APT37 using South Korea stampede themed lure to exploit new IE zero-day flaw
Microsoft patched flaw after Google TAG researchers reported it to the company in October. Microsoft has patched a zero-day vulnerability in Internet Explorer’s Jscript engine after researchers from Google’s Threat Analysis Group (TAG) informed the company about seeing North Korea’s APT37 group using it in attacks against South Korean targets. The zero-day flaw (CVE-2022-41128) stems […]
Read MoreMagecart actors ramp up exploit attempts against Magento/Adobe Commerce vulnerability
Sansec says it has observed more probes in November against the now-patched zero-day flaw (CVE-2022-24086) than the rest of the year combined. Seven threat groups affiliated with the Magecart cybercrime syndicate have begun heavily targeting a critical, arbitrary code execution vulnerability in the Magento 2 and Adobe Commerce platform that powers tens of thousands of […]
Read More7 vulnerabilities that federal agencies MUST address by Nov 29
Four of the vulnerabilities are Windows zero-day bugs that Microsoft disclosed in its November security update; three affect Samsung mobile devices. The US Cybersecurity and Infrastructure Security Agency’s (CISA) Binding Operational Directive 22-01 issued in Nov. 2021 requires all federal civilian executive branch agencies to address software bugs that are listed in CISA’s Known Exploited […]
Read MoreNSA recommends organizations make strategic shift to memory-safe languages
Programming languages such as C and C++ rely too heavily on the programmer not making memory-related mistakes, agency says [300 words]. What: NSA says organizations should consider making a strategic shift from programming languages such as C/C++ to “memory-safe” languages such as C#, Go, Java, Ruby and Swift. With these languages, memory management does not […]
Read MoreCitrix discloses critical authentication bypass flaw; two other vulnerabilities
Organizations should update as soon as possible. If past is precedent, new CVE-2022-27510 flaw could be heavily targeted [286 words]. What: A critical authentication bypass vulnerability (CVE-2022-27510) is present in multiple versions of Citrix Application Delivery Controller (ADC) and Citrix Gateway products. The vulnerability has a severity rating of 9.8 and gives attackers a way […]
Read MoreHere’s what you need to know of the 4 zero-days in Microsoft’s Nov. update
Microsoft issued patches for of 62 vulnerabilities, nine of which are “Critical” severity and 53 “Important”. Four of the vulnerabilities in Microsoft November 2022 security update are zero-day flaws that are being actively exploited [300 words]. Here’s what you need to know about them: Windows MoTW Bypass Vulnerability (CVE-2022-41091) • Impacts multiple Windows versions including […]
Read MoreVMware patches critical authorization bypass vulnerability in Spring Security
A critical authorization rules bypass vulnerability exists in Spring Security versions 5.7.0 to 5.7.4 and versions 5.6.0 to 5.6.8. The vulnerability gives attackers a way to potentially bypass an API gateway and access backend services with a simple “forward” [299 words]. What: VMware released Spring Security 5.6.9 and 5.7.5 on October 31 to fix the […]
Read More5 things to know about the bugs patched in OpenSSL version 3.0.7
The first: This isn’t Heartbleed redux [298 words]. What bugs were fixed: OpenSSL version 3.0.7 fixes two “high” severity vulnerabilities in OpenSSL versions 3.0.0 to 3.0.6. The vulnerabilities are CVE-2022-3786 an X.509 Email Address Variable Length Buffer Overflow and CVE-2022-3602, an X.509 Email Address 4-byte Buffer Overflow. The bugs are tied to a punycode decoding […]
Read MoreFive useful lists and tools for identifying resources with vulnerable OpenSSL in them
The OpenSSL project team will release a new version of the OpenSSL library (version 3.0.7) on Tuesday to address a critical vulnerability in version 3.0 to 3.6 of the widely used open source, command-line toolkit [184 words]. Five useful tools and lists for keeping on top of the OpenSSL vulnerability to be disclosed Nov 1. […]
Read MoreConnectWise patches critical flaw in its Recover and R1Soft Server Backup Manager technology
Vulnerability gives attackers a way to target thousands of MSPs and their downstream customers. Company urges customers to treat issue as a top priority [298 words]. What: ConnectWise has patched a critical, remote code execution vulnerability in its ConnectWise Recover and R1Soft Server Backup Manager (SBM) software. The flaw exists in ConnectWise Recover SBM v2.9.7 […]
Read More