Security News

The Department of Homeland Security's cybersecurity unit has ordered federal agencies to urgently update or disconnect Microsoft Exchange on-premises products on their networks. CISA "Strongly" recommended federal agencies to examine their networks to detect malicious activity related to zero-day attacks targeting Exchange servers.

Microsoft has released emergency out-of-band security updates for all supported Microsoft Exchange versions that fix four zero-day vulnerabilities actively exploited in targeted attacks. These four zero-day vulnerabilities are chained together to gain access to Microsoft Exchange servers, steal email, and plant further malware for increased access to the network.

In early November, a developer contributing to Google's open-source Chromium project reported a problem with Oilpan, the garbage collector for the browser's Blink rendering engine: it can be used to break a memory defense known as address space layout randomization. About two weeks later, Google software security engineer Chris Palmer marked the bug "WontFix" because Google has resigned itself to the fact that ASLR can't be saved - Spectre and Spectre-like processor-level flaws can defeat it anyway, whether or not Oilpan can be exploited.

The day after VMware released fixes for a critical RCE flaw found in a default vCenter Server plugin, opportunistic attackers began searching for publicly accessible vulnerable systems. We've detected mass scanning activity targeting vulnerable VMware vCenter servers.

CD Projekt Red announced today that they are delaying the anticipated Cyberpunk 2077 Patch 1.2 to the second half of March 2021 due to their recent cyberattack. Patch 1.2 is expected to be a major release containing many bug fixes and performance improvements for known issues that players are experiencing.

VMware has addressed multiple critical remote code execution vulnerabilities in VMware ESXi and vSphere Client virtual infrastructure management platform that may allow attackers to execute arbitrary commands and take control of affected systems. The vulnerability, tracked as CVE-2021-21972, has a CVSS score of 9.8 out of a maximum of 10, making it critical in severity.

Keybase, owned by online meeting and teleconferencing behemoth Zoom, is a secure messaging and file sharing service that describes itself as providing "End-to-end encryption for things that matter." If you copy an unencrypted file from a USB drive to your laptop, for example, before uploading it into a service such as Keybase, neither the Keybase app nor the Keybase servers can do anything about those two unencrypted copies of the file that now exist.

Microsoft has removed a faulty servicing stack update, which was causing issues for Windows users when they tried to install last week's Patch Tuesday security updates. Microsoft said that the erroneous servicing-stack update froze installations for the "Cumulative Update" from the recent Windows Update.

Slovenia-based cybersecurity research company ACROS Security last week announced the release of an unofficial micro-patch for a zero-day vulnerability in Microsoft Internet Explorer that North Korean hackers are believed to have exploited in a campaign targeting security researchers. South Korean security vendor ENKI published a report on the IE zero-day in early February, claiming that North Korean hackers leveraged it to target its researchers with malicious MHTML files leading to drive-by downloads of malicious payloads.

As you know, our usual advice for Patch Tuesday boils down to four words, "Patch early, patch often." As well as the four potential RCE holes mentioned above, there's also a patch for a bug dubbed CVE-2021-1732 that is already being abused in the wild by hackers.