Security News

Microsoft today shared mitigation for a remote code execution vulnerability in Windows that is being exploited in targeted attacks against Office 365 and Office 2019 on Windows 10. Microsoft is aware of targeted attacks that try to exploit the vulnerability by sending specially-crafted Microsoft Office documents to potential victims, the company says in an advisory today.

American software company Kaseya has issued a security update to patch server-side Kaseya Unitrends zero-day vulnerabilities found by security researchers at the Dutch Institute for Vulnerability Disclosure. Kaseya Unitrends is a cloud-based enterprise backup and recovery solution provided as a stand-alone solution or an add-on for Kaseya's VSA remote management platform.

A previously undisclosed "Zero-click" exploit in Apple's iMessage was abused by Israeli surveillance vendor NSO Group to circumvent iOS security protections and target nine Bahraini activists. "The hacked activists included three members of Waad, three members of the Bahrain Center for Human Rights, two exiled Bahraini dissidents, and one member of Al Wefaq," researchers from University of Toronto's Citizen Lab said in a report published today, with four of the targets hacked by an actor it tracks as LULU and believed to be the government of Bahrain.

A previously undisclosed "Zero-click" exploit in Apple's iMessage was abused by Israeli surveillance vendor NSO Group to circumvent iOS security protections and target nine Bahraini activists. "The hacked activists included three members of Waad, three members of the Bahrain Center for Human Rights, two exiled Bahraini dissidents, and one member of Al Wefaq," researchers from University of Toronto's Citizen Lab said in a report published today, with four of the targets hacked by an actor it tracks as LULU and believed to be the government of Bahrain.

A never-before-seen, zero-click iMessaging exploit has been allegedly used to illegally spy on Bahraini activists with NSO Group's Pegasus spyware, according to cybersecurity watchdog Citizen Lab.The digital researchers are calling the new iMessaging exploit FORCEDENTRY. In a report published on Tuesday, researchers said that they've identified nine Bahraini activists whose iPhones were inflicted with Pegasus spyware between June 2020 and February 2021.

In a security advisory published on Wednesday, Cisco said that a critical vulnerability in Universal Plug-and-Play service of multiple small business VPN routers will not be patched because the devices have reached end-of-life. "The Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers have entered the end-of-life process."

Fortinet has delayed patching a zero-day command injection vulnerability found in the FortiWeb web application firewall until the end of August. They have abused the CVE-2018-13379 Fortinet SSL VPN vulnerability to compromise Internet-exposed U.S. election support systems, with Fortinet warning customers to patch the flaw in August 2019, July 2020, November 2020, and again in April 2021.

Security vendor Trend Micro has issued a warning for in-the-wild zero-day attacks hitting customers using its Apex One and Apex One as a Service products. In a security bulletin released quietly on July 28, Trend Micro rolled out patches for at least four documented vulnerabilities alongside a warning that malicious attackers are already launching exploits against two of the security defects.

One day after dropping its scheduled August Patch Tuesday update, Microsoft issued a warning about yet another unpatched privilege escalation/remote code-execution vulnerability in the Windows Print Spooler. On Thursday, CERT/CC issued more details on the issue, explaining that it arises from an oversight in signature requirements around the "Point and Print" capability, which allows users without administrative privileges to install printer drivers that execute with SYSTEM privileges via the Print Spooler service.

Microsoft has issued an advisory for another zero-day Windows print spooler vulnerability tracked as CVE-2021-36958 that allows local attackers to gain SYSTEM privileges on a computer. This vulnerability is part of a class of bugs known as 'PrintNightmare,' which abuses configuration settings for the Windows print spooler, print drivers, and the Windows Point and Print feature.