Security News > 2022 > January

Advanced DDoS attacks that are typically targeted, known as smart attacks, rose by 31% in the same period. Further, 73% of DDoS attacks in Q3 2021 were multi-vector attacks that combined multiple techniques to attack the targeted systems.

The Federal Bureau of Investigation warned today that threat actors could potentially target the February 2022 Beijing Winter Olympics and March 2022 Paralympics. "The FBI to date is not aware of any specific cyber threat against the Olympics, but encourages partners to remain vigilant and maintain best practices in their network and digital environments," the US security service said in a private industry notification issued on Tuesday.

Microsoft has updated PowerToys with three new utilities, including a new mouse crosshair tool to quickly find the pointer on the screen and two new File Explorer add-ons. The new version also adds preview support for more than 150 developer and 3D file formats through two new File Explorer add-ons.

Security teams might have skipped January's Patch Tuesday after reports of it breaking servers, but it also included a patch for a privilege-escalation bug in Windows 10 that leaves unpatched systems open to malicious actors looking for administrative access. It's a bug that now has a proof-of-concept exploit available in the wild.

Samba has addressed a critical severity vulnerability that can let attackers gain remote code execution with root privileges on servers running vulnerable software. Samba is an SMB networking protocol re-implementation that provides file sharing and printing services across many platforms, allowing Linux, Windows, and macOS users to share files over a network.

Essential Addons for Elementor, a popular WordPress plugin used in over a million sites, has been found to have a critical remote code execution vulnerability in version 5.0.4 and older. The flaw allows an unauthenticated user to perform a local file inclusion attack, such as a PHP file, to execute code on the site.

Many distinguished font creators provide open source fonts available for personal and commercial use, and numerous free-and-properly-licensed font collections do exist, including the well-known Google Fonts. Google Fonts not only "Solves" your licensing issues by offering open source fonts that you are allowed to use commercially, it can also solve your "How to serve it" hassles, too.

Taiwanese company QNAP has warned customers to secure network-attached storage appliances and routers against a new ransomware variant called DeadBolt. "QNAP urges all QNAP NAS users to [] immediately update QTS to the latest available version."

"Recently the QNAP Product Security Incident Response Team detected that cybercriminals are taking advantage of a patched vulnerability, described in the QNAP Security Advisory, to launch a cyberattack," the NAS maker said today. "On January 27, 2022, QNAP set the patched versions of system software as 'Recommended Version.' If auto update for 'Recommended Version' is enabled on your QNAP NAS, the system will automatically update to certain OS version to enhance security and protection of your QNAP NAS, mitigating the attack from criminals."

A researcher who showed Apple how its webcams can be hijacked via a universal cross-site scripting bug Safari bug has been awarded what is reportedly a record $100,500 bug bounty. The bug could be used by an adversary as part of an attack to gain full access to every website ever visited by the victim.