Security News > 2023 > July

Microsoft on Tuesday released updates to address a total of 130 new security flaws spanning its software, including six zero-day flaws that it said have been actively exploited in the wild. The Windows makers said it's aware of targeted attacks against defense and government entities in Europe and North America that attempt to exploit CVE-2023-36884 by using specially-crafted Microsoft Office document lures related to the Ukrainian World Congress, echoing the latest findings from BlackBerry.

The demand for these services has led to criminal service providers springing up to supply these needs, and in an almost virtuous cycle of malice, this supply of cybercrime services enables the entire cybercrime threat landscape. Actors can now buy malware, infrastructure, and phishing as a service; they can even easily purchase access to victims from initial access brokers.

Google Cloud's AML AI represents an advancement in the fight against money laundering. In this Help Net Security interview, Anna Knizhnik, Director, Product Management, Cloud AI, Financial Services, at Google Cloud, explains how Google Cloud's AML AI outperforms current systems, lowers operational costs, enhances governance, and improves the customer experience by reducing false positives and minimizing compliance verification checks.

Despite economic obstacles and constraints on IT budgets, global CIOs maintain a positive outlook on the potential of technology to provide significant benefits for their organizations, according...

The Ultimate Guide to Certified in Cybersecurity covers everything you need to know about the entry-level credential recognized by organizations worldwide. Inside, learn how CC starts you on your path to advanced cybersecurity certification and how to access free Official² Online Self-Paced Training and one free CC exam.

Patch Tuesday Microsoft today addressed 130 CVE-listed vulnerabilities in its products - and five of those bugs have already been exploited in the wild. A full list of security updates and advisories in this month's Patch Tuesday batch can be found here from the IT giant, or here from the ZDI. In summary, there are fixes for Windows, Office,.

Apple's offical upgrade pathway at least for its mobile devices, has always been to supply full, system-level patches that can never be rolled back, because Apple doesn't like the idea of users deliberately downgrading their own systems in order to exploit old bugs for the purpose of jailbreaking their own devices or installing alternative operating systems. As a result, even when Apple produced emergency one-bug or two-bug fixes for zero-day holes that were already being actively exploited, the company needed to come up with what was essentially a one-way upgrade, even though all you really needed was a minmalistic update to one component of the system to patch a clear and present danger.

Microsoft has begun the forced rollout of its Windows 11 22H2 'Moment 3' update, which introduces several new features and improvements to the operating system. In contrast to the two major feature updates that Windows 10 receives annually, Windows 11 will only receive one update yearly.

The second-ever Apple Rapid Security Response just came out. The last point above is surprisingly important, given that Apple absolutely will not allow you to uninstall full-on system updates to your iPhones or iPads, even if you find that they cause genuine trouble and you wish you hadn't applied them in the first place.

For July 2023 Patch Tuesday, Microsoft has delivered 130 patches; among them are four for vulnerabilites actively exploited by attackers, but no patch for CVE-2023-36884, an Office and Windows HTML RCE vulnerability exploited in targeted attacks aimed at defense and government entities in Europe and North America. "Microsoft is investigating reports of a series of remote code execution vulnerabilities impacting Windows and Office products. Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially-crafted Microsoft Office documents," the company said in the advisory for that particular CVE-numbered vulnerability.