Security News

CISA warns admins to patch maximum severity SAP vulnerability
2022-02-09 16:55

The US Cybersecurity and Infrastructure Security Agency has warned admins to patch a set of severe security flaws dubbed ICMAD and impacting SAP business apps using Internet Communication Manager. Yesterday, Onapsis Research Labs who found and reported CVE-2022-22536, one of the three ICMAD bugs and the one rated as a maximum severity issue, also cautioned SAP customers to patch them immediately.

Critical 'remote escalation' flaw in Android 12 fixed in Feb security patch batch
2022-02-09 08:28

The February edition of Google's monthly Android security update tackles, among other vulnerabilities, an eyebrow-raising critical flaw in Android 12. This February security patch batch marks the final official update for Google's Pixel 3 smartphones, which launched in October 2018, which is like a century ago for the internet goliath.

Microsoft and Other Major Software Firms Release February 2022 Patch Updates
2022-02-08 22:40

Microsoft on Tuesday rolled out its monthly security updates with fixes for 51 vulnerabilities across its software line-up consisting of Windows, Office, Teams, Azure Data Explorer, Visual Studio Code, and other components such as Kernel and Win32k. Among the 51 defects closed, 50 are rated Important and one is rated Moderate in severity, making it one of the rare Patch Tuesday updates without any fixes for Critical-rated vulnerabilities.

No Critical Bugs for Microsoft February 2022 Patch Tuesday, 1 Zero-Day
2022-02-08 20:24

Oh, blessed day: Microsoft's Patch Tuesday is a featherweight in comparison to some of its not-atypical, 10-ton security updates, with just 51 patches - none of them rated critical. February's patch-a-palooza is light not just in number of CVEs, but also in that it comes with nary a single patch that's labeled critical.

A “light” February 2022 Patch Tuesday that should not be ignored
2022-02-08 19:42

February 2022 Patch Tuesday is here and it's all-around "Light" - light in fixed CVE-numbered vulnerabilities, extremely light in critical fixes, and light in exploited vulnerabilities. Mac users of Microsoft Outlook may also want to patch CVE-2022-23280, a feature bypass vulnerability, quickly.

Microsoft February 2022 Patch Tuesday fixes 48 flaws, 1 zero-day
2022-02-08 18:27

Today is Microsoft's February 2022 Patch Tuesday, and with it comes fixes for one zero-day vulnerability and a total of 48 flaws. Microsoft has fixed 48 vulnerabilities with today's update, with none of them classified as Critical.

CISA Orders Federal Agencies to Patch Actively Exploited Windows Vulnerability
2022-02-06 21:03

The U.S. Cybersecurity and Infrastructure Security Agency is urging federal agencies to secure their systems against an actively exploited security vulnerability in Windows that could be abused to gain elevated permissions on affected hosts. To that end, the agency has added CVE-2022-21882 to the Known Exploited Vulnerabilities Catalog, necessitating that Federal Civilian Executive Branch agencies patch all systems against this vulnerability by February 18, 2022.

Week in review: Samba vulnerability, phishing kits bypassing MFA, Patch Tuesday forecast
2022-02-06 09:00

February 2022 Patch Tuesday forecast: A rough start for 2022January 2022 Patch Tuesday was a rough one for Microsoft - and us. Samba bug may allow code execution as root on Linux machines, NAS devicesA critical vulnerability in Samba, a widely used open source implementation of the Server Message Block networking protocol, could allow attackers to execute arbitrary code as root on affected Samba installations.

CISA orders federal agencies to patch actively exploited Windows bug
2022-02-04 18:05

The Cybersecurity and Infrastructure Security Agency has ordered federal agencies to patch their systems against an actively exploited Windows vulnerability that enables attackers to gain SYSTEM privileges. Per a binding operational directive issued in November and today's announcement, all Federal Civilian Executive Branch Agencies agencies are now required to patch all systems against this vulnerability, tracked as CVE-2022-21882 within two weeks, until February 18th. While BOD 22-01 only applies to FCEB agencies, CISA strongly urges all private and public sector organizations to reduce their exposure to ongoing cyberattacks by adopting this Directive and prioritizing mitigation of vulnerabilities included in its catalog of actively exploited security flaws.

Open-source Kubernetes tool Argo CD has a high-severity path traversal flaw: Patch now
2022-02-04 15:22

A zero-day vulnerability in open-source Kubernetes development tool Argo lets malicious people steal passwords from git-crypt and other sensitive information by simply uploading a crafted Helm chart. The vuln, tracked as CVE-2022-24438, exists in Argo CD, a widely used open-source continuous delivery tool for Kubernetes.