Security News

Critical Microsoft RPC runtime bug: No PoC exploit yet, but patch ASAP! (CVE-2022-26809)
2022-04-15 11:30

Three days have passed since Microsoft's latest Patch Tuesday, and CVE-2022-26809 has emerged as the vulnerability with the most exploitation potential. CVE-2022-26809 is a remote code execution vulnerability in Microsoft Remote Procedure Call runtime and affects a wide variety of Windows and Windows Server versions.

Critical Windows RPC CVE-2022-26809 flaw raises concerns — Patch now
2022-04-14 22:50

Microsoft has fixed a new Windows RPC CVE-2022-26809 vulnerability that is raising concerns among security researchers due to its potential for widespread, significant cyberattacks once an exploit is developed.If exploited, any commands will be executed at the same privilege level as the RPC server, which in many cases has elevated or SYSTEM level permissions, providing full administrative access to the exploited device.

CISA warns orgs to patch actively exploited Windows LPE bug
2022-04-13 22:48

The Cybersecurity and Infrastructure Security Agency has added ten new security bugs to its list of actively exploited vulnerabilities, including a high severity local privilege escalation bug in the Windows Common Log File System Driver. According to a binding operational directive issued in November, all Federal Civilian Executive Branch Agencies agencies must secure their systems against this security flaw after being added to CISA's catalog of Known Exploited Vulnerabilities.

Hackers exploit critical VMware CVE-2022-22954 bug, patch now
2022-04-13 18:32

A proof-of-concept exploit has been released online for the VMware CVE-2022-22954 remote code execution vulnerability, already being used in active attacks that infect servers with coin miners. The vulnerability is a critical remote code execution impacting VMware Workspace ONE Access and VMware Identity Manager, two widely used software products.

Critical Apache Struts RCE vulnerability wasn't fully fixed, patch now
2022-04-13 14:35

Apache has fixed a critical vulnerability in its vastly popular Struts project that was previously believed to have been resolved but, as it turns out, wasn't fully remedied. Tracked as CVE-2021-31805, the critical vulnerability exists in Struts 2 versions from 2.0.0 up to and including 2.5.29.

CISA adds 8 known security vulnerabilities as priorities to patch
2022-04-13 13:32

CISA adds 8 known security vulnerabilities as priorities to patch. The Cybersecurity & Infrastructure Security Agency, or CISA, maintains a database of known security vulnerabilities.

Microsoft's huge Patch Tuesday includes fix for bug under attack
2022-04-13 01:36

Microsoft's massive April Patch Tuesday includes one bug that has already been exploited in the wild and a second that has been publicly disclosed. While its severity score didn't rank as high as some on today's list - it received a 7.8 CVSS score aka "Important" - Microsoft stated its attack complexity low.

Microsoft April 2022 Patch Tuesday fixes 119 flaws, 2 zero-days
2022-04-12 17:40

Today is Microsoft's April 2022 Patch Tuesday, and with it comes fixes for two zero-day vulnerabilities and a total of 119 flaws. [...]

Week in review: Disrupted Cyclops Blink botnet, public software apps at risk, Patch Tuesday forecast
2022-04-10 08:00

Log4Shell exploitation: Which applications may be targeted next?Spring4Shell has dominated the information security news these last six days, but Log4Shell continues to demand attention and action from enterprise defenders as diverse vulnerable applications are being targeted in attacks in the wild. Security flaws found in 82% of public sector software applicationsVeracode has released new findings that show the public sector has the highest proportion of security flaws in its applications and maintains some of the lowest and slowest fix rates compared to other industry sectors.

Microsoft: Windows Autopatch steals the 'fun' from Patch Tuesdays
2022-04-09 14:00

Microsoft announced that Windows Autopatch, a service designed to automatically keep Windows and Office software up to date, will be released in July 2022. Windows Autopatch is a new managed service offered for free to all Microsoft customers who already have a Windows 10/11 Enterprise E3 or above license.