Cyberespionage and used car salesmen. Email extortion through embarrassment, not encryption. The personal is the professional. And a look back at Patch Tuesday.
A Chinese threat actor hits US organizations with a Microsoft cloud exploit. Open source tools allow threat actors to exploit a loophole in Microsoft's kernel driver authentication procedures. A RomCom update. Beamer phishbait, email extortion attacks and digital blackmail. A new report concludes companies allowing personal employee devices onto their network are opening themselves to attack. Tim Starks from the Washington Post looks at Microsoft’s recent woes. Our guest is Eyal Benishti from IRONSCALES with insights on business email compromise. And a July Patch Tuesday retrospective.
Mitigation for China-Based Threat Actor Activity (Microsoft On the Issues)
Microsoft mitigates China-based threat actor Storm-0558 targeting of customer email (Microsoft Security Response Center)
Chinese hackers breach U.S. government email through Microsoft cloud (Washington Post)
U.S. Government Emails Hacked in Suspected Chinese Espionage Campaign (Wall Street Journal)
Storm-0978 attacks reveal financial and espionage motives (Microsoft Security)
Microsoft: Unpatched Office zero-day exploited in NATO summit attacks (BleepingComputer)
Threat spotlight: Extortion attacks (Barracuda)
July 2023 Security Updates (Security Update Guide - Microsoft Security Response Center)
Microsoft Releases July 2023 Security Updates (Cybersecurity and Infrastructure Security Agency CISA)
Microsoft July 2023 Patch Tuesday warns of 6 zero-days, 132 flaws (BleepingComputer)
Fortinet Releases Security Update for FortiOS and FortiProxy (Cybersecurity and Infrastructure Security Agency CISA)
Adobe Releases Security Updates for ColdFusion and InDesign (Cybersecurity and Infrastructure Security Agency CISA)