Critical MSMQ RCE Bug Opens Microsoft Servers to Complete Takeover | Scores of Biometrics Bugs Emerge

CVE-2024-30080 is the only critical issue in Microsoft's June 2024 Patch Tuesday update, but many others require prompt attention as well. [TechWeb]( Follow Dark Reading: [RSS]( June 13, 2024 LATEST SECURITY NEWS & COMMENTARY [Critical MSMQ RCE Bug Opens Microsoft Servers to Complete Takeover]( CVE-2024-30080 is the only critical issue in Microsoft's June 2024 Patch Tuesday update, but many others require prompt attention as well. [Scores of Biometrics Bugs Emerge, Highlighting Authentication Risks]( Face scans stored like passwords inevitably will be compromised, like passwords are. But there's a crucial difference between the two that organizations can rely on when their manufacturers fail. [WarmCookie Gives Cyberattackers Tasty New Backdoor for Initial Access]( The fresh-baked malware is being widely distributed, but still specifically targets individuals with tailored lures. It's poised to evolve into a bigger threat, researchers warn. [TellYouThePass Ransomware Group Exploits Critical PHP Flaw]( An RCE vulnerability that affects the Web scripting language on Windows systems is easy to exploit and can provide a broad attack surface. [Microsoft Modifies 'Recall' AI Feature Amid Privacy, Security Failings]( In response to recent public outcry, Recall is getting new security accouterments. Will that be enough to quell concerns? [New York Times Internal Data Nabbed From GitHub]( The tranche of data, lifted from underprotected GitHub repositories, reportedly includes source code, though the country's paper of record has not yet confirmed the nature of the data accessed. [CISO Corner: Red Sox CloudSec; Deepfake Biz Risk; Ticketmaster Takeaways]( Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: Proactive playbooks, a US-Kenya partnership, and the trouble with shadow engineering. [Understanding Security's New Blind Spot: Shadow Engineering]( In the rush to digital transformation, many organizations are exposed to security risks associated with citizen developer applications without even knowing it. [Forced-Labor Camps Fuel Billions of Dollars in Cyber Scams]( Greater collaboration between financial and law enforcement officials is needed to dismantle cybercrime scam centers in Cambodia, Laos, and Myanmar, which rake in tens of billions of dollars annually — and affect victims worldwide. [Pakistani Hacking Team 'Celestial Force' Spies on Indian Gov't, Defense]( Against a backdrop of political conflict, a years-long cyber-espionage campaign in South Asia is coming to light. [The CEO Is Next]( If CEOs want to avoid being the target of government enforcement actions, they need to take a personal interest in ensuring that their corporation invests in cybersecurity. [Why CIO & CISO Collaboration Is Key to Organizational Resilience]( Alignment between these domains is quickly becoming a strategic imperative. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Developing a Plan to Respond to Critical CVEs in Open Source Software]( Establishing a clear process for developers to respond to critical CVEs is essential for having a rapid and coordinated response. [Is a US Nationwide Privacy Law Really Coming?]( If passed, APRA will be a giant leap forward for the rights and freedoms of Americans. [MORE]( PRODUCTS & RELEASES [Checkmarx Application Security Posture Management and Cloud Insights Offer Enterprises Code-to-Cloud Visibility]( [DNSFilter Welcomes Cisco Veteran TK Keanini As CTO]( [Backslash Unveils Enterprise-Grade Capabilities to its Reachability-Based AppSec Platform]( [Darktrace Launches Managed Detection & Response Service to Bolster Security Operations]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [SolarWinds Flaw Flagged by NATO Pen Tester]( The latest platform update from SolarWinds includes patches for three vulnerabilities, including two high-severity bugs. LATEST FROM THE EDGE [Making Choices that Lead to Stronger Vulnerability Management]( The threat environment will continue to grow in complexity. Now is the time for organizations to streamline how they manage and mitigate overlooked vulnerabilities. LATEST FROM DR TECHNOLOGY [Tokenization Moves Beyond Payments to Personal Privacy]( Pseudonymous masking has made credit card transactions more secure, but Visa has even greater plans for tokenization: giving users control of their data. LATEST FROM DR GLOBAL [Governments, Businesses Tighten Cybersecurity Around Hajj Season]( While cyberattacks drop slightly during the week of the Islamic pilgrimage, organizations in Saudi Arabia and other countries with large Muslim populations see attacks on the rise. WEBINARS - [Intruders in the Library: Exploring DLL Hijacking Using Cortex XDR Analytics]( - [Preventing Attackers From Wandering Through Your Enterprise Infrastructure]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [A Year in Review of Zero-Days Exploited In-the-Wild in 2023]( - [Leveling Up Cyber-Threat Intelligence Maturity for More Value and Better Insights]( - [Elastic named a Leader in The Forrester Wave™: Security Analytics Platforms, Q4 2022]( - [A Short Primer on Container Scanning]( - [The Cloud Threat Landscape: Security learnings from analyzing 500+ cloud environments]( - [The Future of Cloud Security: Attack Paths & Graph-based Technology]( - [Cisco Panoptica for Simplified Cloud-Native Application Security]( [View More White Papers >>]( FEATURED REPORTS - [Elastic named a Leader in The Forrester Wave™: Security Analytics Platforms, Q4 2022]( - [EMA: AI at your fingertips: How Elastic AI Assistant simplifies cybersecurity]( - [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=124041&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly_06.13.24&sp_cid=53943&utm_content=DR_NL_Dark%20Reading%20Weekly_06.13.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#16 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)