Microsoft has silently fixed an important-severity security flaw in its Azure Container Service (ACS) after an external researcher warned that a buggy feature allowed cross-tenant network bypass attacks.
LastPass Says Password Vault Data Stolen in Data Breach
Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that could be exposed by brute-forcing or guessing master passwords.
Microsoft Details Recent macOS Gatekeeper Bypass Vulnerability
Microsoft this week shared details on CVE-2022-42821, a Gatekeeper bypass vulnerability that Apple recently addressed in macOS Ventura, Monterey, and Big Sur.
FoxIt Patches Code Execution Flaws in PDF Tools
Foxit Software has rolled out a critical-severity patch to cover a dangerous remote code execution flaw in its flagship PDF Reader and PDF Editor products.
US Food Companies Warned of BEC Attacks Stealing Food Product Shipments
The Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the US Department of Agriculture (USDA) are raising alarm on business email compromise (BEC) attacks leading to the theft of shipments of food products and ingredients.
Security Firms Warn Microsoft of Signed Drivers Used to Kill EDR, AV Processes
Several cybersecurity firms have warned Microsoft that cybercriminals have been using signed malicious drivers to kill processes associated with antivirus (AV) and endpoint detection and response (EDR) products.
Patch Tuesday: Microsoft Plugs Windows Hole Exploited in Ransomware Attacks
Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.
The operating system update, released as part of Microsoft’s scheduled Patch Tuesday, addresses a flaw that lets malicious attackers use rigged files to evade MOTW (Mart of the Web) defenses.
Adobe Patches 38 Flaws in Enterprise Software Products
After skipping last month, Adobe returned to its scheduled Patch Tuesday cadence with the release of fixes for at least 38 vulnerabilities in multiple enterprise-facing products.
The San Jose, California software maker said the flaws could expose users to code execution and privilege escalation attacks across all computer platforms.
VMware Patches VM Escape Flaw Exploited at Geekpwn Event
Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine escape bug exploited at the GeekPwn 2022 hacking challenge.
NSA Outs Chinese Hackers Exploiting Citrix Zero-Day
Virtualization technology giant Citrix on Tuesday scrambled out an emergency patch to cover a zero-day flaw in its networking product line and warned that a Chinese hacking group has already been caught exploiting the vulnerability.