Security News

In its April slate of patches, Microsoft rolled out fixes for a total of 114 security flaws, including an actively exploited zero-day and four remote code execution bugs in Exchange Server. Cybersecurity firm Kaspersky, which discovered and reported the flaw to Microsoft in February, linked the zero-day exploit to a threat actor named Bitter APT, which was found exploiting a similar flaw in attacks late last year.

Siemens released a total of 14 new advisories on Tuesday, including five describing the impact and remediations for the NAME:WRECK vulnerabilities disclosed on the same day. Siemens on Tuesday published several advisories related to NAME:WRECK: one advisory to describe two out-of-bounds write flaws that can lead to code execution or DoS attacks, another advisory for a DNS cache poisoning issue, one advisory for two DoS vulnerabilities, and two advisories for the same four DoS and DNS cache poisoning flaws.

Microsoft today has released security updates for Exchange Server that address a set of four vulnerabilities with severity scores ranging from high to critical. The flaws affect on-premise Exchange Server versions 2013 through 2019 and while there is no evidence of being exploited in the wild, Microsoft assesses that threat actors are likely to leverage them as soon as they create an exploit.

Adobe on Tuesday announced patches for vulnerabilities in four of its products, including critical code execution flaws affecting Photoshop and Bridge. In Photoshop, the company fixed two critical buffer overflow bugs that can be exploited for arbitrary code execution in the context of the targeted user.

Adobe has released security updates that address security vulnerabilities in Adobe Photoshop, Adobe Digital Editions, Adobe Bridge, and RoboHelp. In total, the company addressed ten security vulnerabilities affecting four products, with seven of them rated as critical as they allow arbitrary code execution or arbitrary file writes.

Security researchers have uncovered nine vulnerabilities affecting four TCP/IP stacks impacting more than 100 million consumer and enterprise devices that could be exploited by an attacker to take control of a vulnerable system. "These vulnerabilities relate to Domain Name System implementations, causing either Denial of Service or Remote Code Execution, allowing attackers to take target devices offline or to take control over them," the researchers said.

Forescout Research Labs, in partnership with JSOF, disclosed a new set of DNS vulnerabilities, dubbed NAME:WRECK. These vulnerabilities affect four popular TCP/IP stacks - namely FreeBSD, IPnet, Nucleus NET and NetX - which are commonly present in well-known IT software and popular IoT/OT firmware and have the potential to impact millions of IoT devices around the world. More than 180,000 devices in the U.S. and more than 36,000 devices in the UK are believed to be affected.

Security researchers today disclosed nine vulnerabilities affecting implementations of the Domain Name System protocol in popular TCP/IP network communication stacks running on at least 100 million devices. It is not uncommon for DNS response packets to include the same domain name or a part of it more than once, so a compression mechanism exists to reduce the size of DNS messages.

Vulnerability management is largely about patch management: finding, triaging and patching the most critical vulnerabilities in your environment. "The only way to do that is to adopt the attacker's perspective. With this perspective, teams can more effectively manage the vulnerabilities on the attack surface by deprioritizing 'high-severity' vulnerabilities that are of little adversarial value and prioritizing those that are likely to be weaponized. Hackers are looking for the path of least resistance, making them fairly predictable when you have a good amount of information about your attack surface from their perspective."

Claroty researchers have found and privately disclosed nine vulnerabilities affecting Rockwell Automation's FactoryTalk AssetCentre, an ICS-specific backup solution. Rockwell Automation's FactoryTalk AssetCentre is a centralized tool for securing, managing, versioning, tracking and reporting automation-related asset information across industrial facilities.