Security News > 2021
"The vulnerability affects Windows 10 and corresponding server editions of the Windows OS," said Chris Goettl, senior director of product management and security at Ivanti. "The Windows Fax Service is used by the Windows Fax and Scan application included in all versions of Microsoft Windows 7, Windows 8 and Windows 10 and some earlier versions."
A barcode scanner app, with over 10 million downloads, was booted from the Google Play marketplace after users began to complain of mobile-ad overload. The makers of the app, called Barcode Scanner, intentionally altered the code of the app via an update turning it from a benign app to adware, according to researchers. Tipped by a user, researchers at Malwarebytes explained, the publisher added new heavily obfuscated code to the app that directed the default mobile web browser to launch and serve-up ads - whether the barcode app was active or not.
For its February Patch Day, Microsoft released security advisories covering 56 CVE-assigned vulnerabilities, 11 of them rated critical. The Windows giant managed to publish a misspelled URL on the landing page for its February updates that instead of taking visitors to the intended Microsoft Security Response Center post about API changes, pointed to msrc-blog.
The Microsoft patch drop adds to the workloads for weary defenders struggling to keep pace with the volume and pace of security updates from major vendors. Earlier Tuesday, Adobe shipped fixes for multiple dangerous security holes, including a bug in the Adobe Reader that is being exploited in "Limited targeted attacks" against Windows OS users.
The ransomware attack against CD Projekt Red was conducted by a ransomware group that goes by the name 'HelloKitty,' and yes, that's the name the threat actors utilize. Today, CD Project disclosed that they were the target of a ransomware attack that encrypted devices on their network and led to the theft of unencrypted files.
Microsoft has plugged 56 security holes, including one actively exploited privilege escalation flaw. Adobe has released security updates for Acrobat and Reader, Dreamweaver, Photoshop, Illustrator, Animate, and the Magento CMS. Out of all of those, the Acrobat and Reader updates should be tested and deployed as soon as possible, as they fix a bucketload of critical and important issues in widely used solutions, including one bug that is being exploited in "Limited" attacks on Reader for Windows.
Adobe is warning of a critical vulnerability that has been exploited in the wild to target Adobe Reader users on Windows. "Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS," said Adobe on Tuesday.
You probably know that many companies these days have a way for bug hunters - some of whom make their living from figuring out out security holes in corporate websites and software - to report problems they've found, and potentially to get paid for their work. As haphazard as this sounds, bug bounty programmes usually follow a well-structured format, and professional bug hunters work carefully within well-defined limits while they're probing for holes.
Media company Plex has fixed a vulnerability in its media server that could have been used by hackers to strengthen DDoS attacks. In an announcement released last Friday and updated on Saturday, Plex said that it has issued hotfix 66 for Plex Media Server to address the flaw in its product.
Microsoft has urged customers today to install security updates for three Windows TCP/IP vulnerabilities rated as critical and high severity as soon as possible. The three TCP/IP security vulnerabilities impact computers running Windows client and server versions starting with Windows 7 and higher.