Security News > 2023 > April

Hats off to PaperCut in this case, because the company really is trying to make sure that all its customers know about the importance of two vulnerabilities in its products that it patched last month, to the point that it's put a green-striped shield at the top of its main web page that says, "Urgent security message for all NG/MF customers." We've seen companies that have admitted to unpatched zero-day vulnerabilities and data breaches in a less obvious fashion than this, which is why we're saying "Good job" to the Papercut team for what cybersecurity jargon would probably praise with the orotund phrase an abundance of caution.

VMware has released security updates to address zero-day vulnerabilities that could be chained to gain code execution systems running unpatched versions of the company's Workstation and Fusion software hypervisors. The two flaws were part of an exploit chain demoed by the STAR Labs team's security researchers one month ago, during the second day of the Pwn2Own Vancouver 2023 hacking contest.

Microsoft has released the optional KB5025297 Preview cumulative update for Windows 10 22H2, with eighteen fixes or changes. The KB5025297 cumulative update preview is part of Microsoft's optional non-security preview updates released on the Tuesday of the fourth week of a month.

Microsoft has released the optional April 2023 non-security cumulative updates for all editions of Windows 11 22H2 with a new option to prioritize non-security and feature Windows updates. After applying today's KB5025305 preview update, you can configure your PC to prioritize installing the latest available updates.

A new reflective Denial-of-Service amplification vulnerability in the Service Location Protocol allows threat actors to launch massive denial-of-service attacks with 2,200X amplification. This flaw, tracked as CVE-2023-29552, was discovered by researchers at BitSight and Curesec, who say that over 2,000 organizations are using devices that expose roughly 54,000 exploitable SLP instances for use in DDoS amplification attacks.

Critical gaps in existing solutions' capabilities, security architecture that doesn't recognize the browser as a prominent, standalone attack surface, and low resilience to web-borne threats are among the findings of a global survey by LayerX. 150 CISOs across multiple geographies and verticals were polled about their security practices across various disciplines that ultimately come down to securing users, data, and applications within the browser: secure SaaS access, SaaS security and data protection, BYOD, phishing protection, and browser security posture. Respondents' answers were classified according to their architecture: all-SaaS, hybrid, and mostly on-prem, showing how the relative importance of the browser increases concerning the level of the organization's SaaS adoption.

The Google Authenticator app has received a critical update for Android and iOS that allows users to back up their two-factor authentication one-time passwords to their Google Accounts and have multi-device support. Google Authenticator is an immensely popular authentication app with over 100 million installs that lets users generate these one-time passwords for 2FA verification.

Details have emerged about a high-severity security vulnerability impacting Service Location Protocol that could be weaponized to launch volumetric denial-of-service attacks against targets. "Attackers exploiting this vulnerability could leverage vulnerable instances to launch massive Denial-of-Service amplification attacks with a factor as high as 2200 times, potentially making it one of the largest amplification attacks ever reported," Bitsight and Curesec researchers Pedro Umbelino and Marco Lux said in a report shared with The Hacker News.

An Iranian nation-state threat actor has been linked to a new wave of phishing attacks targeting Israel that's designed to deploy an updated version of a backdoor called PowerLess. The attack chain documented by Check Point begins with an ISO disk image file that makes use of Iraq-themed lures to drop a custom in-memory downloader that ultimately launches the PowerLess implant.

Traditional metrics such as CVSS score or the number of vulnerabilities are insufficient for effective vulnerability management as they lack business context, prioritization, and understanding of attackers' opportunities. Modern vulnerability management integrates security tools such as scanners, threat intelligence, and remediation workflows to provide a more efficient and effective solution.