Patch Tuesday: 0-days, RCE bugs, and a curious tale of signed malware
Another month, another Microsoft Patch Tuesday, another 48 patches, another two zero-days, and an astonishing tale about a bunch of rogue actors who tricked Microsoft itself into giving their malicious code an official digital seal of approval. Fortunately, neither of these bugs can be exploited for what's known as RCE (remote code execution), so they don't give outside attackers a direct route into your network. READ MORE...
Ransomware Group Threatens to Publish Data Stolen From California Department of Finance
Authorities in California have confirmed that a cybersecurity incident involving the Department of Finance is being investigated after a cybercrime group claimed to have stolen tens of gigabytes of files from its systems. The notorious LockBit ransomware group listed the California Department of Finance on its Tor-based leak website on Monday, threatening to publish 76Gb of stolen information unless a ransom is paid by December 24. READ MORE...
Iranian hacking group expands focus to US politicians, critical infrastructure, researchers find
An Iranian hacking group previously thought to mainly focus on compromising academics, journalists and human rights workers now appears to have included U.S. politicians, critical infrastructure and medical researchers to its target list, according to the cybersecurity firm Proofpoint. The group known as TA453 has quietly added "outlier" attacks to its portfolio over the past two years, seemingly working more closely with Iranian state actors to carry out their bidding. READ MORE...
Hackers exploit critical Citrix ADC and Gateway zero day, patch now
Citrix strongly urges admins to apply security updates for an 'Critical' zero-day vulnerability (CVE-2022-27518) in Citrix ADC and Gateway that is actively exploited by state-sponsored hackers to gain access to corporate networks. This new vulnerability allows an unauthenticated attacker to execute commands remotely on vulnerable devices and take control over them. Citrix is warning admins to install the latest update "as soon as possible" as the vulnerability is actively exploited in attacks. READ MORE...
SAP's December 2022 Security Updates Patch Critical Vulnerabilities
German software maker SAP this week announced the release of 14 new and five updated security notes as part of its December 2022 Security Patch Day, including four notes that address critical vulnerabilities in Business Client, BusinessObjects, NetWeaver, and Commerce. With a CVSS score of 10, the most severe of SAP's security notes updates a note released on April 2018 Patch Day, which deals with software updates for the Chrome-based browser in SAP Business Client. READ MORE...
ICS Patch Tuesday: Siemens Fixes 80 OpenSSL, OpenSSH Flaws in Switches
Industrial giants Siemens and Schneider Electric have addressed over 140 vulnerabilities with their December 2022 Patch Tuesday updates. As usual, Siemens released far more advisories and addressed far more vulnerabilities. Specifically, the company released 20 new advisories addressing roughly 140 security holes. Schneider Electric has only released three new advisories covering six vulnerabilities. READ MORE...
Microsoft digital certificates have once again been abused to sign malware
Microsoft has once again been caught allowing its legitimate digital certificates to sign malware in the wild, a lapse that allows the malicious files to pass strict security checks designed to prevent them from running on the Windows operating system. Multiple threat actors were involved in the misuse of Microsoft's digital imprimatur, which they used to give Windows and endpoint security applications the impression malicious system drivers had been certified as safe by Microsoft. READ MORE...
New GoTrim botnet brute forces WordPress site admin accounts
A new Go-based botnet malware named 'GoTrim' is scanning the web for self-hosted WordPress websites and attempting to brute force the administrator's password and take control of the site. This compromise may lead to malware deployment, injection of credit card stealing scripts, hosting of phishing pages, and other attack scenarios, potentially impacting millions depending on the popularity of the breached sites. READ MORE...
Royal Ransomware Puts Novel Spin on Encryption Tactics
The Royal ransomware gang has quickly risen to the top of the ransomware food chain, demonstrating sophisticated tactics - including partial and rapid encryption - that researchers believe may reflect the years of experience its members honed as leaders of the now-defunct Conti Group. Royal ransomware operates around the world, and reportedly on its own, it does not appear that the group uses affiliates through ransomware-as-a-service (RaaS) or to target a specific sector or country. READ MORE...
- ...in 1900, Max Planck presents his quantum theory at the Physics Society in Berlin.
- ...in 1940, Plutonium-238 is isolated by chemist Glenn Seaborg at the Lawrence Radiation Laboratory at UC Berkeley.
- ...in 1960, a US Boeing B-52 bomber sets the record for a non-stop flight, going 10,000 miles without refueling.
- ...in 2004, the Millau Viaduct, the world's tallest bridge, officially opens for traffic near Millau, France.
