Security News

If you use Microsoft's security only updates each month, be sure to include the security only out-of-band updates for your operating systems, because they must be installed for the PrintNightmare fix; they were not included in the Patch Tuesday set of security only updates. The release of zero-day updates, particularly one of this magnitude, provides an excellent opportunity to validate your emergency patching policies and procedures.

A free unofficial patch has been released to protect Windows users from all new PrintNightmare zero-day vulnerabilities discovered since June. Technical details and a proof-of-concept exploit for a new Windows print spooler vulnerability named 'PrintNightmare' was accidentally disclosed in June.

LAS VEGAS - Microsoft Windows 10 biometric user authentication systems Windows Hello can be bypassed, using a single infrared image of a user's face planted on a tampered clone of an external USB-based webcam. According to research disclosed here at Black Hat USA 2021, the flaw still allows attackers - in some scenarios - to bypass Windows Hello and Windows Hello for Business, used for single-sign-on access to a user's computer and a host of Windows services and associated data.

The software used to control pneumatic tubes in over 3,000 hospitals around the world has nine critical vulnerabilities that could halt hospital operations if exploited by a savvy attacker. Tube systems in hospitals are commonly used to deliver medicine, transport blood and other essential medical supplies, and send lab samples across buildings that would take considerable time to deliver on foot.

Apple on Monday rolled out an urgent security update for iOS, iPadOS, and macOS to address a zero-day flaw that it said may have been actively exploited, making it the thirteenth such vulnerability Apple has patched since the start of this year. CVE-2021-30661 - Processing maliciously crafted web content may lead to arbitrary code execution.

Atlassian is prompting its enterprise customers to patch a critical vulnerability in many versions of its Jira Data Center and Jira Service Management Data Center products. The vulnerability tracked as CVE-2020-36239 can give remote attackers arbitrary code execution abilities, due to a missing authentication flaw in Jira's implementation of Ehcache, an open-source component.

Microsoft rolled out Patch Tuesday updates for the month of July with fixes for a total of 117 security vulnerabilities, including nine zero-day flaws, of which four are said to be under active attacks in the wild, potentially enabling an adversary to take control of affected systems. "This Patch Tuesday comes just days after out-of-band updates were released to address PrintNightmare - the critical flaw in the Windows Print Spooler service that was found in all versions of Windows," Bharat Jogi, senior manager of vulnerability and threat research at Qualys, told The Hacker News.

Hackers have started targeting a critical WooCommerce vulnerability only days after patches started rolling out, patchstack says. WooCommerce is a popular open-source eCommerce plugin for WordPress, with more than 5 million installations to date, making it an attractive target for cybercriminals.

Google has pushed out a new security update to Chrome browser for Windows, Mac, and Linux with multiple fixes, including a zero-day that it says is being exploited in the wild. The latest patch resolves a total of eight issues, one of which concerns a type confusion issue in its V8 open-source and JavaScript engine.

Microsoft has addressed the Windows 10 printing issues caused by changes introduced in the June 2021 cumulative update preview with an update issued during this month's Patch Tuesday. To resolve the printing issues, Microsoft released an emergency fix for Windows 10 2004, Windows 10 20H2, and Windows 10 21H1 on July 9, rolling it out via the Known Issue Rollback feature.