Security News > 2023 > May

Microsoft has released the Windows 11 22H2 KB5026372 cumulative update to fix security vulnerabilities and introduce 20 changes, improvements, and bug fixes. KB5026372 is a mandatory Windows 11 cumulative update containing the May 2023 Patch Tuesday security updates that fix 38 vulnerabilities and three zero-days in various Microsoft products.

Microsoft has released the Windows 10 KB5026361 and KB5026362 cumulative updates for versions 22H2, version 21H2, version 21H1, and 1809 to fix problems and add new features to the operating system. Microsoft will automatically install these updates via Windows Update over the next few days.

Today is Microsoft's May 2023 Patch Tuesday, and security updates fix three zero-day vulnerabilities and a total of 38 flaws. Today's Patch Tuesday is one of the smallest in terms of resolved vulnerabilities, with only thirty-eight vulnerabilities fixed, not including eleven Microsoft Edge vulnerabilities fixed last week, on May 5th. Three zero-days fixed.

U.S. authorities have announced the seizure of 13 internet domains that offered DDoS-for-hire services to other criminal actors. The development comes almost five months after a "Sweep" in December 2022 dismantled 48 similar services for abetting paying users to launch distributed denial-of-service attacks against targets of interest.

A new Linux NetFilter kernel flaw has been discovered, allowing unprivileged local users to escalate their privileges to root level, allowing complete control over a system. Netfilter is a packet filtering and network address translation framework built into the Linux kernel that is managed through front-end utilities, such as IPtables and UFW. According to a new advisory published yesterday, corrupting the system's internal state leads to a use-after-free vulnerability that can be exploited to perform arbitrary reads and writes in the kernel memory.

EU MEPs want to start the public body - along with a host of other recommendations contained in a report that landed last night - after the so-called PEGA committee spent over a year looking into the use of Pegasus and equivalent spyware. In April, Citizen Lab and Microsoft both reported that a zero-click exploit allegedly developed by Israeli spyware company QuaDream - called "Reign" - was used to deliver spyware on devices running Apple's iOS 14 on victims' phones.

The development of the Snake malware started under the name "Uroburos" in late 2003, while the first versions of the implant were seemingly finalized by early 2004, with Russian state hackers deploying the malware in attacks immediately after. The malware is linked to a unit within Center 16 of the FSB, the notorious Russian Turla hacking group, and was disrupted following a coordinated effort named Operation MEDUSA. Among the computers ensnared in the Snake peer-to-peer botnet, the FBI also found devices belonging to NATO member governments.

In the early stages of the war in Ukraine in 2022, PIPEDREAM, a known malware was quietly on the brink of wiping out a handful of critical U.S. electric and liquid natural gas sites. PIPEDREAM is an attack toolkit with unmatched and unprecedented capabilities developed for use against industrial control systems.

The Biden administration, last week, articulated aims to put guardrails around generative and other AI, while attackers get bolder using the technology. The post White House addresses AI’s risks...

To address this issue, AI Spera released a new WordPress plugin called Anti-Brute Force, Login Fraud Detector, also known as Criminal IP FDS, on May 3rd. The plugin utilizes Criminal IP, an OSINT-based search engine, to provide real-time data and intelligence technology to detect and prevent fraudulent login attempts on WordPress websites comprehensively. What to expect from Criminal IP FDS plugin for WordPress.