This month's Patch Tuesday offers a little something for everyone, including security updates for a zero-day flaw in Microsoft Windows that is under active attack, and another Windows weakness experts say could be used to power a fast-spreading computer worm. Also, Apple has also quashed a pair of zero-day bugs affecting certain macOS and iOS users, and released iOS 16, which offers a new privacy and security feature called "Lockdown Mode." And Adobe axed 63 vulnerabilities in a range of products. READ MORE...
FishPig, a UK-based maker of e-commerce software used by as many as 200,000 websites, is urging customers to reinstall or update all existing program extensions after discovering a security breach of its distribution server that allowed criminals to surreptitiously backdoor customer systems. The unknown threat actors used their control of FishPig's systems to carry out a supply chain attack that infected customer systems with Rekoobe, a sophisticated backdoor discovered in June. READ MORE...
Security software firm Trend Micro warned customers today to patch an actively exploited Apex One security vulnerability as soon as possible. Apex One is an endpoint security platform that provides businesses with automated threat detection and response against malicious tools, malware, and vulnerabilities. This flaw (CVE-2022-40139) enables attackers to execute arbitrary code remotely on systems running unpatched software. READ MORE...
Windows users are once again being told to update their systems with the latest security patches from Microsoft, following the discovery of critical vulnerabilities - including ones which are already being exploited in the wild, or could be used to fuel a fast-spreading worm. In its latest "Patch Tuesday" update, Microsoft released patches which addressed over 60 security holes in its products, including five vulnerabilities which were ranked as "critical." READ MORE...
Siemens and Schneider Electric have released their Patch Tuesday security advisories to inform customers about dozens of vulnerabilities affecting their industrial products. Siemens has released five new advisories describing a total of 37 patched vulnerabilities. One of the advisories covers third-party component flaws in the Sinec INS (Infrastructure Network Services) web-based application for managing network services. READ MORE...
Software maker Adobe has rolled out security fixes for at least 63 security vulnerabilities in a wide range of widely deployed Windows and macOS software products. As part of the scheduled September batch of Patch Tuesday updates, Adobe called attention to critical-rated bulletins affecting the Adobe Bridge, InDesign, Photoshop, InCopy, Animage and Illustrator software products. READ MORE...
An Iranian-aligned hacking group uses a new, elaborate phishing technique where they use multiple personas and email accounts to lure targets into thinking its a realistic email conversation. Named 'multi-persona impersonation' (MPI) by researchers at Proofpoint who noticed it for the first time, the technique leverages the psychology principle of "social proof" to obscure logical thinking and add an element of trustworthiness to the phishing threads. READ MORE...
The Wordfence Threat Intelligence team warned today that WordPress sites are actively targeted with exploits targeting a zero-day vulnerability in the WPGateway premium plugin. WPGateway is a WordPress plugin that allows admins to simplify various tasks, including setting up and backing up sites and managing themes and plugins from a central dashboard. This critical privilege escalation security flaw (CVE-2022-3180) enables unauthenticated attackers to add a rogue user with admin privileges. READ MORE...
Researchers have discovered two potentially serious vulnerabilities in wireless LAN devices that they say are often used in airplanes. Researchers Thomas Knudsen and Samy Younsi of Necrum Security Labs identified the vulnerabilities in the Flexlan FX3000 and FX2000 series wireless LAN devices made by Contec, a Japan-based company that specializes in embedded computing, industrial automation, and IoT communication technology. READ MORE...