Security News

Threat actors exchange beacons for badgers to evade endpoint securityUnidentified cyber threat actors have started using Brute Ratel C4, an adversary simulation tool similar to Cobalt Strike, to try to avoid detection by endpoint security solutions and gain a foothold on target networks, Palo Alto Networks researchers have found. Attackers are using deepfakes to snag remote IT jobsMalicious individuals are using stolen personally identifiable information and voice and video deepfakes to try to land remote IT, programming, database and software-related jobs, the FBI has warned last week.

With those major updates now in place, could we see a summertime lull in the July 2022 Patch Tuesday updates? We saw a rare SQL server update last Patch Tuesday and I don't anticipate another this month.

The maintainers of the OpenSSL project have released patches to address a high-severity bug in the cryptographic library that could potentially lead to remote code execution under certain scenarios. The issue, now assigned the identifier CVE-2022-2274, has been described as a case of heap memory corruption with RSA private key operation that was introduced in OpenSSL version 3.0.4 released on June 21, 2022.

Google on Monday shipped security updates to address a high-severity zero-day vulnerability in its Chrome web browser that it said is being exploited in the wild. The shortcoming, tracked as CVE-2022-2294, relates to a heap overflow flaw in the WebRTC component that provides real-time audio and video communication capabilities in browsers without the need to install plugins or download native apps.

CISA has re-added a security bug affecting Windows devices to its list of bugs exploited in the wild after removing it in May due to Active Directory certificate authentication issues caused by Microsoft's May 2022 updates. The flaw is an actively exploited Windows LSA spoofing vulnerability tracked as CVE-2022-26925 and confirmed to be a new PetitPotam Windows NTLM Relay attack vector.

The latest version of the OpenSSL library has been discovered as susceptible to a remote memory-corruption vulnerability on select systems. OpenSSL 1.1.1 as well as OpenSSL forks BoringSSL and LibreSSL are not affected.

WordPress websites using a widely used plugin named Ninja Forms have been updated automatically to remediate a critical security vulnerability that's suspected of having been actively exploited in the wild. Ninja Forms is a customizable contact form builder that has over 1 million installations.

WordPress sites using Ninja Forms, a forms builder plugin with more than 1 million installations, have been force-updated en masse this week to a new build that addresses a critical security vulnerability likely exploited in the wild. If the plugin hasn't yet been updated automatically to the patched version, you can also manually apply the security update from the dashboard.

Microsoft officially released fixes to address an actively exploited Windows zero-day vulnerability known as Follina as part of its Patch Tuesday updates. Tracked as CVE-2022-30190, the zero-day bug relates to a remote code execution vulnerability affecting the Windows Support Diagnostic Tool when it's invoked using the "Ms-msdt:" URI protocol scheme from an application such as Word.

A few hours ago, we recorded this week's Naked Security podcast, right on Patch Tuesday itself. We said as much in the podcast, and inferred, that Follina either wasn't really considered a bug, and therefore didn't get fixed, or was still in the process of getting some sort of fix that wasn't ready in time.