Microsoft’s first batch of patches for 2022 is a big one: 97 documented security flaws in the Windows ecosystem, some serious enough to cause remote code execution attacks.
Patch Tuesday: Microsoft Calls Attention to ‘Wormable’ Windows Flaw
Moxie Marlinspike Steps Down as Signal CEO
Celebrated cryptographer Moxie Marlinspike is stepping down as chief executive at Signal, temporarily turning the reins of the popular encrypted messaging platform to WhatsApp co-founder Brian Acton.
Apache Foundation Calls Out Open-Source Leechers
The Apache Software Foundation (ASF) is calling out for-profit companies leeching on open-source code, warning that “only a tiny percentage” of downstream vendors are contributing to securing the open-source ecosystem.
Zloader Banking Malware Exploits Microsoft Signature Verification
The aggressive Zloader banking malware campaign is exploiting Microsoft’s digital signature verification method to inject code into a signed system DLL, according to researchers at Check Point.
VMware Plugs Security Holes in Workstation, Fusion and ESXi
VMware this week shipped security updates for its Workstation, Fusion and ESXi product lines, warning that a heap-overflow vulnerability could expose users to code execution attacks.
Recorded Future Acquires SecurityTrails in $65M Deal
With eyes firmly set on the booming attack surface management space, threat intel powerhouse Recorded Future is shelling out $65 million to purchase SecurityTrails, a startup that helps organizations keep track of internet-facing assets.
Fresh Warnings Issued Over Abuse of Google Services
U.S. government agencies and cybersecurity companies are warning users and organizations about cybercriminals abusing Google services to achieve their goals.
FBI warns about Google Voice abuse
Attackers Hitting VMWare Horizon Servers With Log4j Exploits
Threat hunters in the U.K.’s National Health Service have raised an alarm for an unknown threat actor hitting vulnerable VMWare Horizon servers with exploits for the ubiquitous Log4j security flaw.
Research: Simulated Phishing Tests Make Organizations Less Secure
A large-scale, long-term phishing experiment conducted in a 56,000-employee organization has come to a startling conclusion: Those simulated phishing tests commonly seen in corporate user-education campaigns are actually making things much worse.
Microsoft Confirms ‘NotLegit’ Azure Flaw Exposed Source Code Repositories
Microsoft has quietly started notifying some Azure customers that a serious security vulnerability in the Azure App Service has caused the exposure of hundreds of source code repositories.
