Microsoft Patch Tuesday Tsunami: No Zero-Days, but an Asterisk | Change Healthcare Targeted in Second Ransomware Attack

Categorieën: Diensten | Vakmensen Zakelijke goederen Financieel Kantoor Marketing Retail Detailhandel Industrie Machines Leeftijd: 14 t/m 18 jaar 19 t/m 30 jaar 31 t/m 64 jaar

Laden...

7 maanden geleden

Html
Tekst

Microsoft patched a record number of 147 new CVEs this month, though only three are rated "Critical."

Follow Dark Reading:

April 11, 2024

LATEST SECURITY NEWS & COMMENTARY

Microsoft Patch Tuesday Tsunami: No Zero-Days, but an Asterisk Microsoft patched a record number of 147 new CVEs this month, though only three are rated "Critical." Round 2: Change Healthcare Targeted in Second Ransomware Attack RansomHub, which is speculated to have some connection to ALPHV, has stolen 4TB of sensitive data from the beleaguered healthcare company. XZ Utils Scare Exposes Hard Truths About Software Security Much of the open source code embedded in enterprise software stacks comes from small, under-resourced, volunteer-run projects. Home Depot Hammered by Supply Chain Data Breach SaaS vendor to blame for exposing employee data that was ultimately leaked on Dark Web forum, according to the home improvement retailer. Critical Bugs Put Hugging Face AI Platform in a 'Pickle' One issue would have allowed cross-tenant attacks, and another enabled access to a shared registry for container images; exploitation via an insecure Pickle file showcases emerging risks for AI-as-a-service more broadly. Top MITRE ATT&CK Techniques and How to Defend Against Them A cheat sheet for all of the most common techniques hackers use, and general principles for stopping them. Critical Security Flaw Exposes 1 Million WordPress Sites to SQL Injection A researcher received a $5,500 bug bounty for discovering a vulnerability (CVE-2024-2879) in LayerSlider, a plug-in with more than a million active installations. NSA Updates Zero-Trust Advice to Reduce Attack Surfaces Agency encourages broader use of encryption, data-loss prevention, as well as data rights management to safeguard data, networks, and users. Medusa Gang Strikes Again, Hits Nearly 300 Fort Worth Property Owners Though a municipal agency assures the public that few are affected, hundreds have their data held ransom for $100,000 by the ransomware gang. Attack on Consumer Electronics Manufacturer boAt Leaks Data on 7.5M Customers In a cyberattack more reminiscent of the 2010s, a seemingly lone hacker fleeced a major corporation for millions of open customer records. How CISOs Can Make Cybersecurity a Long-Term Priority for Boards Cybersecurity is far more than a check-the-box exercise. To create companywide buy-in, CISOs need to secure board support, up their communication game, and offer awareness-training programs to fight social engineering and help employees apply what they've learned. The Fight for Cybersecurity Awareness Investing in cybersecurity skills creates a safer digital world for everyone. How Nation-State DDoS Attacks Impact Us All Global organizations and geopolitical entities must adopt new strategies to combat the growing sophistication in attacks that parallel the complexities of our new geopolitical reality. MORE NEWS / MORE COMMENTARY


HOT TOPICS
Why Liquid Cooling Systems Threaten Data Center Security & Our Water Supply We are potentially encroaching on a water supply crisis if data center operators, utilities, and the government don't implement preventative measures now. Frameworks, Guidelines & Bounties Alone Won't Defeat Ransomware We need more than "do-it-yourself" approaches to threats that clearly rise to the level of national security issues. White House's Call for Memory Safety Brings Challenges, Changes & Costs Improving security in the applications that drive the digital economy is a necessary undertaking, requiring ongoing collaboration between the public and private sectors. MORE

PRODUCTS & RELEASES

National Security Agency Announces Dave Luber As Director of Cybersecurity Wiz Acquires Gem Security to Expand Cloud Detection and Response Offering MedSec Launches Cybersecurity Program For Resource-Constrained Hospitals ESET Launches a New Solution for Small Office/Home Office Businesses Action1 Unveils 'School Defense' Program To Help Small Educational Institutions Thwart Cyberattacks Wyden Releases Draft Legislation to End Federal Dependence on Insecure, Proprietary Software MORE PRODUCTS & RELEASES

EDITORS' CHOICE

CISO Corner: Ivanti's Mea Culpa; World Cup Hack; CISOs & Cyber Awareness Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: Dealing with a Ramadan cyber spike; funding Internet security; and Microsoft's Azure AI changes. LATEST FROM THE EDGE
Google Gives Gemini a Security Boost Google has integrated Mandiant's security offerings into its AI platform to detect, stop, and remediate cybersecurity attacks as quickly as possible. LATEST FROM DR TECHNOLOGY
Ambitious Training Initiative Taps Talents of Blind and Visually Impaired Novacoast's Apex Program prepares individuals with visual impairments for cybersecurity careers. LATEST FROM DR GLOBAL
Solar Spider Spins Up New Malware to Entrap Saudi Arabian Financial Firms An ongoing cyberattack campaign with apparent ties to China uses a new version of sophisticated JavaScript remote access Trojan JSOutProx and is now targeting banks in the Middle East.

WEBINARS

Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy Defending Against Today's Threat Landscape with MDR

View More Dark Reading Webinars >>

WHITE PAPERS

Application Security's New Mandate in a DevOps World Making Sense of Your Security Data: The 6 Hardest Problems The State of Incident Response Use the 2023 MITRE ATT&CK Evaluation Results for Turla to Inform EDR Buying Decisions Demystifying Zero Trust in OT FortiSASE Customer Success Stories - The Benefits of Single Vendor SASE Fortinet Named a Leader in the Forrester Wave: Zero Trust Edge (ZTE) Solutions

View More White Papers >>

FEATURED REPORTS

Industrial Networks in the Age of Digitalization Zero-Trust Adoption Driven by Data Protection How Enterprises Assess Their Cyber-Risk

View More Dark Reading Reports >>

Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA

To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.

Thoughts about this newsletter? Give us feedback.

Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:

If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.

We take your privacy very seriously. Please review our Privacy Statement.

Deel deze op

Laden...

Andere nieuwsbrieven van Informationweek.com

Achieving Optimal Security Outcomes Through Platformization Informationweek.com
13 uren geleden
FEATURES EDITION | Microsoft Highlights Security Exposure Management at Ignite Informationweek.com
15 uren geleden
Chinese APT Gelsemium Deploys 'Wolfsbane' Linux Variant Informationweek.com
Gisteren om 14:04

Meer nieuwsbrieven van Informationweek.com

Laden...

Gerelateerde nieuwsbrieven

Bekijk andere categorieën

Diensten | Vakmensen Zakelijke goederen Financieel Kantoor Marketing Retail Detailhandel Industrie Machines