Security News
Summer holiday season fuels upswing of travel-themed spamPhishers, scammers and malware peddlers are ready to take advantage of the summer holiday season: According to Bitdefender security analysts, the deluge of travel-themed spam has started in March and is expected to reach its peak in June. Attackers aren't slowing down, here's what researchers are seeingIn this Help Net Security interview, John Shier, Senior Security Advisor at Sophos, talks about the main findings of two Sophos reports: the 2022 Active Adversary Report and the State of Ransomware Report, which provide an exceptional overview of the modern threat landscape.
May 2022 Patch Tuesday provided the final releases for several Windows 10 operating systems and this month we'll see the final update for Internet Explorer 11. June 2022 Patch Tuesday forecast We hope to see a fix for CVE-2022-30190 in this month's operating systems updates.
Two of the big-news vulnerabilities in this month's Patch Tuesday updates from Microsoft were CVE-2022-26923 and CVE-2022-26931, which affected the safety of authentication in Windows. Ironically, the CVE-2022-26923 and CVE-2022-26931 bugs only seem to apply if you're using digital certificates for added authentication security.
Microsoft is alerting customers that its May Patch Tuesday update is causing authentications errors and failures tied to Windows Active Directory Domain Services. "After installing updates released May 10, 2022 on your domain controllers, you might see authentication failures on the server or client for services such as Network Policy Server, Routing and Remote access Service, Radius, Extensible Authentication Protocol, and Protected Extensible Authentication Protocol," Microsoft reported.
Microsoft on Tuesday rolled out fixes for as many as 74 security vulnerabilities, including one for a zero-day bug that's being actively exploited in the wild. The updates are in addition to 36 flaws patched in the Chromium-based Microsoft Edge browser on April 28, 2022.
Today is Microsoft's May 2022 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities, with one actively exploited, and a total of 75 flaws. Of the 75 vulnerabilities fixed in today's update, eight are classified as 'Critical' as they allow remote code execution or elevation of privileges.
TLStorm 2.0: Critical bugs in widely-used Aruba, Avaya network switchesArmis researchers have discovered five critical vulnerabilities in the implementation of TLS communications in multiple models of network switches. Critical F5 BIG-IP flaw allows device takeover, patch ASAP!F5 Networks' BIG-IP multi-purpose networking devices/modules are vulnerable to unauthenticated remote code execution attacks via CVE-2022-1388.
April Patch Tuesday provided an extensive set of operating system and application updates after a few quiet months. The IE 11 desktop application will continue to get security updates in Windows 8.1, Windows 7, and Windows Server LTSC until they reach their respective EOL dates.
Microsoft's massive April Patch Tuesday includes one bug that has already been exploited in the wild and a second that has been publicly disclosed. While its severity score didn't rank as high as some on today's list - it received a 7.8 CVSS score aka "Important" - Microsoft stated its attack complexity low.
Today is Microsoft's April 2022 Patch Tuesday, and with it comes fixes for two zero-day vulnerabilities and a total of 119 flaws. [...]