CISA Recommends Organizations Update to the Latest Version of Google Chrome

Google last week reported seven vulnerabilities in the browser, four of which it rated as high severity. [TechWeb]( Follow Dark Reading: [RSS]( June 14, 2022 LATEST SECURITY NEWS & COMMENTARY [CISA Recommends Organizations Update to the Latest Version of Google Chrome]( Google last week reported seven vulnerabilities in the browser, four of which it rated as high severity. [DoS Vulnerability Allows Easy Envoy Proxy Crashes]( The DoS vulnerability allows an attacker to create a Brotli "zip bomb," resulting in acute performance issues on Envoy proxy servers. [Kaiser Permanente Breach Exposes Data on 70K Patients]( Employee email compromise potentially exposed patients' medical information, including lab test results and dates of services. [Exposed Travis CI API Leaves All Free-Tier Users Open to Attack]( Public Travis CI logs loaded with GitHub, AWS, Docker Hub account tokens, and other sensitive data could be leveraged for lateral cloud attacks. [3 Big Takeaways From the Verizon DBIR 2022]( The annual report is always filled with useful security information. Here are several of the most important lessons from this year's edition. [(Sponsored Article) Cracking the Email Security Code: 12 Best Practices for Small and Midsize Businesses]( It only takes one successful attack to spell disaster for a company. Learn how to protect your company with this email security best practice guide. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Black Basta Ransomware Targets ESXi Servers in Active Campaign]( The new ransomware strain Black Basta is now actively targeting VMware ESXi servers in an ongoing campaign, encrypting files inside a targeted volumes folder. [An Emerging Threat: Attacking 5G Via Network Slices]( A successful attack against 5G networks could disrupt critical infrastructure, manipulate sensor data, or even cause physical harm to humans. [Are You Ready for a Breach in Your Organization's Slack Workspace?]( A single compromised Slack account can easily be leveraged to deceive other users and gain additional access to other users and multiple Slack channels. [MORE]( EDITOR'S CHOICE [Design Weakness Discovered in Apple M1 Kernel Protections]( The proof-of-concept attack from MIT CSAIL researchers undermines the pointer authentication feature used to defend the Apple chip's OS kernel. LATEST FROM THE EDGE [In Security, Less Is More]( Cut away everything that costs more attention, storage, or time than its impact is worth. LATEST FROM DR TECHNOLOGY [Cisco Revamps Cloud Security Strategy With New Secure Access, SASE Portfolio]( The company's vision for the future of cloud security is based on simplified, horizontal coverage across multiple cloud platforms. WEBINARS - [Using Threat Modeling to Improve Enterprise Cyber Defenses]( As enterprises deal with multiple threats coming in different forms, security teams are shifting to a risk-based security to handle these challenges. One of the key tools is threat modeling, a process intended to help identify potential weaknesses and prioritize ... - [Implementing Zero Trust in Your Enterprise]( Attackers have shown time and again that perimeter security is no longer enough to keep them out. The concept of internal users and outsiders doesn't work in network defense when attackers use credential theft and lateral movement to pretend they ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Incorporating a Prevention Mindset into Threat Detection and Response]( - [Sumo Logic for Continuous Intelligence]( - [Five Cardinal Sins of Data Security and Privacy]( - [2022 The State of Application Data Privacy and Security]( - [Considerations for Evaluating Endpoint Detection and Response Solutions]( - [Protecting Endpoint to Work from Anywhere]( - [Optimizing Endpoint Protection]( [View More White Papers >>]( FEATURED REPORTS - [Practical Network Security Approaches for a Multicloud, Hybrid IT World]( The report covers areas enterprises should focus on for their multicloud/hybrid cloud security strategy: -increase visibility over the environment -learning cloud-specific skills -relying on established security frameworks -re-architecting the network - [Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal]( With attacks and breaches on the rise, enterprise security teams need full visibility over what they have in their network. DNS is a key tool for visibility and asset discovery. Proactive DNS-layer security - such as using DNS data to ... - [Rethinking Endpoint Security in a Pandemic and Beyond]( IT security teams are expending the concept of "endpoint security" as companies adjust to a distributed workforce. How much responsibility will enterprise IT take for the security of personal devices such as printers. How will they manage identities across multiple ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Corel Acquires Awingu]( [CrowdStrike Introduces CrowdStrike Asset Graph to Help Organizations Proactively Identify and Eliminate Blind Spots]( [CyberRatings.org Announces Test on Cloud Network Firewall]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Breaches Prompt Changes to Enterprise IR Plans and Processes]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)