Law enforcement authorities from 10 countries took down VPNLab[.]net, a VPN service provider used by ransomware operators and malware actors. The disruptive joint action was coordinated by Europol and took place on January 17, 2022. It involved simultaneous law enforcement actions in Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the United States, and the United Kingdom. READ MORE...
Over the past few months, geopolitical tensions have escalated as Russia amassed tens of thousands of troops along Ukraine's border and made subtle but far-reaching threats if Ukraine and NATO don't agree to Kremlin demands. Now, a similar dispute is playing out in cyber arenas, as unknown hackers late last week defaced scores of Ukrainian government websites and left a cryptic warning to Ukrainian citizens who attempted to receive services. READ MORE...
Microsoft has released emergency out-of-band (OOB) updates to address multiple issues caused by Windows Updates issued during the January 2022 Patch Tuesday. "Microsoft is releasing Out-of-band (OOB) updates today, January 18, 2022, for some versions of Windows," the company said. "This update addresses issues related to VPN connectivity, Windows Server Domain Controllers restarting, Virtual Machines start failures, and ReFS-formatted removable media failing to mount." READ MORE...
Zoho Corp on Monday said it has released patches for a critical vulnerability affecting Desktop Central and Desktop Central MSP, the endpoint management solutions from ManageEngine. Tracked as CVE-2021-44757 and rated critical severity, the newly addressed security error is an authentication bypass issue that could allow a remote attacker to perform various actions on the server. READ MORE...
Oracle is preparing the release of nearly 500 new security patches with its Critical Patch Update (CPU) for January 2022. According to its pre-release announcement, the company has lined up 483 new patches for the first CPU of 2022, which is scheduled for Tuesday, January 18. Critical vulnerabilities will be patched in Oracle Essbase, Graph Server and Client, Secure Backup, Communications Applications, Communications, and more. READ MORE...
A vulnerability in Apple's implementation of the IndexedDB API in Safari 15 allows websites to track users' activity on other sites and even to reveal their identity, browser fingerprinting and fraud detection firm FingerprintJS explains. Used in all major browsers, IndexedDB is a low-level browser API for storing client data, which follows the same-origin policy, to restrict the interaction of resources that have different origins. READ MORE...
The official app for Beijing 2022 Winter Olympics, 'My 2022,' was found to be insecure when it comes to protecting the sensitive data of its users. Most importantly, the app's encryption system carries a significant flaw that enables middle-men to access documents, audio, and files in cleartext form. 'My 2022' is also subject to censorship based on a list of keywords and has an unclear privacy policy that doesn't determine who exactly receives and processes all the sensitive data users have to upload to it. READ MORE...