IT Security Newsletter - 7/13/2022
Microsoft Issues Fixes for 84 Vulnerabilities: Here's What to Patch Now
Microsoft today released patches for 84 vulnerabilities across its product categories, including one bug now actively exploited and four that the company rated as critical severity. The July security update also includes fixes for four elevation of privilege vulnerabilities in the company's perennially buggy Windows Print Spooler technology, and more than 30 bugs in its Azure Site Recovery disaster recovery service. READ MORE...
Ongoing phishing campaign can hack you even when you're protected with MFA
On Tuesday, Microsoft detailed an ongoing large-scale phishing campaign that can hijack user accounts when they're protected with multi-factor authentication measures designed to prevent such takeovers. The threat actors behind the operation, who have targeted 10,000 organizations since September, have used their covert access to victim email accounts to trick employees into sending the hackers money. READ MORE...
New 'Luna Moth' hackers breach orgs via fake subscription renewals
A new data extortion group has been breaching companies to steal confidential information, threatening victims to make the files publicly available unless they pay a ransom. The gang received the name Luna Moth and has been active since at least March in phishing campaigns that delivered remote access tools (RAT) that enable the corporate data theft. The Incident Response team at cybersecurity company Sygnia has been tracking the activity of the Luna Moth ransom group. READ MORE...
VMware patches vCenter Server flaw disclosed in November
Eight months after disclosing a high-severity privilege escalation flaw in vCenter Server's IWA (Integrated Windows Authentication) mechanism, VMware has finally released a patch for one of the affected versions. This vulnerability (tracked as CVE-2021-22048 and reported by CrowdStrike's Yaron Zinar and Sagi Sheinfeld) also affects VMware's Cloud Foundation hybrid cloud platform deployments. READ MORE...
SAP Patches High-Severity Vulnerabilities in Business One Product
German software maker SAP on Tuesday announced the release of 20 new security notes and three updates to previous security notes as part of its July 2022 Security Patch Day. Of the new security notes, four deal with high-severity vulnerabilities, one impacting SAP BusinessObjects and three found in Business One. The most severe of these issues is CVE-2022-35228, an information disclosure vulnerability in the central management console of the BusinessObjects Business Intelligence Platform. READ MORE...
Adobe Patch Tuesday: Critical Flaws in Acrobat, Reader, Photoshop
Software maker Adobe has rolled out a major security update for its flagship Acrobat and Reader products to fix at least 22 documented vulnerabilities, some serious enough to cause arbitrary code execution attacks. The patches, available for Adobe Acrobat and Reader for Windows and macOS, headline a busy Patch Tuesday rollout that also includes fixes for serious flaws in Adobe Photoshop, Adobe RoboHelp and Adobe Character Animator. READ MORE...
QuickBooks Vishing Scam Targets Small Businesses
Cybercriminals are posing as Intuit's popular accounting software package QuickBooks to target Google Workspace and Microsoft 365 small business users in a voice-phishing scam. The campaign sends a false invoice via email containing a claim that a credit card has already been charged for an order. In order to dispute the charge, victims are directed to call the number included in the email, according to researchers with INKY. READ MORE...
- ...in 1923, the Hollywood sign (which read "Hollywoodland" until 1949) is officially dedicated in Los Angeles.
- ...in 1940, actor Sir Patrick Stewart ("Star Trek: The Next Generation", "X-Men") is born in Yorkshire, England.
- ...in 1942, actor Harrison Ford ("Raiders of the Lost Ark", "Star Wars") is born in Chicago, IL.
- ...in 1973, Queen release their self-titled debut album.