Security News > 2022

Cisco released a security update warning about a handful of vulnerabilities lurking in its networking technology, led by a critical bug in the company's StarOS debug services. Cisco pushed out a fix for its Cisco StarOS Software on Wednesday.

Threat actors have weaponized a newly discovered bug in SolarWinds Serv-U file-sharing software to launch Log4j attacks against networks' internal devices, Microsoft warned on Wednesday. SolarWinds fixed the vulnerability in Serv-U version 15.3, released on Tuesday.

The FBI has formally linked the Diavol ransomware operation to the TrickBot Group, the malware developers behind the notorious TrickBot banking trojan. A month later, IBM X-Force researchers established a stronger connection between Diavol ransomware and other TrickBot Gang's malware, such as Anchor and TrickBot.

The Microsoft RDP vulnerability is a serious problem, but with a few caveats: It's been patched, and experts say it may be less likely to happen than it seems at first glance. A recently discovered vulnerability in Microsoft's remote desktop protocol goes back to Windows Server 2012 R2 and lets anyone who can connect to an RDP session gain near total control over other RDP users, launching a man-in-the-middle attack.

NIS is the main law controlling security practices in the UK today. Currently a straight copy of the EU NIS Directive, one of the benefits of Brexit leapt upon by the Department for Digital, Culture, Media and Sport is the new ability to amend NIS's reporting thresholds.

LastPass's Premium Plan keeps your digital life secure and at your fingertips with management for an unlimited number of passwords and seamless access across all of your devices. Password managers are a far better alternative to jotting down your passwords in a notebook in your desk drawer, but with so many to choose from, it can feel like a task in itself to simply find the right one for you.

Typically, a web browser permits scripts on one web page to access data on a second web page only if both pages have the same origin/back-end server. Without this security policy in place, a snooper who manages to inject a malicious script into one website would be able to have free access to any data contained in other tabs the victim may have open in the browser, including access to online banking sessions, emails, healthcare portal data and other sensitive information.

The U.S. Treasury Department announced today sanctions against Volodymyr Oliynyk, a former Ukrainian official, for collecting and sharing info on critical Ukrainian infrastructure with Russia's Federal Security Service."As in previous Russian incursions into Ukraine, repeated cyber operations against Ukraine's critical infrastructure are part of Russia's hybrid tactics to threaten Ukraine."

ProtonMail has introduced an enhanced email tracking protection system for its web-based email solution that prevents senders from being tracked by recipients who open their messages. ProtonMail is an end-to-end encrypted email service based in Switzerland and uses a client-side encryption approach to maintain user privacy and protect their communications from snooping intermediaries.

The WordPress WP HTML Mail plugin, installed in over 20,000 sites, is vulnerable to a high-severity flaw that can lead to code injection and the distribution of convincing phishing emails. 'WP HTML Mail' is a plugin used for designing custom emails, contact form notifications, and generally tailored messages that online platforms send to their audience.