CVE-2024-30080 is the only critical issue in Microsoft's June 2024 Patch Tuesday update, but many others require prompt attention as well. [TechWeb]( Follow Dark Reading:
[RSS](
June 13, 2024 LATEST SECURITY NEWS & COMMENTARY [Critical MSMQ RCE Bug Opens Microsoft Servers to Complete Takeover](
CVE-2024-30080 is the only critical issue in Microsoft's June 2024 Patch Tuesday update, but many others require prompt attention as well.
[Scores of Biometrics Bugs Emerge, Highlighting Authentication Risks](
Face scans stored like passwords inevitably will be compromised, like passwords are. But there's a crucial difference between the two that organizations can rely on when their manufacturers fail.
[WarmCookie Gives Cyberattackers Tasty New Backdoor for Initial Access](
The fresh-baked malware is being widely distributed, but still specifically targets individuals with tailored lures. It's poised to evolve into a bigger threat, researchers warn.
[TellYouThePass Ransomware Group Exploits Critical PHP Flaw](
An RCE vulnerability that affects the Web scripting language on Windows systems is easy to exploit and can provide a broad attack surface.
[Microsoft Modifies 'Recall' AI Feature Amid Privacy, Security Failings](
In response to recent public outcry, Recall is getting new security accouterments. Will that be enough to quell concerns?
[New York Times Internal Data Nabbed From GitHub](
The tranche of data, lifted from underprotected GitHub repositories, reportedly includes source code, though the country's paper of record has not yet confirmed the nature of the data accessed.
[CISO Corner: Red Sox CloudSec; Deepfake Biz Risk; Ticketmaster Takeaways](
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: Proactive playbooks, a US-Kenya partnership, and the trouble with shadow engineering.
[Understanding Security's New Blind Spot: Shadow Engineering](
In the rush to digital transformation, many organizations are exposed to security risks associated with citizen developer applications without even knowing it.
[Forced-Labor Camps Fuel Billions of Dollars in Cyber Scams](
Greater collaboration between financial and law enforcement officials is needed to dismantle cybercrime scam centers in Cambodia, Laos, and Myanmar, which rake in tens of billions of dollars annually â and affect victims worldwide.
[Pakistani Hacking Team 'Celestial Force' Spies on Indian Gov't, Defense](
Against a backdrop of political conflict, a years-long cyber-espionage campaign in South Asia is coming to light.
[The CEO Is Next](
If CEOs want to avoid being the target of government enforcement actions, they need to take a personal interest in ensuring that their corporation invests in cybersecurity.
[Why CIO & CISO Collaboration Is Key to Organizational Resilience](
Alignment between these domains is quickly becoming a strategic imperative. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Developing a Plan to Respond to Critical CVEs in Open Source Software]( Establishing a clear process for developers to respond to critical CVEs is essential for having a rapid and coordinated response.
[Is a US Nationwide Privacy Law Really Coming?]( If passed, APRA will be a giant leap forward for the rights and freedoms of Americans. [MORE]( PRODUCTS & RELEASES [Checkmarx Application Security Posture Management and Cloud Insights Offer Enterprises Code-to-Cloud Visibility]( [DNSFilter Welcomes Cisco Veteran TK Keanini As CTO]( [Backslash Unveils Enterprise-Grade Capabilities to its Reachability-Based AppSec Platform]( [Darktrace Launches Managed Detection & Response Service to Bolster Security Operations](
[MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [SolarWinds Flaw Flagged by NATO Pen Tester](
The latest platform update from SolarWinds includes patches for three vulnerabilities, including two high-severity bugs. LATEST FROM THE EDGE [Making Choices that Lead to Stronger Vulnerability Management](
The threat environment will continue to grow in complexity. Now is the time for organizations to streamline how they manage and mitigate overlooked vulnerabilities. LATEST FROM DR TECHNOLOGY [Tokenization Moves Beyond Payments to Personal Privacy](
Pseudonymous masking has made credit card transactions more secure, but Visa has even greater plans for tokenization: giving users control of their data. LATEST FROM DR GLOBAL [Governments, Businesses Tighten Cybersecurity Around Hajj Season](
While cyberattacks drop slightly during the week of the Islamic pilgrimage, organizations in Saudi Arabia and other countries with large Muslim populations see attacks on the rise. WEBINARS - [Intruders in the Library: Exploring DLL Hijacking Using Cortex XDR Analytics](
- [Preventing Attackers From Wandering Through Your Enterprise Infrastructure]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [A Year in Review of Zero-Days Exploited In-the-Wild in 2023](
- [Leveling Up Cyber-Threat Intelligence Maturity for More Value and Better Insights](
- [Elastic named a Leader in The Forrester Waveâ¢: Security Analytics Platforms, Q4 2022](
- [A Short Primer on Container Scanning](
- [The Cloud Threat Landscape: Security learnings from analyzing 500+ cloud environments](
- [The Future of Cloud Security: Attack Paths & Graph-based Technology](
- [Cisco Panoptica for Simplified Cloud-Native Application Security]( [View More White Papers >>]( FEATURED REPORTS - [Elastic named a Leader in The Forrester Waveâ¢: Security Analytics Platforms, Q4 2022](
- [EMA: AI at your fingertips: How Elastic AI Assistant simplifies cybersecurity](
- [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Weekly
-- Published By [Dark Reading](
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.](
Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com)
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=124041&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly_06.13.24&sp_cid=53943&utm_content=DR_NL_Dark%20Reading%20Weekly_06.13.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#16
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)