Security News

Microsoft has suspended free trials of their newly launched Windows 365 Cloud PC service after running out of available servers. Windows 11's October 2021 release date hinted in support docs.

Microsoft has suspended free trials of their newly launched Windows 365 Cloud PC service after running out of available servers. Windows 11's October 2021 release date hinted in support docs.

SonicWall on Wednesday announced that it released firmware updates for its Secure Mobile Access 100 series appliances to patch an actively exploited zero-day vulnerability. Which specializes in firewalls and other cybersecurity solutions, previously told SecurityWeek that a few thousand devices are exposed to attacks due to the vulnerability.

SonicWall has released a patch for the zero-day vulnerability used in attacks against the SMA 100 series of remote access appliances. On January 22nd, SonicWall disclosed that their internal systems were attacked using a zero-day vulnerability in the SMA 100 series of SonicWall networking devices.

Apple's macOS Big Sur operating system and multiple Cisco products are also affected by the recently disclosed major security flaw in the Sudo utility. The vulnerability was patched in Sudo 1.9.5p2. Researchers at cybersecurity firm Qualys, who discovered the bug, only tested it on several Linux distributions, such as Debian, Fedora, and Ubuntu, but did warn that most Unix- and Linux-based systems are likely affected by the vulnerability.

SonicWall on Monday confirmed that its Secure Mobile Access 100 series appliances are affected by a zero-day vulnerability that has apparently already been exploited in attacks. SonicWall told SecurityWeek that a few thousand devices are exposed to attacks due to the zero-day vulnerability.

"This vulnerability allows an attacker to relay NTLM authentication sessions to an attacked machine, and use a printer spooler MSRPC interface to remotely execute code on the attacked machine," the researchers said in a Friday advisory. NTLM relay attacks are a kind of man-in-the-middle attacks that typically permit attackers with access to a network to intercept legitimate authentication traffic between a client and a server and relay these validated authentication requests in order to access network services.

"Serious" vulnerability found in Libgcrypt, GnuPG's cryptographic libraryLibgcrypt 1.9.0, the newest version of a cryptographic library integrated in the GNU Privacy Guard free encryption software, has a "Severe" security vulnerability and should not be used, warned Werner Koch. Sudo vulnerability allows attackers to gain root privileges on Linux systemsA vulnerability in sudo, a powerful and near-ubiquitous open-source utility used on major Linux and Unix-like operating systems, could allow any unprivileged local user to gain root privileges on a vulnerable host.

Libgcrypt 1.9.0, the newest version of a cryptographic library integrated in the GNU Privacy Guard free encryption software, has a "Severe" security vulnerability and should not be used, warned Werner Koch. Libgcrypt is a general purpose cryptographic library used by GnuPG, but some other encryption software also employ it.

A vulnerability in the Windows Installer component, which Microsoft attempted to fix several times to no avail, today received a micropatch to deny hackers the option of gaining the highest privileges on a compromised system. Windows 10 v20H2, 32/64bit, updated with January 2021 updates.