Microsoft’s massive Patch Tuesday rollout this month included fixes for multiple high-severity vulnerabilities impacting the Azure Site Recovery service.
DLL Hijacking Flaw Fixed in Microsoft Azure Site Recovery
Microsoft Releases Open Source Toolkit for Generating SBOMs
Software giant Microsoft has open-sourced its internal tool for generating SBOMs (software bill of materials) as part of a move to help organizations be more transparent about supply chain relationships between components used when building a software product.
Microsoft Patch Tuesday: 84 Windows Vulns, Including Already-Exploited Zero-Day
Microsoft has issued an urgent Patch Tuesday bulletin to warn of in-the-wild zero-day exploitation of a privilege escalation flaw in the Windows operating system.
Adobe Patch Tuesday: Critical Flaws in Acrobat, Reader, Photoshop
Software maker Adobe has rolled out a major security update for its flagship Acrobat and Reader products to fix at least 22 documented vulnerabilities, some serious enough to cause arbitrary code execution attacks.
Free Decryptors Released for AstraLocker Ransomware
Cybersecurity firm Emsisoft has released free decryptor tools for AstraLocker, a “smash-and-grab” ransomware family that was recently retired.
OpenSSL Patches Remote Code Execution Vulnerability
OpenSSL has issued an urgent advisory to warn of a memory corruption vulnerability that exposes servers to remote code execution attacks.
The vulnerability, tracked as CVE-2022-2274, was introduced in OpenSSL 3.0.4 and could potentially allow malicious hackers to launch remote code attacks on unpatched SSL/TLS server side devices.
US, UK Leaders Raise Fresh Alarms About Chinese Espionage
The head of the FBI and the leader of Britain’s domestic intelligence agency raised alarms Wednesday about the Chinese government, warning business leaders that Beijing is determined to steal their technology for competitive gain.
Apple Adds ‘Lockdown Mode’ to Thwart .Gov Mercenary Spyware
Faced with a surge in state-sponsored mercenary spyware attacks targeting its flagship iOS platform, Apple plans to add a new ‘Lockdown Mode’ that significantly reduces attack surface and adds technical roadblocks to limit sophisticated software exploits.
Researchers Flag ‘Significant Escalation’ in Software Supply Chain Attacks
Security researchers at ReversingLabs are warning of a “significant escalation in software supply chain attacks” after discovering more than two dozen malicious NPM packages siphoning user data from mobile and desktop applications.
DoD Launches ‘Hack US’ Bounties for Major Flaws in Publicly Exposed Assets
The United States Department of Defense (DoD) has launched a one-week bug bounty program to reward researchers who find high- and critical-severity vulnerabilities in publicly accessible assets owned by the DoD.
