Sophos on Friday announced the rollout of urgent patches for a critical authentication bypass vulnerability in the web portal of its Sophos Firewall product. Reported by an external researcher via the Sophos bug bounty program, the vulnerability is tracked as CVE-2022-1040 and impacts Sophos Firewall v18.5 MR3 (18.5.3) and older releases. The issue, the security solutions provider explains, can be exploited by a remote attacker to achieve code execution on a vulnerable system. READ MORE...
Google has urged its 3 billion+ users to update to Chrome version 99.0.4844.84 for Mac, Windows, and Linux to mitigate a zero-day that is currently being exploited in the wild. This is in response to a bug reported by an anonymous security researcher last week. The flaw, which is tracked as CVE-2022-1096, is a a "Type Confusion in V8" and is rated as high severity, meaning that it's necessary for everyone using Chrome to update as quickly as possible because of the damage attackers could cause. READ MORE...
An Estonian man was sentenced today to more than five years in a U.S. prison for his role in at least 13 ransomware attacks that caused losses of approximately $53 million. Prosecutors say the accused also enjoyed a lengthy career of "cashing out" access to hacked bank accounts worldwide. Maksim Berezan, 37, is an Estonian national who was arrested nearly two years ago in Latvia. U.S. authorities alleged Berezan was a longtime member of DirectConnection, a closely-guarded Russian cybercriminal forum. READ MORE...
German authorities have seized accounts belonging to the spyware company FinFisher amid an investigation into whether it broke export laws by selling its products to authoritarian governments. Munich prosecutors confirmed Monday that the company's accounts were impounded, though the measure will have no immediate effect because FinFisher is undergoing insolvency proceedings. READ MORE...
Western Digital has fixed a critical severity vulnerability that enabled attackers to gain remote code execution with root privileges on unpatched My Cloud OS 5 devices. This flaw is an out-of-bounds heap read/write (tracked as CVE-2021-44142) in the Samba vfs_fruit VFS module. It can be exploited by unauthenticated threat actors in low complexity attacks targeting My Cloud devices running vulnerable firmware versions. READ MORE...
The Cybersecurity and Infrastructure Security Agency (CISA) has added a massive set of 66 actively exploited vulnerabilities to its catalog of 'Known Exploited Vulnerabilities.' These flaws have been observed in real cyberattacks against organizations, so they are published to raise awareness to system administrations and serve as official advisories for applying the corresponding security updates. READ MORE...