Microsoft Fixes 69 Bugs, but None Are Zero-Days

The June 2023 Patch Tuesday security update included fixes for a bypass for two previously addressed issues in Microsoft Exchange and a critical elevation of privilege flaw in SharePoint Server. [TechWeb]( Follow Dark Reading: [RSS]( June 14, 2023 LATEST SECURITY NEWS & COMMENTARY [Microsoft Fixes 69 Bugs, but None Are Zero-Days]( The June 2023 Patch Tuesday security update included fixes for a bypass for two previously addressed issues in Microsoft Exchange and a critical elevation of privilege flaw in SharePoint Server. [Chinese Threat Actor Abused ESXi Zero-Day to Pilfer Files From Guest VMs]( Mandiant's ongoing investigation of UNC3886 has uncovered new details of threat actors' TTPs. [Analysis: Social Engineering Drives BEC Losses to $50B Globally]( Threat actors have grown increasingly sophisticated in applying social engineering tactics against their victims, which is key to this oft-underrated cybercriminal scam's success. [Popular Apparel, Clothing Brands Being Used in Massive Phishing Scam]( Threat actors have created over 3,000 domains, some as old as two years, to lure in customers to false, name brand websites for personal financial gain. [How Security Leaders Should Approach Cybersecurity Startups]( Vendors and buyers both have the power to make the industry a better place. What's needed is more collaboration, mutual support, and respect. [Why Critical Infrastructure Remains a Ransomware Target]( While protecting critical infrastructure seems daunting, here are some critical steps the industry can take now to become more cyber resilient and mitigate risks. [(Sponsored Article) The Key to Zero Trust Identity Is Automation]( In a zero-trust world, a trusted identity is the key that unlocks access for people and devices to enter your enterprise’s key networks, systems, and resources. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Supply Chain Attack Defense Demands Mature Threat Hunting]( Active threat hunting is the best protection against supply chain attacks like MOVEit and 3CX, experts say. [DOS Attacks Dominate, but System Intrusions Cause Most Pain]( In the latest Verizon "Data Breach Investigations Report," denial-of-service attacks are the most common type of security incident, but when it comes to breaches, nearly four-in-ten attackers compromise systems. [Doing Less With Less: Focusing on Value]( Always reach for defense in depth with proposed security changes. Measure and test results, focus on items of greatest impact, and get C-suite members involved to drive better outcomes. [MORE]( EDITORS' CHOICE [Researchers Report First Instance of Automated SaaS Ransomware Extortion]( The attack highlights growing interest among threat actors to target data from software-as-a-service providers. LATEST FROM DR GLOBAL ['Stealth Soldier' Attacks Target Libyan Government Entities With Surveillance Malware]( Surveillance malware targets Libyan government entities, with possible links to a 2019 Egypt attack campaign. LATEST FROM THE EDGE [Ways to Help Cybersecurity's Essential Workers Avoid Burnout]( To support and retain the people who protect assets against bad actors, organizations should create a more defensible environment. LATEST FROM DR TECHNOLOGY [2 Lenses for Examining the Safety of Open Source Software]( Improving the security of open source repositories while keeping malicious components out requires a combination of technology and people. WEBINARS - [Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy]( Threat intelligence -- collecting data about broad trends in online attacks -- helps security teams improve their defenses by identifying online exploits that have the potential to hit their organizations and to prioritize their security resources accordingly. But how should ... - [The Future is CNAPP: Cloud Security From Prevention To Threat Detection]( Cloud-native development introduces unique attack vectors that are challenging to identify and are evolving rapidly. Join us as we take a deeper look into common cloud attack paths in the wild and discuss strategies for how to combat them before ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [The Ultimate Guide to the CISSP]( - [Top 5 Reasons to Prioritize Privileged Access Management]( - [A Security Leader's Guide to Leveraging MDR for Security Maturity and Development]( - [2023 Gartner Market Guide for Cloud-Native Application Protection Platforms (CNAPP)]( - [Top Ten Tips: Securing Multi-Cloud with Modern CSPM]( - [Cybersecurity in a post pandemic world: A focus on financial services]( - [Cybersecurity in 2023 and beyond: 12 leaders share their forecasts]( [View More White Papers >>]( FEATURED REPORTS - [How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment]( Concerns over API security and low-code/no-code use added to an already-full plate of application security challenges for many organizations over the last year. IT and security decision-makers are deeply concerned about compromises resulting from vulnerabilities in the software supply ... - [The 10 Most Impactful Types of Vulnerabilities for Enterprises Today]( The enterprise attack surface is constantly expanding. Enterprises have to think beyond zero day vulnerabilities. It's imperative security teams start looking at vulnerabilities in 5G, firmware, edge, and ICS/OT, among others. Managing system vulnerabilities is one of the old ... - [Shoring Up the Software Supply Chain Across Enterprise Applications]( Supply chain security attacks are growing at an alarming pace, and things are going to keep getting worse until DevSecOps teams get on the same page. A little help from the feds could also be welcome Modern-day software development depends ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Cycode Launches CI/CD Pipeline Monitoring Solution (Cimon) to Prevent Supply Chain Attacks]( [Use of Multifactor Authentication (MFA) Nearly Doubles Since 2020, Okta Secure Sign-in Trends Report Finds]( [QuSecure Awarded US Army Contract for Post-Quantum Cybersecurity Solutions]( [BioCatch Strengthens Collaboration With Microsoft Cloud for Financial Services]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [How to Use Threat Intelligence to Mitigate Third-Party Risk]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)