Microsoft Gives Admins a Reprieve With Lighter-Than-Usual Patch Update

The company's final patch release for 2023 contained fixes for a total of just 36 vulnerabilities — none of which, for a change, were zero-days. [TechWeb]( Follow Dark Reading: [RSS]( December 13, 2023 LATEST SECURITY NEWS & COMMENTARY [Microsoft Gives Admins a Reprieve With Lighter-Than-Usual Patch Update]( The company's final patch release for 2023 contained fixes for a total of just 36 vulnerabilities — none of which, for a change, were zero-days. [Ransomware Gangs Use PR Charm Offensive to Pressure Victims]( Threat actors are fully embracing the spin machine: rebranding, speaking with the media, writing detailed FAQs, and more, all in an effort to make headlines. [Dozens of Bugs Patched in Apple TVs and Watches, Macs, iPads, iPhones]( A laundry list of tweaks to Safari, Bluetooth, Accessibility, and much more. [Kyivstar Mobile Attack Plunges Millions in Ukraine Into Comms Blackout]( The destructive attack, likely carried out by Russian actors, is the biggest hit on the country's basic infrastructure since the beginning of the war. [Debate Roils Over Extent of Nation-State Cyber Involvement in Gaza]( Are hacktivists under the control of nation-states, or are they just independent contractors acting on their behalf? [Google Cloud's 'Dataproc' Abuse Risk Endangers Corporate Data Stores]( There's a new way for hackers to abuse the cloud, this time with data analysts and scientists in the crosshairs. [Critical WordPress Plug-in RCE Bug Exposes Reams of Websites to Takeover]( Attackers can inject and execute arbitrary PHP code using a flaw in Backup Migration, which has been downloaded more than 90K times. [Data's Perilous Journey & Lessons Not Learned From the Target Breach]( A decade after Target suffered a major security breach, are we still disregarding the gaping holes in our cyber fortifications? [Biden's AI Exec Order Is a Start, but We Must Safeguard Innovation]( It's important for Congress to strengthen protections for AI and set guardrails to make sure it isn't used maliciously. [(Sponsored Article) The Imperative of Context in an Era of Expanding API Risks]( Only 38% of organizations understand API context, a huge security gap underscoring the need for deeper, context-aware security strategies. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Microsoft: Mystery Group Targeting Telcos Linked to Chinese APTs]( Analysis shows evidence the previously unknown Sandman group shares backdoor malware with various Chinese APT groups. [Responsibly Implementing AI, the Unstoppable Force]( Balancing the good and bad of AI/ML means being able to control what data you're feeding into AI systems and solving the privacy issues to securely enable generative AI. [Lazarus Group Is Still Juicing Log4Shell, Using RATs Written in 'D']( The infamous vulnerability may be on the older side at this point, but North Korea's primo APT Lazarus is creating new, unique malware around it at a remarkable clip. [MORE]( PRODUCTS & RELEASES [Survey: 90% of IT Pros Felt Prepared for a Password-Based Cyberattack, Yet More Than Half Fell Victim to One]( [Fortress Information Security & CodeSecure Team Up to Analyze SBOMs & Remediate Critical Vulnerabilities]( [CISOs See Software Supply Chain Security as Bigger Blind Spot Than GenAI: Cycode]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Ex-Uber CISO Advocates 'Personal Incident Response Plan' for Security Execs]( Why Joe Sullivan feels paying off attackers was a way of solving the problem. LATEST FROM THE EDGE [10 Holiday Gifts for Stressed-Out Security Pros]( These office giving-friendly fidgets, stress balls, brain teasers, and more are perfect to calm the most harried cybersecurity professionals. LATEST FROM DR TECHNOLOGY [The European Space Agency Explores Cybersecurity for Space Industry]( An ESA cybersecurity expert explains how space-based data and services benefit from public investment in space programs. LATEST FROM DR GLOBAL [Libyan Government Trains Personnel in Electoral Cyber Threats]( The UN is helping Ministry of Interior staff implement cybersecurity best practices, as talks continue about scheduling a parliamentary election in the coming months. WEBINARS - [What's In Your Cloud?]( - [Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing]( Many of today's most damaging cyberattacks begin with a phishing lure delivered over corporate email. The attacks against Microsoft Exchange illustrated the extent of damage attackers can inflict by targeting enterprise email servers. Many enterprises still don't have a unified ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [9 Traits You Need to Succeed as a Cybersecurity Leader]( - [The Ultimate Guide to the CISSP]( [View More White Papers >>]( FEATURED REPORTS - [The State of Supply Chain Threats]( - [How to Deploy Zero Trust for Remote Workforce Security]( - [Everything You Need to Know About DNS Attacks]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=119886&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_12.13.23&sp_cid=50967&utm_content=DR_NL_Dark%20Reading%20Daily_12.13.23&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#69 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)