Security News

Atlassian: Confluence hardcoded password was leaked, patch now!
2022-07-22 15:05

Australian software firm Atlassian warned customers to immediately patch a critical vulnerability that provides remote attackers with hardcoded credentials to log into unpatched Confluence Server and Data Center servers. As the company revealed this week, the Questions for Confluence app creates a disabledsystemuser account with a hardcoded password to help admins migrate data from the app to the Confluence Cloud.

Atlassian Rolls Out Security Patch for Critical Confluence Vulnerability
2022-07-22 02:37

Atlassian has rolled out fixes to remediate a critical security vulnerability pertaining to the use of hard-coded credentials affecting the Questions For Confluence app for Confluence Server and Confluence Data Center. While this account, Atlassian says, is to help administrators migrate data from the app to Confluence Cloud, it's also created with a hard-coded password, effectively allowing viewing and editing all non-restricted pages within Confluence by default.

Microsoft's latest security patch troubles Windows 11 users
2022-07-18 14:00

Complaints over Microsoft's latest patch Tuesday have intensified after some Windows 11 users found their systems worse for wear following installation. The July 12 patch, KB5015814, was a relatively straightforward one that dealt with a number of what Microsoft delicately termed "Security issues" in its summary.

CISA Urges Patch of Exploited Windows 11 Bug by Aug. 2
2022-07-18 12:19

A Windows 11 vulnerability, part of Microsoft's Patch Tuesday roundup of fixes, is being exploited in the wild, prompting the U.S. Cybersecurity and Infrastructure Security Agency to advise patching of the elevation of privileges flaw by August 2. The recommendation is directed at federal agencies and concerns CVE-2022-22047, a vulnerability that carries a CVSS score of high and exposes Windows Client Server Runtime Subsystem used in Windows 11 and also Windows Server 2022 to attack.

Microsoft Releases Fix for Zero-Day Flaw in July 2022 Security Patch Rollout
2022-07-12 22:36

Microsoft released its monthly round of Patch Tuesday updates to address 84 new security flaws spanning multiple product categories, counting a zero-day vulnerability that's under active attack in the wild. Very little is known about the nature and scale of the attacks other than an "Exploitation Detected" assessment from Microsoft.

Microsoft's July Patch Tuesday fixes actively exploited bug
2022-07-12 22:11

Despite worries that Patch Tuesday may not be as exciting now that Microsoft's Windows Autopatch is live - with a slew of caveats - the second Tuesday of this month arrived with 84 security fixes, including 4 critical bugs and one that's under active exploit. Microsoft deemed it an "Important" security issue, with low complexity and low privileges required to exploit.

CISA orders agencies to patch new Windows zero-day used in attacks
2022-07-12 21:10

CISA has added an actively exploited local privilege escalation vulnerability in the Windows Client/Server Runtime Subsystem to its list of bugs abused in the wild.This high severity security flaw impacts both server and client Windows platforms, including the latest Windows 11 and Windows Server 2022 releases.

Microsoft July 2022 Patch Tuesday fixes exploited zero-day, 84 flaws
2022-07-12 17:24

Today is Microsoft's July 2022 Patch Tuesday, and with it comes fixes for one actively exploited zero-day vulnerability and a total of 84 flaws. This month's Patch Tuesday fixes an actively exploited zero-day elevation of privileges vulnerability.

Week in review: Quantum-resistant encryption, attackers using deepfakes, Patch Tuesday forecast
2022-07-10 08:30

Threat actors exchange beacons for badgers to evade endpoint securityUnidentified cyber threat actors have started using Brute Ratel C4, an adversary simulation tool similar to Cobalt Strike, to try to avoid detection by endpoint security solutions and gain a foothold on target networks, Palo Alto Networks researchers have found. Attackers are using deepfakes to snag remote IT jobsMalicious individuals are using stolen personally identifiable information and voice and video deepfakes to try to land remote IT, programming, database and software-related jobs, the FBI has warned last week.

July 2022 Patch Tuesday forecast: A summertime lull?
2022-07-08 05:01

With those major updates now in place, could we see a summertime lull in the July 2022 Patch Tuesday updates? We saw a rare SQL server update last Patch Tuesday and I don't anticipate another this month.