Security News

For details about the emergency patch released by Microsoft on 2021-07-06,please see: PrintNightmare official patch is out - update now! You'll also hear and see the flaw referred to as the Print Spooler bug, based on the headline on Microsoft's security update guide that describes the flaw as a Windows Print Spooler Vulnerability.

The company is also planning to offer a trade-in program to get customers onto the cloud - specifically, onto a supported My Cloud device - and off of old My Book Live and My Book Live Duo devices, an indeterminate number of which were remotely eviscerated in an attack that exploited what turns out to have been a zero-day vulnerability. Besides the unauthenticated factory-reset operation, Western Digital said that the firmware for My Book Live is also vulnerable to a remotely exploitable command-injection vulnerability when the device has remote access enabled.

Western Digital on Tuesday confirmed that the recent attacks targeting some of its older network-attached storage devices involved the exploitation of a zero-day vulnerability. The attacks came to light last week, with many owners of My Book Live and My Book Live Duo devices reporting on the WD Community forum that a factory reset had been initiated on their devices, which resulted in all files being erased.

A zero-day vulnerability in Western Digital My Book Live NAS devices allowed a threat actor to perform mass-factory resets of devices last week, leading to data loss. A report by Censys CTO Derek Abdine revealed that the latest firmware for My Book Live devices contained a zero-day vulnerability that allowed a remote attacker to perform factory resets on Internet-connected devices.

74% of threats detected in Q1 2021 were zero day malware - or those for which a signature-based antivirus solution did not detect at the time of the malware release - capable of circumventing conventional antivirus solutions, according to WatchGuard. The report also covers new threat intelligence on rising network attack rates, how attackers are trying to disguise and repurpose old exploits, the quarter's top malware attacks, and more.

Lexmark printers - those ubiquitous, inky office workhorses that fill homes and offices, and are found all the way on up to the federal government - have an unpatched vulnerability that could lead to serious, easy-to-execute attacks that require neither privileges nor user interaction and which can lead to arbitrary code execution. Beyond known security vulnerabilities, Lexmark printers have in the past been prone to a trivial hack thanks to what researchers have called "Gross negligence" on the part of users.

Google's ongoing struggles with in-the-wild zero-day attacks against its flagship Chrome browser isn't going away anytime soon. For the sixth time this year, the search giant shipped a Chrome point-update to fix code execution holes that the company says is already being exploited by malicious hackers.

Google has released Chrome 91.0.4472.114 for Windows, Mac, and Linux to fix four security vulnerabilities, with one of them a high severity zero-day vulnerability exploited in the wild. Google Chrome will automatically attempt to upgrade the browser the next time you launch the program, but you can perform a manual update by going to Settings > Help > 'About Google Chrome'.

Apple has fixed two iOS zero-day vulnerabilities that "May have been actively exploited" to hack into older iPhone, iPad, and iPod devices. Webkit is a browser rendering engine used by Apple web browsers and applications to render HTML content on desktop and mobile platforms, including iOS, macOS, tvOS, and iPadOS. Attackers could exploit the two vulnerabilities using maliciously crafted web content that would trigger arbitrary code execution after being loaded by the targets on unpatched devices.

Apple on Monday shipped out-of-band security patches to address two zero-day vulnerabilities in iOS 12.5.3 that it says are being actively exploited in the wild. The latest update, iOS 12.5.4, comes with fixes for three security bugs, including a memory corruption issue in ASN.1 decoder and two flaws concerning its WebKit browser engine that could be abused to achieve remote code execution -.