Oh, blessed day: Microsoft's Patch Tuesday is a featherweight in comparison to some of its not-atypical, 10-ton security updates, with just 51 patches - none of them rated critical. For February, Microsoft's releases address CVEs in Windows and Windows Components, Azure Data Explorer, Kestrel Web Server, Microsoft Edge (Chromium-based), Windows Codecs Library, Microsoft Dynamics, Microsoft Dynamics GP, Microsoft Office and Office Components, Windows Hyper-V Server, SQL Server, Visual Studio Code and Microsoft Teams. READ MORE...
Federal law enforcement arrested a Manhattan couple Tuesday for allegedly conspiring to launder $4.5 billion worth of cryptocurrency stolen in a 2016 hack of virtual cryptocurrency exchange Bitfinex. The Department of Justice said it so far has seized more than $3.6 billion in cryptocurrency tied to the hack, its largest recovery to date. The complaint accuses Ilya Lichtenstein, 34, and his wife, Heather Morgan, 31 of laundering the money over a course of five years. READ MORE...
The Federal Bureau of Investigation (FBI) says criminals have escalated SIM swap attacks to steal millions by hijacking victims' phone numbers. The number of complaints received from the US public since 2018 and reported losses have increased almost fivefold, according to reports received by the FBI through the Internet Crime Complaint Center (IC3) in 2021. READ MORE...
Industrial giants Siemens and Schneider Electric released a total of 15 advisories on Tuesday to address nearly 50 vulnerabilities discovered in their products. Siemens has released nine advisories addressing 27 vulnerabilities. Based on CVSS score, the most important, with a "critical" severity rating, is CVE-2021-45106. Schneider Electric has published six advisories describing 20 vulnerabilities. A total of eight issues have been found in the Interactive Graphical SCADA System (IGSS). READ MORE...
The most critical updates for this "Patch Tuesday" come from Firefox and Adobe. While Microsoft addresses 70 vulnerabilities in its February 2022 Patch Tuesday release, none of them are ranked as critical. Firefox and Adobe however have fixed a few issues that could be qualified as critical. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. READ MORE...
The February edition of Google's monthly Android security update tackles, among other vulnerabilities, an eyebrow-raising critical flaw in Android 12. That bug, CVE-2021-39675, is present in the mobile OS's System component, and can be abused to achieve remote escalation of privilege without the user needing to do anything at all, and "with no additional execution privileges needed," as Google cryptically put it. READ MORE...
Threat actors have started distributing fake Windows 11 upgrade installers to users of Windows 10, tricking them into downloading and executing RedLine stealer malware. The timing of the attacks coincides with the moment that Microsoft announced Windows 11's broad deployment phase, so the attackers were well-prepared for this move and waited for the right moment to maximize their operation's success. READ MORE...
A researcher has discovered several critical vulnerabilities in wireless broadband products made by Mimosa Networks. The flaws can expose affected devices to remote attacks. Mimosa, a division of Airspan, provides wireless broadband solutions that can be used to connect dense urban homes, as well as hard-to-reach rural homes. Four of the security holes have been assigned a severity rating of "critical," including issues that can be exploited for remote code execution. READ MORE...
A technique that threat actors first used some 20 years ago to trick users into executing malicious files appears to be making a comeback. Security vendor Vade on Tuesday said its researchers had spotted more than 400 attacks in the past two weeks employing the method - called right-to-left override (RLO) - in a phishing campaign targeting Microsoft 365 users. Just two out of 58 malware detection tools on VirusTotal were able to detect the threat, Vade said. READ MORE...