Security News

February 2022 Patch Tuesday forecast: A rough start for 2022January 2022 Patch Tuesday was a rough one for Microsoft - and us. Samba bug may allow code execution as root on Linux machines, NAS devicesA critical vulnerability in Samba, a widely used open source implementation of the Server Message Block networking protocol, could allow attackers to execute arbitrary code as root on affected Samba installations.

A vulnerability in Argo CD, used by thousands of orgs for deploying applications to Kubernetes, can be leveraged in attacks to disclose sensitive information such as passwords and API keys. Threat actors can exploit the vulnerability by loading a malicious Kubernetes Helm Chart YAML file onto the target system, allowing the extraction of sensitive information from other applications.

A threat actor, likely Chinese in origin, is actively attempting to exploit a zero-day vulnerability in the Zimbra open-source email platform as part of spear-phishing campaigns that commenced in December 2021. The espionage operation - codenamed "EmailThief" - was detailed by cybersecurity company Volexity in a technical report published Thursday, noting that successful exploitation of the cross-site scripting vulnerability could result in the execution of arbitrary JavaScript code in the context of the user's Zimbra session.

A cross-site scripting vulnerability in the Zimbra email platform is currently actively exploited in attacks targeting European media and government organizations. Zimbra is an email and collaboration platform that also includes instant messaging, contacts, video conferencing, file sharing, and cloud storage capabilities.

Six months after LibreOffice 7.2, version 7.3 is out with faster and more accurate file importing and rendering for improved compatibility with Microsoft Office. The new release is the latest "Fresh" version.

Essential Addons for Elementor, a popular WordPress plugin used in over a million sites, has been found to have a critical remote code execution vulnerability in version 5.0.4 and older. The flaw allows an unauthenticated user to perform a local file inclusion attack, such as a PHP file, to execute code on the site.

Linux users on Tuesday got a major dose of bad news - a 12-year-old vulnerability in a system tool called Polkit gives attackers unfettered root privileges on machines running most major distributions of the open source operating system. Previously called PolicyKit, Polkit manages system-wide privileges in Unix-like OSes.

Given the rapidly increasing complexity of today's cyber threat landscape, these scanners are not enough to win the fight against an increasingly overwhelming volume of vulnerability alerts. Yes, vulnerability scanners are needed in most security toolkits.

PolKit vulnerability can give attackers root on many Linux distrosA memory corruption vulnerability in PolKit, a component used in major Linux distributions and some Unix-like operating systems, can be easily exploited by local unprivileged users to gain full root privileges. Attackers connect rogue devices to organizations' network with stolen Office 365 credentialsAttackers are trying out a new technique to widen the reach of their phishing campaigns: by using stolen Office 365 credentials, they try to connect rogue Windows devices to the victim organizations' network by registering it with their Azure AD. Stealthy Excel malware putting organizations in crosshairs of ransomware gangsThe HP Wolf Security threat research team identified a wave of attacks utilizing Excel add-in files to spread malware, helping attackers to gain access to targets, and exposing businesses and individuals to data theft and destructive ransomware attacks.

A security researcher has publicly disclosed an exploit for a Windows local privilege elevation vulnerability that allows anyone to gain admin privileges in Windows 10. The vulnerability affects all supported support versions of Windows 10 before the January 2022 Patch Tuesday updates.