Russian Espionage Group Hammers Zero-Click Microsoft Outlook Bug

State-sponsored actors continue to exploit CVE-2023-23397, a dangerous no-interaction vulnerability in Microsoft's Outlook email client that was patched in March, in a widespread global campaign. [TechWeb]( Follow Dark Reading: [RSS]( December 11, 2023 LATEST SECURITY NEWS & COMMENTARY [Russian Espionage Group Hammers Zero-Click Microsoft Outlook Bug]( State-sponsored actors continue to exploit CVE-2023-23397, a dangerous no-interaction vulnerability in Microsoft's Outlook email client that was patched in March, in a widespread global campaign. [Apple: 2.5B Records Exposed, Marking Staggering Surge in Data Breaches]( Data breaches are rapidly accelerating, according to a number-crunching report from Apple this week — heightening the need to finally implement end-to-end data encryption. [Municipalities Face a Constant Battle as Ransomware Snowballs]( As record-breaking volumes of ransomware hit cities, towns, and counties this year, municipalities remain easy targets that pay, and there's no end of the attacks in sight. [ALPHV/BlackCat Takedown Appears to Be Law Enforcement Related]( Threat intel sources confirm the ransomware group's site has been shuttered by law enforcement. [Increased Cyber Regulation in the Offing as Attacks Mount]( Cybersecurity could be heading for a Sarbanes Oxley-type of regulation in light of escalating attacks, but the devil is in the details. [Kenyan Digital Identity System Shelved Over Data Protection Concerns]( Privacy concerns see the proposed digital identity system paused until February. [The 3 Most Prevalent Cyber Threats of the Holidays]( Chaos and volume of holiday season sales make a perfect storm of threat opportunity. Companies need to prepare — and practice! — action plans, identify key stakeholders, and consider cyber insurance. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Proxy Trojan Targets macOS Users for Traffic Redirection]( Apple users who end up with the Trojan on their machines face a number of bad outcomes, including potential criminal liability. [4 Metrics That Help CISOs Become Strategic Partners With the Board]( To demonstrate the CISO role's value, frame your work using metrics that align with the most critical parts of every business: risk, growth, expenses, and people. [Ransomware, Data Breaches Inundate OT & Industrial Sector]( Because of the criticality of remaining operational, industrial companies and utilities are far more likely to pay, attracting even more threat groups and a focus on OT systems. [As SAT Goes Digital, Schools Must Prepare for Disruption]( Local school districts nationwide need to ensure the basic security and readiness of their network infrastructure before spring 2024. [MORE]( PRODUCTS & RELEASES [CISOs See Software Supply Chain Security As Bigger Blind Spot Than GenAI: Cycode]( [Cybersixgill Announces Identity Intelligence Module for Threat Analysis]( [ProvenRun Secures €15M Series A to Accelerate its Growth]( [Foresite Cybersecurity Partners With Crowdstrike]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Iran Threatens Israel's Critical Infrastructure With 'Polonium' Proxy]( Cyber mimics life, as Iran uses Lebanese hackers to attack its bête noire. LATEST FROM THE EDGE [Human-Centric Security Model Meets People Where They Are]( Instead of fighting workarounds that compromise security, a human-centered system fixes the process issues that prompt people to work dangerously. LATEST FROM DR TECHNOLOGY [Making Cyber Insurance Available for Small Biz, Contractors]( Cyber insurance companies are moving down-market to offer policies to help protect remote employees, independent contractors, and small businesses from the cost of cyberattacks. LATEST FROM DR GLOBAL ['HeadCrab' Malware Variants Commandeer Thousands of Servers]( New techniques in a second variant of the malware improved functionality and communication commands. WEBINARS - [Everything You Need to Know About DNS Attacks]( - [Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing]( Many of today's most damaging cyberattacks begin with a phishing lure delivered over corporate email. The attacks against Microsoft Exchange illustrated the extent of damage attackers can inflict by targeting enterprise email servers. Many enterprises still don't have a unified ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [9 Traits You Need to Succeed as a Cybersecurity Leader]( - [The Ultimate Guide to the CISSP]( [View More White Papers >>]( FEATURED REPORTS - [The State of Supply Chain Threats]( - [What Ransomware Groups Look for in Enterprise Victims]( Ransomware attackers cast a wide net -- they just care about causing damage, making money, and gaining new victims. That means no organization is automatically immune to attack just because of its size or industry. Organizations need to take steps ... - [How to Use Threat Intelligence to Mitigate Third-Party Risk]( The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ... [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=119842&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_12.11.23&sp_cid=50927&utm_content=DR_NL_Dark%20Reading%20Daily_12.11.23&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#4e If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)