IT Security Newsletter

IT Security Newsletter - 11/14/2022

Written by Cadre | Mon, Nov 14, 2022

Foxit Patches Several Code Execution Vulnerabilities in PDF Reader

Popular PDF document reader Foxit Reader has been updated to address multiple use-after-free security bugs that could be exploited for arbitrary code execution. The feature-rich PDF reader provides broad functionality to users, including support for multimedia documents and dynamic forms via JavaScript support, which also expands the application's attack surface. READ MORE...

Ukraine says Russian hacktivists use new Somnia ransomware

Russian hacktivists have infected multiple organizations in Ukraine with a new ransomware strain called 'Somnia,' encrypting their systems and causing operational problems. The Computer Emergency Response Team of Ukraine (CERT-UA) has confirmed the outbreak via an announcement on its portal, attributing the attacks to 'From Russia with Love' (FRwL), also known as 'Z-Team,' whom they track as UAC-0118. READ MORE...

Windows Kerberos authentication breaks after November updates

Microsoft is investigating a new known issue causing enterprise domain controllers to experience Kerberos sign-in failures and other authentication problems after installing cumulative updates released during this month's Patch Tuesday. Kerberos has replaced the NTLM protocol as the default authentication protocol for domain-connected devices on all Windows versions above Windows 2000. READ MORE...

CISA warns unpatched Zimbra users to assume breach

Multiple threat actors are launching attacks against unpatched users of Zimbra Collaboration Suite, a business productivity software and email platform, the Cybersecurity and Infrastructure Security Agency said in a warning Thursday. Multiple threat actors are launching attacks against unpatched users of Zimbra Collaboration Suite, a business productivity software and email platform, the Cybersecurity and Infrastructure Security Agency said in a warning Thursday. READ MORE...

Knock, Knock: Aiphone Bug Allows Cyberattackers to Literally Open (Physical) Doors

A vulnerability in a series of popular digital door-entry systems offered by Aiphone can enable hackers to breach the entry systems - simply by utilizing a mobile device and a near-field communication, or NFC, tag. The devices in question (GT-DMB-N, GT-DMB-LVN, and GT-DB-VN) are used by high-profile customers, including the White House and the United Kingdom's Houses of Parliament. READ MORE...

LiteSpeed Vulnerabilities Can Lead to Complete Web Server Takeover

LiteSpeed Web Server vulnerabilities discovered by researchers at Palo Alto Networks can be exploited to take complete control of a targeted server. The security holes were discovered during an audit of OpenLiteSpeed, the open source version of the LiteSpeed performance-focused web server made by LiteSpeed Technologies. Both versions are impacted by the vulnerabilities and they have been patched with the release of OpenLiteSpeed 1.7.16.1 and LiteSpeed 6.0.12. READ MORE...

  • ...in 1851, Herman Melville's "Moby-Dick" is first published in the US.
  • ...in 1960, Ruby Bridges becomes the first Black child to attend a previously all-white elementary school in Louisiana.
  • ...in 1967, physicist Theodore Maiman is granted a patent for the first-ever laser, using a synthetic ruby crystal to create a coherent light beam.
  • ...in 1969, Apollo 12 is launched. It is the second crewed mission to the surface of the Moon.