Security News

CISA says multiple threat actors are exploiting the Windows 'PrintNightmare' vulnerability. The United States Cybersecurity and Infrastructure Security Agency on Tuesday issued Emergency Directive 21-04, which requires all federal agencies to apply the available patches for the recently disclosed Microsoft Print Spooler service vulnerability within one week.

The Texas-based company that became the epicenter of a massive supply chain attack late last year, has issued patches to contain a remote code execution flaw in its Serv-U managed file transfer service. The fixes, which target Serv-U Managed File Transfer and Serv-U Secure FTP products, arrive after Microsoft notified the IT management and remote monitoring software maker that the flaw was being exploited in the wild.

Microsoft has addressed a security feature bypass vulnerability in the Windows Hello authentication biometrics-based tech, letting threat actors spoof a target's identity and trick the face recognition mechanism into giving them access to the system. As discovered by CyberArk Labs security researchers, attackers can create custom USB devices that Windows Hello will work with to completely circumvent Windows Hello's facial recognition mechanism using a single valid IR frame of the target.

5G and 6G networks will have a significantly larger attack surface than their predecessors, thanks to innovations in IoT, virtualized networks, and open source technologies. As a result, companies should assess and improve their 5G and even 6G cyber readiness before these networks are widely available.

A vulnerability affecting some of Schneider Electric's Modicon programmable logic controllers can be exploited to bypass authentication mechanisms, allowing attackers to take complete control of the targeted device. It can be exploited by an unauthenticated attacker who has network access to the targeted PLC. The exploit chain demonstrated by Armis also involves several other vulnerabilities discovered over the past few years.

Government agencies in the United States and Australia warn organizations that a vulnerability affecting ForgeRock Access Management has been exploited in the wild. AM is based on the OpenAM open source solution, which ForgeRock sponsored until 2016.

Researchers at Armis discovered an authentication bypass vulnerability in Schneider Electric's Modicon programmable logic controllers that can lead to remote-code-execution. Modicon M580. The vulnerability, dubbed ModiPwn, allows for a complete takeover of impacted devices by leveraging the UMAS protocol, and impacts Modicon M340, M580 and other models from the Modicon series.

A vulnerability discovered in Schneider Electric's Modicon programmable logic controllers, used in millions of devices worldwide, could allow a remote attacker to gain total and undetectable control over the chips, leading to remote code execution, malware installation and other security compromises. Discovered by security researchers at asset visibility and security vendor Armis, the vulnerability, dubbed Modipwn, is similar to the vulnerability that was leveraged by the Triton malware that targeted Schneider Electric safety controllers used in Saudi Arabian petrochemical plants.

Attackers are actively exploiting a critical, pre-authorization remote-code execution vulnerability in the popular Access Management platform from digital identity management firm ForgeRock. On Monday morning, the Cybersecurity and Infrastructure Security Agency warned that the vulnerability could enable attackers to execute commands in the context of the current user.

SolarWinds is urging customers to patch a Serv-U remote code execution vulnerability exploited in the wild by "a single threat actor" in attacks targeting a limited number of customers. "Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability," the company said in an advisory published on Friday.