<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 9/14/2022

SHARE

Top News

Wormable Flaw, 0days Lead Sept. 2022 Patch Tuesday

This month's Patch Tuesday offers a little something for everyone, including security updates for a zero-day flaw in Microsoft Windows that is under active attack, and another Windows weakness experts say could be used to power a fast-spreading computer worm. Also, Apple has also quashed a pair of zero-day bugs affecting certain macOS and iOS users, and released iOS 16, which offers a new privacy and security feature called "Lockdown Mode." And Adobe axed 63 vulnerabilities in a range of products. READ MORE...

Breaches

Breach of software maker used to backdoor as many as 200,000 servers

FishPig, a UK-based maker of e-commerce software used by as many as 200,000 websites, is urging customers to reinstall or update all existing program extensions after discovering a security breach of its distribution server that allowed criminals to surreptitiously backdoor customer systems. The unknown threat actors used their control of FishPig's systems to carry out a supply chain attack that infected customer systems with Rekoobe, a sophisticated backdoor discovered in June. READ MORE...

Software Updates

Trend Micro warns of actively exploited Apex One RCE vulnerability

Security software firm Trend Micro warned customers today to patch an actively exploited Apex One security vulnerability as soon as possible. Apex One is an endpoint security platform that provides businesses with automated threat detection and response against malicious tools, malware, and vulnerabilities. This flaw (CVE-2022-40139) enables attackers to execute arbitrary code remotely on systems running unpatched software. READ MORE...


Patch now! Microsoft issues critical security updates as PCs attacked through zero-day flaw

Windows users are once again being told to update their systems with the latest security patches from Microsoft, following the discovery of critical vulnerabilities - including ones which are already being exploited in the wild, or could be used to fuel a fast-spreading worm. In its latest "Patch Tuesday" update, Microsoft released patches which addressed over 60 security holes in its products, including five vulnerabilities which were ranked as "critical." READ MORE...


ICS Patch Tuesday: Siemens, Schneider Electric Fix High-Severity Vulnerabilities

Siemens and Schneider Electric have released their Patch Tuesday security advisories to inform customers about dozens of vulnerabilities affecting their industrial products. Siemens has released five new advisories describing a total of 37 patched vulnerabilities. One of the advisories covers third-party component flaws in the Sinec INS (Infrastructure Network Services) web-based application for managing network services. READ MORE...


Adobe Patches 63 Security Flaws in Patch Tuesday Bundle

Software maker Adobe has rolled out security fixes for at least 63 security vulnerabilities in a wide range of widely deployed Windows and macOS software products. As part of the scheduled September batch of Patch Tuesday updates, Adobe called attention to critical-rated bulletins affecting the Adobe Bridge, InDesign, Photoshop, InCopy, Animage and Illustrator software products. READ MORE...

Exploits/Vulnerabilities

Hackers now use 'sock puppets' for more realistic phishing attacks

An Iranian-aligned hacking group uses a new, elaborate phishing technique where they use multiple personas and email accounts to lure targets into thinking its a realistic email conversation. Named 'multi-persona impersonation' (MPI) by researchers at Proofpoint who noticed it for the first time, the technique leverages the psychology principle of "social proof" to obscure logical thinking and add an element of trustworthiness to the phishing threads. READ MORE...


Zero-day in WPGateway Wordpress plugin actively exploited in attacks

The Wordfence Threat Intelligence team warned today that WordPress sites are actively targeted with exploits targeting a zero-day vulnerability in the WPGateway premium plugin. WPGateway is a WordPress plugin that allows admins to simplify various tasks, including setting up and backing up sites and managing themes and plugins from a central dashboard. This critical privilege escalation security flaw (CVE-2022-3180) enables unauthenticated attackers to add a rogue user with admin privileges. READ MORE...


Passengers Exposed to Hacking via Vulnerabilities in Airplane Wi-Fi Devices

Researchers have discovered two potentially serious vulnerabilities in wireless LAN devices that they say are often used in airplanes. Researchers Thomas Knudsen and Samy Younsi of Necrum Security Labs identified the vulnerabilities in the Flexlan FX3000 and FX2000 series wireless LAN devices made by Contec, a Japan-based company that specializes in embedded computing, industrial automation, and IoT communication technology. READ MORE...

On This Date

  • ...in 1956, the IBM RAMAC 305 was introduced.
  • ...in 1959, the Soviet probe Luna 2 crashes onto the Moon, becoming the first man-made object to reach it.
  • ...in 1994, Major League Baseball cancels the 1994 season and the World Series.
  • ...in 2000, Microsoft introduced the last update to the OS, MS-DOS. (Version 8.0)