Security Products Inaccessible]( Accessibility won't solve all of the industry's problems, but it can help tackle a few. [Why the FTX Collapse Was an Identity Problem]( Cryptocurrency has a valuable role to play in a Web3 world — but only if the public can fully trust it. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [The Problem of Old Vulnerabilities — and What to Do About It]( The vulnerabilities most often exploited by ransomware attackers are already known to us. [Keep Your Company Cyber Competent Without Adding Cyber Anxiety]( With the right attitude, businesses can maximize employee satisfaction and protection, without sacrificing productivity. [MORE]( EDITORS' CHOICE [Google Launches Cybersecurity Career Certificate Program]( Google's new program aims to offer accessible training to fill 750K open cybersecurity jobs with diverse array of talent. LATEST FROM THE EDGE [How Boards Can Set Enforceable Cyber Risk Tolerance Levels]( Boards love to say they have low risk tolerance, but are they willing to make the expensive and painful decisions to make it truly happen? LATEST FROM DR TECHNOLOGY [Browser Isolation Adapts to Remote Work, Greater Cloud Usage]( As browsers become the center of many workers' days, isolation technologies shift to protecting the extended enterprise. WEBINARS - [Securing the Remote Worker: How to Monitor and Mitigate Offsite Cyberattacks]( Even as the debate over return to work rages on, it is clear the enterprise network will never be the same. Remote work is now the norm, and many organizations have shifted to digital business models. Network architectures, and the ... - [Puzzled by Patching: Solve Endpoint Pains]( In this webinar, you'll learn critical steps to improve your security posture and reduce patching complexity so that your IT team can do more with less while keeping security at the forefront. Now is the time to slay the time-consuming ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [9 Traits You Need to Succeed as a Cybersecurity Leader]( - [ESG Report: Automated Application Security Testing for Faster Development]( - [Welcome to Modern Web App Security]( - [AppSec Best Practices: Where Speed, Security, and Innovation Meet in the Middle]( - [Top 5 Reasons to Prioritize Privileged Access Management]( - [A Security Leader's Guide to Leveraging MDR for Security Maturity and Development]( - [What Are the Top and Niche Use Cases for Breach and Attack Simulation Technology?]( [View More White Papers >>]( FEATURED REPORTS - [The 10 Most Impactful Types of Vulnerabilities for Enterprises Today]( The enterprise attack surface is constantly expanding. Enterprises have to think beyond zero day vulnerabilities. It's imperative security teams start looking at vulnerabilities in 5G, firmware, edge, and ICS/OT, among others. Managing system vulnerabilities is one of the old ... - [Shoring Up the Software Supply Chain Across Enterprise Applications]( Supply chain security attacks are growing at an alarming pace, and things are going to keep getting worse until DevSecOps teams get on the same page. A little help from the feds could also be welcome Modern-day software development depends ... - [10 Hot Talks From Black Hat USA 2022]( Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Experian Announces US Fintech Data Network to Combat Fraud]( [Secureframe Finds 37% of Organizations Reuse Passwords for Cloud Service Providers]( [Keeper Security Announces Minority Growth Equity Investment From Summit Partners]( [Privoro and Samsung Partner to Provide Trusted Control Over Smartphone Radios and Sensors]( [ESET APT Report: Attacks by China-, North Korea-, and Iran-aligned Threat Actors; Russia Eyes Ukraine and the EU]( [Whiteford Taylor & Preston LLP Issues Notice of Data Incident]( [Consilient Inc. and Harex InfoTech Partner to Fight Financial Crime in South Korea]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)