Security News

Some printers will request administrator credentials every time users try to print in Windows Point and Print environments due to a known issue caused by KB5005033 or later security updates addressing the PrintNightmare vulnerability. This happens because, after installing these PrintNightmare patches, only administrators are allowed to install or update drivers via Point and Print.

Two legacy IBM System x server models, retired in 2019, are open to attack and will not receive security patches, according to hardware maker Lenovo. The two models, IBM System x 3550 M3 and IBM System x 3650 M3, are both vulnerable to command injection attacks.

A day after Apple and Google rolled out urgent security updates, Microsoft has pushed software fixes as part of its monthly Patch Tuesday release cycle to plug 66 security holes affecting Windows and other components such as Azure, Office, BitLocker, and Visual Studio, including an actively exploited zero-day in its MSHTML Platform that came to light last week. Of the 66 flaws, three are rated Critical, 62 are rated Important, and one is rated Moderate in severity.

Intriguingly, Apple also fixed another in-the-wild bug at the same time, dubbed CVE-2021-30858. Even browsers such as Edge and Firefox, which usually use the Chromium and Gecko web rendering software respectively, have to use via WebKit instead, so WebKit security bugs can have widespread consequences on iPhones and iPads.

Today is Microsoft's September 2021 Patch Tuesday, and with it comes fixes for two zero-day vulnerabilities and a total of 60 flaws. Microsoft has fixed 60 vulnerabilities with today's update, with three classified as Critical, one as Moderate, and 56 as Important.

Designed to combat zero-day flaws exploited in Apple's operating systems, the patch applies to the iPhone, iPad, Apple Watch and Mac. Apple has pushed out an update for most of its major products to protect them from a strain of spyware that has already targeted a number of people.

Healthcare cybersecurity under attack: How the pandemic affected rural hospitalsIn this interview with Help Net Security, Baha Zeidan, CEO at Azalea Health, talks about how rural hospitals have been affected by the pandemic and what steps they should take to boost their cybersecurity posture. 3 ways to protect yourself from cyberattacks in the midst of an IT security skill shortageEnterprises face a catch-22 situation: Security is more vital than ever, but cybersecurity positions are nearly impossible to fill.

Apple also has the beta available for the next version of macOS. But let's start by focusing on a new Office vulnerability before next week's Patch Tuesday. September 2021 Patch Tuesday forecast I expect a limited number of CVEs addressed this month across all the operating systems as Microsoft comes back from final summer vacation.

Eoin Keary, CEO and founder of Edgescan, told The Register that the oldest common vulnerability discovered in its latest quarterly vulnerability scans report dated back to 1999. Before we look at the why, let's explore some of the what: the old vulnerabilities that are still being used in very real world enterprise attacks to this day.

In an advisory issued on Tuesday, Microsoft said some of its users were targeted by poisoned Office documents that exploit an unpatched flaw to hijack their Windows machines. Miscreants are seemingly placing a malicious ActiveX control in an Office document and convincing victims to open or view it, potentially achieving remote code execution.