Security News

Samba has released software updates to remediate multiple vulnerabilities that, if successfully exploited, could allow an attacker to take control of affected systems. The high-severity flaws, tracked as CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141, have been patched in versions 4.17.4, 4.16.8 and 4.15.13 released on December 15, 2022.

Another month, another Microsoft Patch Tuesday, another 48 patches, another two zero-days. An astonishing tale about a bunch of rogue actors who tricked Microsoft itself into giving their malicious code an official digital seal of approval.

Updates to Windows Server that were included in Microsoft's Patch Tuesday batch of fixes this week could trip up users who want to spin up new virtual machines in some Hyper-V hosts. The software giant is warning the problem can arise after installing the KB5021249 or KB5021237 updates on Windows Server or Azure Stack HCI hosts that are managed by System Center Virtual Machine Manager and are in software-defined networking-enabled environments with a network controller.

Tech giant Microsoft released its last set of monthly security updates for 2022 with fixes for 49 vulnerabilities across its software products. The updates are in addition to 24 vulnerabilities that have been addressed in the Chromium-based Edge browser since the start of the month.

Today is Microsoft's December 2022 Patch Tuesday, and with it comes fixes for two zero-day vulnerabilities, including an actively exploited bug, and a total of 49 flaws. Six of the 49 vulnerabilities fixed in today's update are classified as 'Critical' as they allow remote code execution, one of the most severe types of vulnerabilities.

Citrix strongly urges admins to apply security updates for an 'Critical' zero-day vulnerability in Citrix ADC and Gateway that is actively exploited by state-sponsored hackers to gain access to corporate networks. Citrix ADC and Citrix Gateway version 13.1 are not affected by CVE-2022-27518, so upgrading to it solves the security problem.

An unauthenticated remote code execution flaw is being leveraged by a Chinese state-sponsored group to compromise Citrix Application Delivery Controller deployments, the US National Security Agency has warned. "Targeting Citrix ADCs can facilitate illegitimate access to targeted organizations by bypassing normal authentication controls."

Rackspace Hosted Exchange outage was caused by ransomwareRackspace has finally confirmed the cause of the security incident that resulted in an ongoing outage of its Hosted Exchange service: it's ransomware. Kali Linux 2022.4 released: Kali NetHunter Pro, desktop updates and new toolsOffensive Security has released Kali Linux 2022.4, the latest version of its popular penetration testing and digital forensics platform.

Microsoft wrapped up a lot of 'loose ends' last month with their November set of updates, but there is still some work to do before the end-of-year holiday season. Let's hope that Microsoft provides some comprehensive updates this month that can fine tune all these nagging stability and connectivity issues.

The flaw was patched as an actively exploited zero-day bug in the Google Chrome web browser on Friday for Windows, Mac, and Linux users. In a security advisory published right before the weekend, Google said it "Is aware of reports that an exploit for CVE-2022-4262 exists in the wild."