Security News > 2022 > February

Adobe on Sunday rolled out patches to contain a critical security vulnerability impacting its Commerce and Magento Open Source products that it said is being actively exploited in the wild. The California-headquartered company also pointed out that the vulnerability is only exploitable by an attacker with administrative privileges.

British power companies, which, for better or worse, are privatised rather that state-run, are required to pay out compensation to customers who did not receive the service promised in their contract. Let's hope that the software code controlling Northern Powergrid's power delivery has been reviewed and tested more thoroughly than the account compensation software that runs when power delivery fails.

Sports equipment and sportswear brand Mizuno is affected by phone outages and order delays after being hit by ransomware, BleepingComputer has learned from sources familiar with the attack. Mizuno is a Japanese sports equipment and sportswear company with over 3,800 employees and locations throughout Asia, Europe, and North America.

The US Federal Trade Commission said today that it will take legal action against Voice-over-Internet Protocol service providers who do not hand over information requested during robocall investigations. The Commission charged Alcazar Networks in December 2020 with facilitating illegal telemarketing calls after it provided VoIP services to an Indian company that used "911" as the caller ID and impersonated the Social Security Administration.

QNAP has extended support and will keep issuing security updates for some end-of-life network-attached storage devices until October 2022. "Due to these reasons, QNAP normally maintains security updates for 4 years after a product passes its EOL date. As a special effort to help users protect their devices from today's security threats, QNAP has extended security updates for some EOL models till October 2022.".

This is a current list of where and when I am scheduled to speak: I’m speaking at IT-S Now 2022 in Vienna on June 2, 2022. I’m speaking at the 14th International Conference on Cyber Conflict,...

If disaster strikes your organization, you'll want to restore your data to precisely where it was seconds before. Why would you rely on data protection tooling designed for the early 21st century?

The developer of several popular mods for the Cities: Skylines city-building game has been banned after malware was discovered hidden in their mods. The modder, who goes by the handle Chaos as well as Holy Water, reportedly tucked an automatic updater into several mods that enabled the author to deliver malware to anybody who downloaded them.

A zero-day remote code-execution bug in the Magento 2 and Adobe Commerce platforms has been actively exploited in the wild, Adobe said - prompting an emergency patch to roll out over the weekend. If you are running Magento 2.3 or 2.4, install the custom patch from Adobe ASAP, ideally within the next few hours;.

The US Federal Bureau of Investigation revealed that the BlackByte ransomware group has breached the networks of at least three organizations from US critical infrastructure sectors in the last three months. "As of November 2021, BlackByte ransomware had compromised multiple US and foreign businesses, including entities in at least three US critical infrastructure sectors.," the federal law enforcement agency said [PDF].