Security News

Rather it's more likely to be used very selectively, at least on those that haven't patched. The advisory [PDF] recommends only one type of password, Cisco's Type 8, which uses either Password-Based Key Derivation Function version 2, SHA-256, an 80-bit salt - one NSA wit described it as "What Type 4 was meant to be," in the document.

WordPress has taken the rare step of force-updating the UpdraftPlus plugin on all sites to fix a high-severity vulnerability allowing website subscribers to download the latest database backups, which often contain credentials and PII. Three million sites use the popular WordPress plugin, so the potential for exploitation was substantial, affecting a significant share of the internet, including large platforms. The vulnerability affects UpdraftPlus versions 1.16.7 to 1.22.2, and the developers fixed it with the release of 1.22.3 or 2.22.3 for the Premium version.

Adobe has released an out-of-band security update for Adobe Commerce and Magento Open Source to address active exploitation of a known vulnerability, and Google has an emergency issue, too. "Adobe is aware that CVE-2022-24086 has been exploited in the wild in very limited attacks targeting Adobe Commerce merchants," the Silicon Valley stalwart said.

The US Cybersecurity and Infrastructure Security Agency has added nine new flaws to its collection of actively exploited vulnerabilities, including two recently patched zero-days impacting Google Chrome and Adobe Commerce/Magento Open Source. The Chrome vulnerability is a high severity use after free bug that can let attackers execute arbitrary code or escape the browser's security sandbox on computers running unpatched Chrome versions addressed in Chrome 98.0.4758.102.

The US Cybersecurity and Infrastructure Security Agency has added nine new flaws to its collection of actively exploited vulnerabilities, including two recently patched zero-days impacting Google Chrome and Adobe Commerce/Magento Open Source. The Chrome vulnerability is a high severity use after free bug that can let attackers execute arbitrary code or escape the browser's security sandbox on computers running unpatched Chrome versions addressed in Chrome 98.0.4758.102.

Google on Monday issued 11 security fixes for its Chrome browser, including a high-severity zero-day bug that's actively being jumped on by attackers in the wild. To fix the Animation problem, along with 10 other security issues, Google released Chrome 98.0.4758.102 for Windows, Mac, and Linux, due to roll out over coming days or weeks.

Adobe on Sunday rolled out patches to contain a critical security vulnerability impacting its Commerce and Magento Open Source products that it said is being actively exploited in the wild. The California-headquartered company also pointed out that the vulnerability is only exploitable by an attacker with administrative privileges.

Here on Naked Security, we've been lamenting the mysterious nature of Apple's security updates for ages. In the sudo bug case, Apple did eventually come to the party, and updated its own products in September.

iOS users: Patch now to avoid falling prey to this WebKit vulnerability. iOS users may have noticed an unexpected software update on their devices yesterday, and Apple is urging everyone to install that update immediately to avoid falling prey to a use-after-free vulnerability that could allow an attacker to execute arbitrary code on a victim's device.

The U.S. Cybersecurity & Infrastructure Security Agency has added to the catalog of vulnerabilities another 15 security issues actively used in cyberattacks.CISA's warning about these vulnerabilities serves as a wake-up call to all system administrators that they need to prioritize installing security updates to protect the organization's network.