Security News

CISA orders agencies to patch vulnerability used in Stuxnet attacks
2022-09-16 16:29

The U.S. Cybersecurity and Infrastructure Security Agency has added half a dozen vulnerabilities to its catalog of Known Exploited Vulnerabilities and is ordering federal agencies to follow vendor's instructions to fix them. CISA is giving federal agencies until October 6th to patch security vulnerabilities that have been reported between 2010 and 2022.

CISA orders agencies to patch Windows, iOS bugs used in attacks
2022-09-14 16:48

CISA added two new vulnerabilities to its list of security bugs exploited in the wild today, including a Windows privilege escalation vulnerability and an arbitrary code execution flaw affecting iPhones and Macs. Apple also patched the arbitrary code execution vulnerability on Monday and confirmed that it was exploited in attacks as a zero-day bug in the iOS and macOS kernel.

Patch your Mitel VoIP systems, Lorenz ransomware gang is back on the prowl
2022-09-13 18:38

The Lorenz ransomware gang is exploiting a vulnerability in Mitel VoIP appliances to break corporate networks. Threat hunters with cybersecurity firm Arctic Wolf Labs recently found that Lorenz - a prolific group that has been around since at least early 2021 and lately is primarily targeting SMBs in the US, China, and Mexico - used a vulnerability in a MiVoice VoIP appliance from Mitel to get into a victim's network before deploying Microsoft's BitLocker Drive Encryption tool to encrypt the data.

Microsoft September 2022 Patch Tuesday fixes zero-day used in attacks, 63 flaws
2022-09-13 17:36

Today is Microsoft's September 2022 Patch Tuesday, and with it comes fixes for an actively exploited Windows vulnerability and a total of 63 flaws. Five of the 63 vulnerabilities fixed in today's update are classified as 'Critical' as they allow remote code execution, one of the most severe types of vulnerabilities.

Apple Releases iOS and macOS Updates to Patch Actively Exploited Zero-Day Flaw
2022-09-13 03:36

Apple has released another round of security updates to address multiple vulnerabilities in iOS and macOS, including a new zero-day flaw that has been used in attacks in the wild.It's worth noting that CVE-2022-32917 is also the second Kernel related zero-day flaw that Apple has remediated in less than a month.

Week in review: Free online cybersec courses, Signal post-quantum upgrade, Patch Tuesday forecast
2022-09-11 08:00

Apple strengthens security and privacy in iOS 16Apple announced additional security and privacy updates for its newest mobile operating system. Government guide for supply chain security: The good, the bad and the uglyJust as developers and security teams were getting ready to take a breather and fire up the BBQ for the holiday weekend, the U.S.'s most prestigious security agencies dropped a 60+ page recommended practice guide, Securing the Software Supply Chain for Developers.

High-risk ConnectWise Automate vulnerability fixed, admins urged to patch ASAP
2022-09-09 09:27

ConnectWise has fixed a vulnerability in ConnectWise Automate, a popular remote monitoring and management tool, which could allow attackers to compromise confidential data or other processing resources.The severity of the vulnerability is merely "Important", as its exploitation requires additional access and/or privilege, but ConnectWise recommends administrators of on-premise instances to patch as soon as possible.

September 2022 Patch Tuesday forecast: No sign of cooling off
2022-09-09 06:32

August 2022 Patch Tuesday provided critical updates for all Microsoft operating systems as well as an unexpected update for Internet Explorer 11. All these products are in common use, so ensure you include these updates in your patch Tuesday process if you haven't deployed them already.

Dump these small-biz routers, says Cisco, because we won't patch their flawed VPN
2022-09-08 23:26

Cisco patched three security vulnerabilities in its products this week, and said it will leave unpatched a VPN-hijacking flaw that affects four small business routers. Cisco said its Product Security Incident Response Team has not seen any public disclosures about the vulnerability nor evidence that any cybercriminal has exploited the flaw.

CISA orders agencies to patch Chrome, D-Link flaws used in attacks
2022-09-08 19:11

CISA has added 12 more security flaws to its list of bugs exploited in attacks, including two critical D-Link vulnerabilities and two zero-days in Google Chrome and the Photo Station QNAP software. The Google Chrome zero-day was patched on September 2nd via an emergency security update after the company was made aware of in-the-wild exploitation.