CVE-2024-30080 is the only critical issue in Microsoft's June 2024 Patch Tuesday update, but many others require prompt attention as well.
| | | LATEST SECURITY NEWS & COMMENTARY | | Critical MSMQ RCE Bug Opens Microsoft Servers to Complete Takeover CVE-2024-30080 is the only critical issue in Microsoft's June 2024 Patch Tuesday update, but many others require prompt attention as well. Scores of Biometrics Bugs Emerge, Highlighting Authentication Risks Face scans stored like passwords inevitably will be compromised, like passwords are. But there's a crucial difference between the two that organizations can rely on when their manufacturers fail. WarmCookie Gives Cyberattackers Tasty New Backdoor for Initial Access The fresh-baked malware is being widely distributed, but still specifically targets individuals with tailored lures. It's poised to evolve into a bigger threat, researchers warn. TellYouThePass Ransomware Group Exploits Critical PHP Flaw An RCE vulnerability that affects the Web scripting language on Windows systems is easy to exploit and can provide a broad attack surface. Microsoft Modifies 'Recall' AI Feature Amid Privacy, Security Failings In response to recent public outcry, Recall is getting new security accouterments. Will that be enough to quell concerns? New York Times Internal Data Nabbed From GitHub The tranche of data, lifted from underprotected GitHub repositories, reportedly includes source code, though the country's paper of record has not yet confirmed the nature of the data accessed. CISO Corner: Red Sox CloudSec; Deepfake Biz Risk; Ticketmaster Takeaways Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: Proactive playbooks, a US-Kenya partnership, and the trouble with shadow engineering. Understanding Security's New Blind Spot: Shadow Engineering In the rush to digital transformation, many organizations are exposed to security risks associated with citizen developer applications without even knowing it. Forced-Labor Camps Fuel Billions of Dollars in Cyber Scams Greater collaboration between financial and law enforcement officials is needed to dismantle cybercrime scam centers in Cambodia, Laos, and Myanmar, which rake in tens of billions of dollars annually — and affect victims worldwide. Pakistani Hacking Team 'Celestial Force' Spies on Indian Gov't, Defense Against a backdrop of political conflict, a years-long cyber-espionage campaign in South Asia is coming to light. The CEO Is Next If CEOs want to avoid being the target of government enforcement actions, they need to take a personal interest in ensuring that their corporation invests in cybersecurity. Why CIO & CISO Collaboration Is Key to Organizational Resilience Alignment between these domains is quickly becoming a strategic imperative. MORE NEWS / MORE COMMENTARY | | | | | | PRODUCTS & RELEASES | | Checkmarx Application Security Posture Management and Cloud Insights Offer Enterprises Code-to-Cloud Visibility DNSFilter Welcomes Cisco Veteran TK Keanini As CTO Backslash Unveils Enterprise-Grade Capabilities to its Reachability-Based AppSec Platform Darktrace Launches Managed Detection & Response Service to Bolster Security Operations MORE PRODUCTS & RELEASES |
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
