Security News

Google on Monday released security updates for Chrome web browser to address a total of 11 security issues, two of which it says are actively exploited zero-days in the wild. Tracked as CVE-2021-30632 and CVE-2021-30633, the vulnerabilities concern an out of bounds write in V8 JavaScript engine and a use after free flaw in Indexed DB API respectively, with the internet giant credited anonymous researchers for reporting the bugs on September 8.

Manual updates required for existing Azure VMs. While working to address these bugs, Microsoft introduced an Enhanced Security commit on August 11, exposing all the details a threat actor would need to create an OMIGOD exploit. Automatic updates disabled: manually update extension using instructions here Azure Automation State Configuration, DSC Extension On Premises.

Some printers will request administrator credentials every time users try to print in Windows Point and Print environments due to a known issue caused by KB5005033 or later security updates addressing the PrintNightmare vulnerability. This happens because, after installing these PrintNightmare patches, only administrators are allowed to install or update drivers via Point and Print.

Two legacy IBM System x server models, retired in 2019, are open to attack and will not receive security patches, according to hardware maker Lenovo. The two models, IBM System x 3550 M3 and IBM System x 3650 M3, are both vulnerable to command injection attacks.

A day after Apple and Google rolled out urgent security updates, Microsoft has pushed software fixes as part of its monthly Patch Tuesday release cycle to plug 66 security holes affecting Windows and other components such as Azure, Office, BitLocker, and Visual Studio, including an actively exploited zero-day in its MSHTML Platform that came to light last week. Of the 66 flaws, three are rated Critical, 62 are rated Important, and one is rated Moderate in severity.

Intriguingly, Apple also fixed another in-the-wild bug at the same time, dubbed CVE-2021-30858. Even browsers such as Edge and Firefox, which usually use the Chromium and Gecko web rendering software respectively, have to use via WebKit instead, so WebKit security bugs can have widespread consequences on iPhones and iPads.

Today is Microsoft's September 2021 Patch Tuesday, and with it comes fixes for two zero-day vulnerabilities and a total of 60 flaws. Microsoft has fixed 60 vulnerabilities with today's update, with three classified as Critical, one as Moderate, and 56 as Important.

Designed to combat zero-day flaws exploited in Apple's operating systems, the patch applies to the iPhone, iPad, Apple Watch and Mac. Apple has pushed out an update for most of its major products to protect them from a strain of spyware that has already targeted a number of people.

Healthcare cybersecurity under attack: How the pandemic affected rural hospitalsIn this interview with Help Net Security, Baha Zeidan, CEO at Azalea Health, talks about how rural hospitals have been affected by the pandemic and what steps they should take to boost their cybersecurity posture. 3 ways to protect yourself from cyberattacks in the midst of an IT security skill shortageEnterprises face a catch-22 situation: Security is more vital than ever, but cybersecurity positions are nearly impossible to fill.

Apple also has the beta available for the next version of macOS. But let's start by focusing on a new Office vulnerability before next week's Patch Tuesday. September 2021 Patch Tuesday forecast I expect a limited number of CVEs addressed this month across all the operating systems as Microsoft comes back from final summer vacation.