Security News

CISA orders agencies to patch iPhone bugs abused in spyware attacks
2023-06-23 18:06

Today, CISA ordered federal agencies to patch recently patched security vulnerabilities exploited as zero-days to deploy Triangulation spyware on iPhones via iMessage zero-click exploits. The attacks started in 2019 and are still ongoing, according to the company, and they use iMessage zero-click exploits that exploit the now-patched iOS zero-day bugs.

Apple patch fixes zero-day kernel hole reported by Kaspersky – update now!
2023-06-22 21:36

Right at the start of June 2023, well-known Russian cybersecurity outfit Kaspersky reported on a previously unknown strain of iPhone malware. Typically, iPhone malware that can compromise an entire device not only violates Apple's strictures about software downloads being restricted to the "Walled garden" of Apple's own App Store, but also bypasses Apple's much vaunted app separation, which is supposed to limit the reach of each app to a "Walled garden" of its own, containing only the data collected by that app itself.

CISA orders govt agencies to patch bugs exploited by Russian hackers
2023-06-22 19:04

Three of them were exploited by Russian APT28 cyberspies to hack into Roundcube email servers belonging to Ukrainian government organizations. While the KEV catalog's primary focus is alerting federal agencies of exploited vulnerabilities that must be patched as soon as possible, it is also highly advised that private companies worldwide prioritize addressing these bugs.

ASUS warns router customers: Patch now, or block all inbound requests
2023-06-20 18:14

Annoyingly for ASUS customers, perhaps, two of the now-patched vulnerabilities have been around waiting to be patched for a long time. Why ASUS took so long to patch these particular bugs is not mentioned in the company's official advisory, but handling HTTP "Escape codes" is a fundamental part of any software that listens to and uses web URLs.

ASUS urges customers to patch critical router vulnerabilities
2023-06-19 17:30

ASUS has released new firmware with cumulative security updates that address vulnerabilities in multiple router models, warning customers to immediately update their devices or restrict WAN access until they're secured.As the company explains, the newly released firmware contains fixes for nine security flaws, including high and critical ones.

Patch Tuesday fixes 4 critical RCE bugs, and a bunch of Office holes
2023-06-14 18:32

In case you were wondering, there were 26 Remote Code Execution patches, including four dubbed "Critical", although three of those seem to related bugs that were found and fixed together in a single Windows component. RCE patches generally cause the most concern, because they deal with bugs that can, in theory at least, be exploited by attackers who don't yet have a foothold on your network, which means they represent possible ways of criminals breaking-and-entering in the first place.

Microsoft Releases Updates to Patch Critical Flaws in Windows and Other Software
2023-06-14 07:50

Microsoft has rolled out fixes for its Windows operating system and other software components to remediate major security shortcomings as part of Patch Tuesday updates for June 2023. It's worth noting that Microsoft also closed out 26 other flaws in Edge - all of them rooted in Chromium itself - since the release of May Patch Tuesday updates.

June Patch Tuesday: VMware vuln under attack by Chinese spies, Microsoft kinda meh
2023-06-13 20:32

Microsoft has released security updates for 78 flaws for June's Patch Tuesday, and luckily for admins, none of these are under exploit. CVE-2023-29357, a Microsoft SharePoint Server Elevation of Privilege Vulnerability, is one that Redmond lists as "Exploitation more likely." This may be because it, when chained with other bugs, was used to bypass authentication during March's Pwn2Own contest.

June 2023 Patch Tuesday: Critical patches for Microsoft Windows, SharePoint, Exchange
2023-06-13 18:36

For June 2023 Patch Tuesday, Microsoft has delivered 70 new patches but, for once, none of the fixed vulnerabilities are currently exploited by attackers nor were publicly known before today! Microsoft has previously fixed CVE-2023-3079, a type confusion vulnerability in Chromium's V8 JavaScript engine, which was spotted being exploited by attackers to target Chrome users.

Microsoft June 2023 Patch Tuesday fixes 78 flaws, 38 RCE bugs
2023-06-13 17:28

Today is Microsoft's June 2023 Patch Tuesday, with security updates for 78 flaws, including 38 remote code execution vulnerabilities. While thirty-eight RCE bugs were fixed, Microsoft only listed six flaws as 'Critical,' including denial of service attacks, remote code execution, and privilege elevation.