Security News

If you breathed a sigh of relief after dealing with the Log4j vulnerability last year, here's some bad news. There are further equally nasty zero day vulnerabilities to come, so now is not the time to relax.

We don't know what we don't know; this is the quintessential problem plaguing security teams and the primary reason that zero-day exploits can cause such damage. With the element of surprise on an attacker's side, it can feel like security teams are at a total loss when it comes to these types of threats, but that doesn't mean there aren't steps that can be taken to prepare for such an attack.

A Windows local privilege escalation zero-day vulnerability that Microsoft has failed to fully address for several months now, allows users to gain administrative privileges in Windows 10, Windows 11, and Windows Server. According to the 0patch team, which has been unofficially providing fixes for discontinued Windows versions and some vulnerabilities that Microsoft won't address, the flaw is still a zero-day.

Mobile security company Zimperium has released its annual mobile threat report where security trends and discoveries in the year that passed lay the groundwork for predicting what's coming in 2022. In 2021, actors focused more on remote workforce or on-premise mobile devices, leading to increased malicious network scans and man-in-the-middle attacks.

A set of three critical zero-day vulnerabilities now tracked as TLStorm could let hackers take control of uninterruptible power supply devices from APC, a subsidiary of Schneider Electric. UPS devices act as emergency power backup solutions and are present in mission-critical environments such as data centers, industrial facilities, hospitals.

Microsoft has addressed 71 security vulnerabilities in its scheduled March Patch Tuesday update - only three of which are rated critical in severity. Three of the bugs are listed as publicly known zero-days, but none of them are listed as having been exploited in the wild.

Today is Microsoft's March 2022 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities and a total of 71 flaws. Microsoft has fixed 71 vulnerabilities with today's update, with three classified as Critical as they allow remote code execution.

The Cybersecurity and Infrastructure Security Agency has ordered federal civilian agencies to patch two critical Firefox security vulnerabilities exploited in attacks within the next two weeks. According to a binding operational directive issued in November, Federal Civilian Executive Branch Agencies agencies are now required to secure their systems against these vulnerabilities, with CISA giving them until March 21st to apply patches.

Mozilla has released an emergency update for its Firefox browser that addresses two critical security vulnerabilities that cybercriminals have actively exploited in the wild as zero days. The first bug addressed by Mozilla, CVE-2022-26485, is a use-after-free problem in the browser's XSLT parameter processing.

Mozilla has released an out-of-band security update for Firefox, Firefox Focus, and Thunderbird, fixing two critical vulnerabilities exploited by attackers in the wild. CVE-2022-26485 affects XSLT parameter processing and can be used to achieve remote code execution within the context of the application.