Security News

Despite worries that Patch Tuesday may not be as exciting now that Microsoft's Windows Autopatch is live - with a slew of caveats - the second Tuesday of this month arrived with 84 security fixes, including 4 critical bugs and one that's under active exploit. Microsoft deemed it an "Important" security issue, with low complexity and low privileges required to exploit.

Today is Microsoft's July 2022 Patch Tuesday, and with it comes fixes for one actively exploited zero-day vulnerability and a total of 84 flaws. This month's Patch Tuesday fixes an actively exploited zero-day elevation of privileges vulnerability.

Threat actors exchange beacons for badgers to evade endpoint securityUnidentified cyber threat actors have started using Brute Ratel C4, an adversary simulation tool similar to Cobalt Strike, to try to avoid detection by endpoint security solutions and gain a foothold on target networks, Palo Alto Networks researchers have found. Attackers are using deepfakes to snag remote IT jobsMalicious individuals are using stolen personally identifiable information and voice and video deepfakes to try to land remote IT, programming, database and software-related jobs, the FBI has warned last week.

With those major updates now in place, could we see a summertime lull in the July 2022 Patch Tuesday updates? We saw a rare SQL server update last Patch Tuesday and I don't anticipate another this month.

Microsoft officially released fixes to address an actively exploited Windows zero-day vulnerability known as Follina as part of its Patch Tuesday updates. Tracked as CVE-2022-30190, the zero-day bug relates to a remote code execution vulnerability affecting the Windows Support Diagnostic Tool when it's invoked using the "Ms-msdt:" URI protocol scheme from an application such as Word.

A few hours ago, we recorded this week's Naked Security podcast, right on Patch Tuesday itself. We said as much in the podcast, and inferred, that Follina either wasn't really considered a bug, and therefore didn't get fixed, or was still in the process of getting some sort of fix that wasn't ready in time.

Today is Microsoft's June 2022 Patch Tuesday, and with it comes fixes for 55 vulnerabilities, including fixes for the Windows MSDT 'Follina' zero-day vulnerability and new Intel MMIO flaws. Microsoft has fixed the widely-exploited Windows Follina MSDT zero-day vulnerability tracked as CVE-2022-30190 in the June 2022 Updates.

Summer holiday season fuels upswing of travel-themed spamPhishers, scammers and malware peddlers are ready to take advantage of the summer holiday season: According to Bitdefender security analysts, the deluge of travel-themed spam has started in March and is expected to reach its peak in June. Attackers aren't slowing down, here's what researchers are seeingIn this Help Net Security interview, John Shier, Senior Security Advisor at Sophos, talks about the main findings of two Sophos reports: the 2022 Active Adversary Report and the State of Ransomware Report, which provide an exceptional overview of the modern threat landscape.

May 2022 Patch Tuesday provided the final releases for several Windows 10 operating systems and this month we'll see the final update for Internet Explorer 11. June 2022 Patch Tuesday forecast We hope to see a fix for CVE-2022-30190 in this month's operating systems updates.

Two of the big-news vulnerabilities in this month's Patch Tuesday updates from Microsoft were CVE-2022-26923 and CVE-2022-26931, which affected the safety of authentication in Windows. Ironically, the CVE-2022-26923 and CVE-2022-26931 bugs only seem to apply if you're using digital certificates for added authentication security.