Security News > 2022 > April

Microsoft has released the Windows 11 KB5012592 cumulative update with security updates, quality improvements, and a fix that makes it easier to switch your default browser. KB5012592 is a mandatory cumulative update as it contains the April 2022 Patch Tuesday security updates for vulnerabilities discovered in previous months.

A local file read vulnerability in Amazon's Relational Database Service could be exploited to allow an attacker to gain access to internal AWS credentials, the cloud behemoth has confirmed. While no in-the-wild attacks exploited the bug, AWS confirmed it gave researchers access "To internal credentials that were specific to their Aurora cluster."

The Computer Emergency Response Team of Ukraine, with the help of ESET and Microsoft security experts, has thwarted a cyber attack by the Sandworm hackers, who tried to shut down electrical substations run by an energy provider in Ukraine. "We assess with high confidence that the attackers used a new version of the Industroyer malware, which was used in 2016 to cut power in Ukraine."

Today is Microsoft's April 2022 Patch Tuesday, and with it comes fixes for two zero-day vulnerabilities and a total of 119 flaws. [...]

Microsoft has released Windows 10 KB5012599 and KB5012591 cumulative updates for versions 21H2, version 21H1, version 20H2 and 1909 to fix security vulnerabilities and resolve bugs. This update is not available for May 2020 Update if you use the consumer edition, but the same update will be offered on devices using enterprise or education SKUs.

An Intel study finds that businesses are eager for cybersecurity and are keen to see how security can be baked into devices. Hardware-assisted security uses hardware extensions and components to support the security of higher-level machine layers, from the BIOS up through desktop applications.

High-end Italian fashion house Ermenegildo Zegna revealed on Monday that it was the target of a ransomware attack last August - and that it managed to recover its systems from back-up without paying a ransom. In a public filing this week the company acknowledged that it was a ransomware attack that "Impacted the majority of our IT systems" and ultimately led to some private accounting data stolen in the incident to be leaked online.

Microsoft has discovered a new malware used by the Chinese-backed Hafnium hacking group to maintain persistence on compromised Windows systems by creating and hiding scheduled tasks. "Further investigation reveals forensic artifacts of the usage of Impacket tooling for lateral movement and execution and the discovery of a defense evasion malware called Tarrask that creates 'hidden' scheduled tasks, and subsequent actions to remove the task attributes, to conceal the scheduled tasks from traditional means of identification."

Last December's Log4j crisis brought the danger of zero day vulnerabilities to the front pages. There is no way of knowing how many other open-source apps have zero day vulns, not to mention enterprise apps and APIs.

HP is warning of new critical security vulnerabilities in the Teradici PCoIP client and agent for Windows, Linux, and macOS that impact 15 million endpoints. Teradici PCoIP is a proprietary remote desktop protocol licensed to many virtualization product vendors, acquired by HP in 2021, and used on its own products since then.