Microsoft today released patches for 84 vulnerabilities across its product categories, including one bug now actively exploited and four that the company rated as critical severity. The July security update also includes fixes for four elevation of privilege vulnerabilities in the company's perennially buggy Windows Print Spooler technology, and more than 30 bugs in its Azure Site Recovery disaster recovery service. READ MORE...
On Tuesday, Microsoft detailed an ongoing large-scale phishing campaign that can hijack user accounts when they're protected with multi-factor authentication measures designed to prevent such takeovers. The threat actors behind the operation, who have targeted 10,000 organizations since September, have used their covert access to victim email accounts to trick employees into sending the hackers money. READ MORE...
A new data extortion group has been breaching companies to steal confidential information, threatening victims to make the files publicly available unless they pay a ransom. The gang received the name Luna Moth and has been active since at least March in phishing campaigns that delivered remote access tools (RAT) that enable the corporate data theft. The Incident Response team at cybersecurity company Sygnia has been tracking the activity of the Luna Moth ransom group. READ MORE...
Eight months after disclosing a high-severity privilege escalation flaw in vCenter Server's IWA (Integrated Windows Authentication) mechanism, VMware has finally released a patch for one of the affected versions. This vulnerability (tracked as CVE-2021-22048 and reported by CrowdStrike's Yaron Zinar and Sagi Sheinfeld) also affects VMware's Cloud Foundation hybrid cloud platform deployments. READ MORE...
German software maker SAP on Tuesday announced the release of 20 new security notes and three updates to previous security notes as part of its July 2022 Security Patch Day. Of the new security notes, four deal with high-severity vulnerabilities, one impacting SAP BusinessObjects and three found in Business One. The most severe of these issues is CVE-2022-35228, an information disclosure vulnerability in the central management console of the BusinessObjects Business Intelligence Platform. READ MORE...
Software maker Adobe has rolled out a major security update for its flagship Acrobat and Reader products to fix at least 22 documented vulnerabilities, some serious enough to cause arbitrary code execution attacks. The patches, available for Adobe Acrobat and Reader for Windows and macOS, headline a busy Patch Tuesday rollout that also includes fixes for serious flaws in Adobe Photoshop, Adobe RoboHelp and Adobe Character Animator. READ MORE...
Cybercriminals are posing as Intuit's popular accounting software package QuickBooks to target Google Workspace and Microsoft 365 small business users in a voice-phishing scam. The campaign sends a false invoice via email containing a claim that a credit card has already been charged for an order. In order to dispute the charge, victims are directed to call the number included in the email, according to researchers with INKY. READ MORE...