Microsoft Patches a Pair of Actively Exploited Zero-Days

Five critical bugs, zero-days exploited in the wild, Exchange Server, and more headline Microsoft's September 2023 Patch Tuesday release. Here's what to patch now. [TechWeb]( Follow Dark Reading: [RSS]( September 13, 2023 LATEST SECURITY NEWS & COMMENTARY [Microsoft Patches a Pair of Actively Exploited Zero-Days]( Five critical bugs, zero-days exploited in the wild, Exchange Server, and more headline Microsoft's September 2023 Patch Tuesday release. Here's what to patch now. [MGM Resorts Cyberattack Hobbles Las Vegas Strip Operations]( Hospitality behemoth struggles to recover following a Sunday cyber incident that looks a lot like a ransomware attack. [China's Winnti APT Compromises National Grid in Asia for 6 Months]( Attacks against critical infrastructure are becoming more commonplace and, if a recent PRC-sponsored attack is anything to go by, easier to pull off. [Critical Google Chrome Zero-Day Bug Exploited in the Wild]( The security vulnerability could lead to arbitrary code execution by way of application crashing. [Millions of Facebook Business Accounts Bitten by Python Malware]( The "MrTonyScam" has a surprisingly high success rate, spreading a Python-based stealer to some 100,000 business accounts per week. [ChatGPT Jailbreaking Forums Proliferate in Dark Web Communities]( By code or by command, cybercriminals are circumventing ethical and safety restrictions to use generative AI chatbots in the way that they want. ['Anonymous Sudan' Sets Its Sights on Telegram in DDoS Attack]( Telegram has not stated why it has suspended the group's primary account, but it is likely due to its use of bots. [The Double-Edged Sword of Cyber Espionage]( State-sponsored attacks are alarming and difficult to prevent, but they suffer from a fundamental weakness that can be leveraged by defenders. [(Sponsored Article) Better SaaS Security Goes Beyond Procurement]( The impulse to achieve strong SaaS security adherence through strict gatekeeping during procurement fails to reduce the risk that matters most. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS ['Evil Telegram' Spyware Campaign Infects 60K+ Mobile Users]( Legitimate-seeming Telegram "mods" available in the official Google Play store for the encrypted messaging app signal the rise of a new enterprise threat. [Microsoft IDs Security Gaps that Let Threat Actors Steal Signing Key]( China's Storm-0558 accessed user emails at some 25 enterprise organizations earlier this year using forged tokens. [Overcoming the Rising Threat of Session Hijacking]( Passkeys and multifactor authentication aren't enough for combating infostealer malware, which can exfiltrate corporate data before anyone knows an attack happened. [MORE]( EDITORS' CHOICE [Attackers Abuse Google Looker Studio to Evade DMARC, Email Security]( Cyberattackers are tapping the legitimacy of the Web-based data-visualization tool in a campaign aimed at stealing credentials and defrauding hundreds of business users. LATEST FROM THE EDGE [Name That Edge Toon: Prized Possessions]( Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card. LATEST FROM DR TECHNOLOGY [IBM Adds Data Security Broker to Encrypt Data in Multiclouds]( The data security broker from Baffle brings field- and file-level encryption of sensitive data to new IBM Cloud Security Compliance Center. LATEST FROM DR GLOBAL [Israeli Hospital Hit By Ransomware Attack, 1TB Data Stolen]( Vital medical equipment was unaffected, but attackers stole and leaked lots of personal data. WEBINARS - [How Businesses Can Counterpunch against Generative AI-Powered Ransomware]( Join industry experts in AI and cybersecurity as they examine how ChatGPT and other generative AI tools are currently being used to improve the efficacy of ransomware attacks, how that will affect the cyber risk posture of most businesses, and ... - [The Threat Hunter's Playbook: Mastering Cloud Defense Strategies]( Secure your spot now for this unforgettable cybersecurity adventure, filled with real-world examples, best practices, and expert insights from our threat research team. Level up your cloud security defense. When you attend this webinar, you will hear from the Sysdig's ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [The Forrester Wave: External Threat Intelligence Service Providers, Q3 2023]( - [Threat Intelligence: Data, People and Processes]( - [Work From Anywhere Doesn't Have to Be Complicated]( - [The Ultimate Guide to the CISSP]( - [Rediscovering Your Identity]( - [2023 Global Future of Cyber Report]( - [Know your customer: Enable a 360-degree view with customer identity & access management]( [View More White Papers >>]( FEATURED REPORTS - [What Ransomware Groups Look for in Enterprise Victims]( Ransomware attackers cast a wide net -- they just care about causing damage, making money, and gaining new victims. That means no organization is automatically immune to attack just because of its size or industry. Organizations need to take steps ... - [Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks]( The most profound change to enterprise security with the rise of remote work is the way endpoint security has moved from last line of defense to being on the frontline. The user's endpoint is the first device attackers encounter, making ... - [How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment]( Concerns over API security and low-code/no-code use added to an already-full plate of application security challenges for many organizations over the last year. IT and security decision-makers are deeply concerned about compromises resulting from vulnerabilities in the software supply ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [World Security Report Finds Physical Security Incidents Cost Companies USD $1T in 2022]( [Google and Acalvio Partner to Deliver Active Defense to Protect Customers From Advanced Threats]( [Cloudflare Announces Unified Data Protection Suite to Address Risks of Modern Coding and Increased AI Use]( [IBM Expands Cloud Security and Compliance Center]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [What Ransomware Groups Look for in Enterprise Victims]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=118151&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_09.13.23&sp_cid=49774&utm_content=DR_NL_Dark%20Reading%20Daily_09.13.23&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#e4 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)