Security News > 2022 > February
This security hole made it possible for attackers to trick the plugin into accessing and including a server-side file. Simply put, a malicious visitor could trick an unpatched server into serving up a file it's not supposed to, such as the server's own username database, or coerce the server into running a script it shouldn't, thus creating a remote code execution hole.
Optional updates for Windows 10 and Windows 11 released in January have fixed performance problems when playing games, using the operating system, or even opening folders in File Explorer. Microsoft later released out-of-band updates to fix these issues, whose fixes were also rolled into the optional preview updates.
Six months after LibreOffice 7.2, version 7.3 is out with faster and more accurate file importing and rendering for improved compatibility with Microsoft Office. The new release is the latest "Fresh" version.
Intel says its engineers are partnering with security researchers to hunt for vulnerabilities in firmware, GPUs, hypervisors, chipsets, and other products in a new expansion to its bug bounty program. Last year, 97 out of the 113 externally found security vulnerabilities were reported by researchers who joined the public bug bounty program, according to Intel.
KP Snacks, a major producer of popular British snacks has been hit by the Conti ransomware group affecting distribution to leading supermarkets. A cyber attack on British snack giant, KP Snacks has now escalated to supply chain disruption around the UK. Because of the attack, deliveries from the company to leading superstores are reportedly being delayed or canceled altogether.
Microsoft Sentinel now comes with support for continuous GitHub threat monitoring, which helps keep track of potentially malicious events after ingesting GitHub enterprise repository logs. "Today, together with Microsoft Sentinel, you can connect your enterprise-licensed GitHub repository environment to the Microsoft Sentinel workspace and ingest the GitHub audit log - tracking events such as new repository creation or deletion, counting the number of repository clones, and more," Microsoft explained.
Even think tanks with close links to the UK's Conservative government are now criticising the Online Safety Bill, with the Institute of Economic Affairs describing it today as "a significant threat to freedom of speech, privacy and innovation." The IEA, which tends to side with free-market conservatives, said today that the controversial legislation needs an independent reviewer to prevent it causing harms to people using the internet in Britain.
Morley Companies Inc. disclosed a data breach after suffering a ransomware attack on August 1st, 2021, allowing threat actors to steal data before encrypting files. Morley is a US company offering business services to Fortune 500 and Global 100 firms, including meeting management, back-office processing, contact centers, the creation of trade show exhibits, and more.
The Open Source Security Foundation announced $10 million in funding from a pool of tech and financial companies, including $5 million from Microsoft and Google, to find vulnerabilities in open...
A new SEO poisoning campaign is underway, dropping the Batloader and Atera Agent malware onto the systems of targeted professionals searching for productivity tool downloads, such as Zoom, TeamViewer, and Visual Studio. These campaigns rely on the compromise of legitimate websites to plant malicious files or URLs that redirect users to sites that host malware disguised as popular apps.