Microsoft Discloses Critical Hyper-V Flaws in Low-Volume Patch Update

Microsoft has disclosed fewer flaws and zero-days in the first three months of 2024 compared with the first quarter of the prior four years. [TechWeb]( Follow Dark Reading: [RSS]( March 13, 2024 LATEST SECURITY NEWS & COMMENTARY [Microsoft Discloses Critical Hyper-V Flaws in Low-Volume Patch Update]( Microsoft has disclosed fewer flaws and zero-days in the first three months of 2024 compared with the first quarter of the prior four years. [Google's Gemini AI Vulnerable to Content Manipulation]( Like ChatGPT and other GenAI tools, Gemini is susceptible to attacks that can cause it to divulge system prompts, reveal sensitive information, and execute potentially malicious actions. [Critical ChatGPT Plug-in Vulnerabilities Expose Sensitive Data]( The vulnerabilities found in ChatGPT plug-ins — since remediated — heighten the risk of proprietary information being stolen and the threat of account takeover attacks. ['Magnet Goblin' Exploits Ivanti 1-Day Bug in Mere Hours]( A prolific but previously hidden threat actor turns public vulnerabilities into working exploits before companies have time to patch. ['PixPirate' RAT Invisibly Triggers Wire Transfers From Android Devices]( A multitooled Trojan cuts apart Brazil's premier wire transfer app. Could similar malware do the same to Venmo, Zelle, or PayPal? [Israeli Universities Hit by Supply Chain Cyberattack Campaign]( Iranian hacktivist group known as Lord Nemesis and Nemesis Kitten targeted an academic sector software firm in Israel to gain access to its customers. [How to Identify a Cyber Adversary: Standards of Proof]( Identifying the who, what, and how behind a cyberattack is crucial for preventing future strikes. [GAO: CISA's OT Teams Inadequately Staffed]( The response teams have a staging shortage, leaving them ill-prepared to take on significant threats from different places at once. [(Sponsored Article) CNAPP Must Evolve to Bring SecOps Into the Fold]( With more business-critical applications in the cloud, CNAPP must converge cloud security and security operations to effectively manage cloud risk. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Japan Blames North Korea for PyPI Supply Chain Cyberattack]( Open source software ecosystem compromise leaves developers in Asia and around the globe at risk. [How Not to Become the Target of the Next Microsoft Hack]( The alarming number of cyber threats targeting Microsoft cloud applications shows cybersecurity needs an overhaul. [Typosquatting Wave Shows No Signs of Abating]( A spate of recent typosquatting attacks shows the scourge of this type of attack is still very much with us, even after decades of cyber defender experience with it. [MORE]( PRODUCTS & RELEASES [IT-Harvest Reaches Milestone With Ingestion of 10K Cybersecurity Products Into Dashboard]( [Bipartisan Members of Congress Introduce Enhanced Cybersecurity for SNAP Act to Secure Food Benefits Against Hackers and Thieves]( [Silence Laboratories Raises $4.1M Funding to Enable Privacy Preserving Collaborative Computing]( [Veeam Launches Veeam Data Cloud]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [The CISO Role Is Changing. Can CISOs Themselves Keep Up?]( What happens to security leaders that don't communicate security well enough? "Ask SolarWinds." LATEST FROM THE EDGE [Name That Edge Toon: How Charming]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. LATEST FROM DR TECHNOLOGY [Google's Post-Quantum Upgrade Doesn't Mean We're All Protected Yet]( Just because Google has put in the work to quantum-proof Chrome doesn't mean post-quantum security is all set. LATEST FROM DR GLOBAL [Cyberattack Targets Regulator Database in South Africa]( The Companies and Intellectual Property Commission (CIPC), which handles registration of businesses and intellectual property rights for the nation, called the breach "isolated." WEBINARS - [Unleash the Power of Gen AI for Application Development, Securely]( - [Building a Modern Endpoint Strategy for 2024 and Beyond]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Collective defense is more important than ever--is your workforce ready?]( - [Use the 2023 MITRE ATT&CK Evaluation Results for Turla to Inform EDR Buying Decisions]( - [FortiSASE Customer Success Stories - The Benefits of Single Vendor SASE]( - [2023 Gartner Magic Quadrant for Single-Vendor SASE]( - [Zero Trust Access For Dummies, 2nd Fortinet Special Edition]( - [Building Cyber Resiliency: Key Strategies for Proactive Security Operations]( - [Mandiant Threat Intelligence at Penn State Health]( [View More White Papers >>]( FEATURED REPORTS - [Industrial Networks in the Age of Digitalization]( - [Zero-Trust Adoption Driven by Data Protection]( - [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=122040&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_03.13.24&sp_cid=52472&utm_content=DR_NL_Dark%20Reading%20Daily_03.13.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#b4 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)