XSS Vulnerabilities Found in Microsoft Azure Cloud Services | Microsoft Fixes 69 Bugs, but None Are Zero-Days

Microsoft quickly issued patches for the two security issues, which could allow unauthorized access to cloud sessions. [TechWeb]( Follow Dark Reading: [RSS]( June 15, 2023 LATEST SECURITY NEWS & COMMENTARY [XSS Vulnerabilities Found in Microsoft Azure Cloud Services]( Microsoft quickly issued patches for the two security issues, which could allow unauthorized access to cloud sessions. [Microsoft Fixes 69 Bugs, but None Are Zero-Days]( The June 2023 Patch Tuesday security update included fixes for a bypass for two previously addressed issues in Microsoft Exchange and a critical elevation of privilege flaw in SharePoint Server. [Cl0P Gang Sat on Exploit for MOVEit Flaw for Nearly 2 Years]( Over that time, the group carried multiple tests to see if the exploit worked and to identify potential victims. It was like "turning the doorknob" to check for access, a researcher says. [Brand-New Security Bugs Affect All MOVEit Transfer Versions]( Progress has issued a second patch for additional SQL flaws that are distinct from the zero-day that the Cl0p ransomware gang is exploiting. [Russian APT 'Cadet Blizzard' Behind Ukraine Wiper Attacks]( Microsoft says Cadet Blizzard wielded a custom wiper malware in the weeks leading up to Russia's invasion of Ukraine, and it remains capable of wanton destruction. [Analysis: Social Engineering Drives BEC Losses to $50B Globally]( Threat actors have grown increasingly sophisticated in applying social engineering tactics against their victims, which is key to this oft-underrated cybercriminal scam's success. [Chinese Threat Actor Abused ESXi Zero-Day to Pilfer Files From Guest VMs]( Mandiant's ongoing investigation of UNC3886 has uncovered new details of threat actors' TTPs. [Researchers Report First Instance of Automated SaaS Ransomware Extortion]( The attack highlights growing interest among threat actors to target data from software-as-a-service providers. [How Popular Messaging Tools Instill a False Sense of Security]( It's time to include messaging tool security in your cloud security program. Good first steps include tightening filter parameters on Slack and Teams. [Why Critical Infrastructure Remains a Ransomware Target]( While protecting critical infrastructure seems daunting, here are some critical steps the industry can take now to become more cyber resilient and mitigate risks. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [5 Tips for Modernizing Your Security Operations Center Strategy]( A solid, dependable SOC strategy that is scalable in the face of various security threats is essential to reduce cybersecurity risks to your business. [Doing Less With Less: Focusing on Value]( Always reach for defense in depth with proposed security changes. Measure and test results, focus on items of greatest impact, and get C-suite members involved to drive better outcomes. [The Growing Cyber Threats of Generative AI: Who's Accountable?]( In the wrong hands, malicious actors can use chatbots to unleash sophisticated cyberattacks that could have devastating consequences. [MORE]( EDITORS' CHOICE [Cybercrooks Scrape OpenAI API Keys to Pirate GPT-4]( With more than 50,000 publicly leaked OpenAI keys on GitHub alone, OpenAI developer accounts are the third-most exposed in the world. LATEST FROM THE EDGE [3 Elite Communication Skills to Help Security Pros Get Projects Funded]( It's not enough to know how to better protect the enterprise — you have to be able to convince decision-makers that your plans are necessary. LATEST FROM DR TECHNOLOGY [Passkeys See Fresh Momentum With New Pilot Programs]( Apple adds API that will enable sharing of passkeys across platforms, and Google offers passkey authentication in beta for Google Workspace and Google Cloud. LATEST FROM DR GLOBAL ['Stealth Soldier' Attacks Target Libyan Government Entities With Surveillance Malware]( Surveillance malware targets Libyan government entities, with possible links to a 2019 Egypt attack campaign. WEBINARS - [Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy]( Threat intelligence -- collecting data about broad trends in online attacks -- helps security teams improve their defenses by identifying online exploits that have the potential to hit their organizations and to prioritize their security resources accordingly. But how should ... - [Secrets to a Successful Managed Security Service Provider Relationship]( Sometimes, the security team you have just isn't enough. To help keep up with security threats 24/7 - and to bolster skills the team may not have -- many enterprises are working with managed security service providers (MSSPs) and security providers ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [ESG Report: Automated Application Security Testing for Faster Development]( - [Welcome to Modern Web App Security]( - [AppSec Best Practices: Where Speed, Security, and Innovation Meet in the Middle]( - [Top 5 Reasons to Prioritize Privileged Access Management]( - [2023 Global Future of Cyber Report]( - [Cybersecurity in 2023 and beyond: 12 leaders share their forecasts]( - [Know your customer: Enable a 360-degree view with customer identity & access management]( [View More White Papers >>]( FEATURED REPORTS - [How to Use Threat Intelligence to Mitigate Third-Party Risk]( The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ... - [Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware]( - [Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks]( The most profound change to enterprise security with the rise of remote work is the way endpoint security has moved from last line of defense to being on the frontline. The user's endpoint is the first device attackers encounter, making ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Cycode Launches CI/CD Pipeline Monitoring Solution (Cimon) to Prevent Supply Chain Attacks]( [BioCatch Strengthens Collaboration With Microsoft Cloud for Financial Services]( [Use of Multifactor Authentication (MFA) Nearly Doubles Since 2020, Okta Secure Sign-in Trends Report Finds]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [How to Use Threat Intelligence to Mitigate Third-Party Risk]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)