IT Security Newsletter - 2/9/2022
No Critical Bugs for Microsoft February 2022 Patch Tuesday, 1 Zero-Day
Oh, blessed day: Microsoft's Patch Tuesday is a featherweight in comparison to some of its not-atypical, 10-ton security updates, with just 51 patches - none of them rated critical. For February, Microsoft's releases address CVEs in Windows and Windows Components, Azure Data Explorer, Kestrel Web Server, Microsoft Edge (Chromium-based), Windows Codecs Library, Microsoft Dynamics, Microsoft Dynamics GP, Microsoft Office and Office Components, Windows Hyper-V Server, SQL Server, Visual Studio Code and Microsoft Teams. READ MORE...
New York couple accused of laundering cryptocurrency from $4.5 billion Bitfinex hack
Federal law enforcement arrested a Manhattan couple Tuesday for allegedly conspiring to launder $4.5 billion worth of cryptocurrency stolen in a 2016 hack of virtual cryptocurrency exchange Bitfinex. The Department of Justice said it so far has seized more than $3.6 billion in cryptocurrency tied to the hack, its largest recovery to date. The complaint accuses Ilya Lichtenstein, 34, and his wife, Heather Morgan, 31 of laundering the money over a course of five years. READ MORE...
FBI warns of criminals escalating SIM swap attacks to steal millions
The Federal Bureau of Investigation (FBI) says criminals have escalated SIM swap attacks to steal millions by hijacking victims' phone numbers. The number of complaints received from the US public since 2018 and reported losses have increased almost fivefold, according to reports received by the FBI through the Internet Crime Complaint Center (IC3) in 2021. READ MORE...
ICS Patch Tuesday: Siemens, Schneider Electric Address Nearly 50 Vulnerabilities
Industrial giants Siemens and Schneider Electric released a total of 15 advisories on Tuesday to address nearly 50 vulnerabilities discovered in their products. Siemens has released nine advisories addressing 27 vulnerabilities. Based on CVSS score, the most important, with a "critical" severity rating, is CVE-2021-45106. Schneider Electric has published six advisories describing 20 vulnerabilities. A total of eight issues have been found in the Interactive Graphical SCADA System (IGSS). READ MORE...
Update now! Firefox and Adobe updates are more critical than Microsoft's
The most critical updates for this "Patch Tuesday" come from Firefox and Adobe. While Microsoft addresses 70 vulnerabilities in its February 2022 Patch Tuesday release, none of them are ranked as critical. Firefox and Adobe however have fixed a few issues that could be qualified as critical. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. READ MORE...
Critical 'remote escalation' flaw in Android 12 fixed in Feb security patch batch
The February edition of Google's monthly Android security update tackles, among other vulnerabilities, an eyebrow-raising critical flaw in Android 12. That bug, CVE-2021-39675, is present in the mobile OS's System component, and can be abused to achieve remote escalation of privilege without the user needing to do anything at all, and "with no additional execution privileges needed," as Google cryptically put it. READ MORE...
Fake Windows 11 upgrade installers infect you with RedLine malware
Threat actors have started distributing fake Windows 11 upgrade installers to users of Windows 10, tricking them into downloading and executing RedLine stealer malware. The timing of the attacks coincides with the moment that Microsoft announced Windows 11's broad deployment phase, so the attackers were well-prepared for this move and waited for the right moment to maximize their operation's success. READ MORE...
Critical Flaws Expose Mimosa Wireless Broadband Devices to Remote Attacks
A researcher has discovered several critical vulnerabilities in wireless broadband products made by Mimosa Networks. The flaws can expose affected devices to remote attacks. Mimosa, a division of Airspan, provides wireless broadband solutions that can be used to connect dense urban homes, as well as hard-to-reach rural homes. Four of the security holes have been assigned a severity rating of "critical," including issues that can be exploited for remote code execution. READ MORE...
Threat Actors Revive 20-Year-Old Tactic in Microsoft 365 Phishing Attacks
A technique that threat actors first used some 20 years ago to trick users into executing malicious files appears to be making a comeback. Security vendor Vade on Tuesday said its researchers had spotted more than 400 attacks in the past two weeks employing the method - called right-to-left override (RLO) - in a phishing campaign targeting Microsoft 365 users. Just two out of 58 malware detection tools on VirusTotal were able to detect the threat, Vade said. READ MORE...
- ...in 1964, the Beatles make their first appearance on the Ed Sullivan Show, performing for 73 million viewers across the USA.
- ...in 1971, Satchel Paige becomes the first player from the Negro Leagues to be voted into the Baseball Hall of Fame.
- ...in 1986, Halley's Comet last appeared in the inner Solar System.
- ...in 1987, actor Michael B. Jordan ("Black Panther", "Fruitvale Station") is born in Santa Ana, CA.