Microsoft Zero-Day Bugs Allow Security Feature Bypass | ChatGPT Browser Extension Hijacks Facebook Business Accounts

Security vendors urge organizations to fix the actively exploited bugs, in Microsoft Outlook and the Mark of the Web feature, immediately. Security vendors urge organizations to fix the actively exploited bugs, in Microsoft Outlook and the Mark of the Web feature, immediately. [TechWeb]( Follow Dark Reading: [RSS]( March 16, 2023 LATEST SECURITY NEWS & COMMENTARY [Microsoft Zero-Day Bugs Allow Security Feature Bypass]( Security vendors urge organizations to fix the actively exploited bugs, in Microsoft Outlook and the Mark of the Web feature, immediately. [ChatGPT Browser Extension Hijacks Facebook Business Accounts]( Between March 3 and March 9, at least 2,000 people a day downloaded the malicious "Quick access to ChatGPT" Chrome extension from the Google Play app store. [Access Control Gap in Microsoft Active Directory Widens Enterprise Attack Surface]( One researcher thinks trust is broken in AD. Microsoft disagrees that there's a security vulnerability. But enterprise IT environments should be aware of an authentication gap either way. [Cyberattackers Continue Assault Against Fortinet Devices]( Patched earlier this month, a code-execution vulnerability is the latest FortiOS weakness to be exploited by attackers, who see the devices as well-placed targets for initial access operations. [US Lawmakers Face Cyberattacks, Potential Physical Harm After DC Health Link Breach]( The threat actor who posted the data for sale has claimed credit for multiple other breaches, including one at grocery platform Weee! that exposed data on more than 1.1 million customers. [Analysts Spot a Wave of SVB-Related Cyber Fraud Striking the Business Sector]( Over the weekend, cybercriminals laid the groundwork for Silicon Valley Bank-related fraud attacks that they're now starting to cash in on. Businesses are the targets and, sometimes, the enablers. [AI-Created YouTube Videos Spread Around Malware]( AI-generated videos pose as tutorials on how to get cracked versions of Photoshop, Premiere Pro, and more. [Hackers Lure Cybersecurity Researchers With Fake LinkedIn Recruiter Profiles]( Campaign demonstrates the DPRK-backed cyberattackers are gaining tools to avoid EDR tools. [5 Lessons Learned From Hundreds of Penetration Tests]( Developers must balance creativity with security frameworks to keep applications safe. Correlating business logic with security logic will pay in safety dividends. [How Businesses Can Get Ready for AI-Powered Security Threats]( Organizations need to take steps now to strengthen their cyber defenses. [How to Jump-Start Your Cybersecurity Career]( With more than 700,000 cybersecurity jobs available, now is a good time to consider a career change. [5 Critical Components of Effective ICS/OT Security]( These agile controls and processes can help critical infrastructure organizations build an ICS security program tailored to their own risk profile. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Meet Data Privacy Mandates With Cybersecurity Frameworks]( Protection laws are always evolving. Here's how you can streamline your compliance efforts . [Make Sure Your Cybersecurity Budget Stays Flexible]( CISOs' ability to pivot tight budgets is key to defense plans that can stand up to attackers. [MORE]( EDITORS' CHOICE [SVB Meltdown: What It Means for Cybersecurity Startups' Access to Capital]( The implosion of Silicon Valley Bank will impact investors, startups, and enterprise customers as they become more cautious over the near term, security experts say. LATEST FROM THE EDGE [How Patch Tuesday Keeps the Beat After 20 Years]( Patch Tuesday turned security updates from chaotic events into a routine. Here's how we got here and where things might be heading. LATEST FROM DR TECHNOLOGY [Researchers Create an AI Cyber Defender That Reacts to Attackers]( Based on deep reinforcement learning, the system can adapt to defenders' tactics and stop 95% of simulated attacks, according to its developers. WEBINARS - [Managing Identity in the Cloud]( Shifting identity management and provisioning to the cloud helps streamline these operations. It also brings a new set of challenges, including integrating and managing user identities, privileges, and other attributes used in various on-premise and cloud systems, especially if your ... - [Ten Emerging Vulnerabilities Every Enterprise Should Know]( Every day, black hat attackers and white hat researchers are discovering new security vulnerabilities in widely-used systems and applications that might be exploited to compromise your data. Are you aware of the newest - and potentially most impactful - vulnerabilities ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Why Account Security Doesn't Stop at Login]( - [Securing OT, Remote Access and Converged SOC Operations]( - [IT/OT Convergence Enables Security Operations Synergies]( - [Cloud Journey Adoption Stage: Securing Hybrid and Multi-cloud Environments]( - [The 4 Major Safety Checks Needed to Launch Your ASM Program into Orbit]( - [The 2022 State of Cloud Security Report]( - [Seven Ways to Avoid the Nightmare of a Cloud Misconfiguration Attack]( [View More White Papers >>]( FEATURED REPORTS - [The Promise and Reality of Cloud Security]( Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ... - [10 Hot Talks From Black Hat USA 2022]( Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ... - [2022 State of Network Management (a $499 Value FREE)]( We surveyed networking professionals about their networking budgets, spending priorities, and concerns. Find out how big of a role security is playing and how they plan to address it. Download the report today! [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [DirectDefense Reports the Top Threats From 2022 and What's Trending for 2023]( [SecurityScorecard Appoints Former US Congressman John Katko As Senior Advisor]( [Optiv More Than Doubles Federal Presence With ClearShark Acquisition]( [Samsung Next Invests in Mitiga, Brings Total Funding to $45M]( [Keeper Security Issues Top 5 Cybersecurity Tips for 2023 College Basketball Tournament]( [ThreatBlockr Announces Partnership With Engaged Security Partners]( [Forrester Study Reveals Businesses Are Insufficiently Prepared to Manage Enterprise Risks]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [The Promise and Reality of Cloud Security]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)