Microsoft’s first batch of patches for 2022 is a big one: 97 documented security flaws in the Windows ecosystem, some serious enough to cause remote code execution attacks.
Patch Tuesday: Microsoft Calls Attention to ‘Wormable’ Windows Flaw
Millions of Routers Impacted by NetUSB Kernel Vulnerability
A vulnerability in the NetUSB kernel module could allow remote attackers to execute code on millions of router devices, endpoint security company SentinelOne warns.
Apache Foundation Calls Out Open-Source Leechers
The Apache Software Foundation (ASF) is calling out for-profit companies leeching on open-source code, warning that “only a tiny percentage” of downstream vendors are contributing to securing the open-source ecosystem.
Zloader Banking Malware Exploits Microsoft Signature Verification
The aggressive Zloader banking malware campaign is exploiting Microsoft’s digital signature verification method to inject code into a signed system DLL, according to researchers at Check Point.
VMware Plugs Security Holes in Workstation, Fusion and ESXi
VMware this week shipped security updates for its Workstation, Fusion and ESXi product lines, warning that a heap-overflow vulnerability could expose users to code execution attacks.
Recorded Future Acquires SecurityTrails in $65M Deal
With eyes firmly set on the booming attack surface management space, threat intel powerhouse Recorded Future is shelling out $65 million to purchase SecurityTrails, a startup that helps organizations keep track of internet-facing assets.
Attackers Hitting VMWare Horizon Servers With Log4j Exploits
Threat hunters in the U.K.’s National Health Service have raised an alarm for an unknown threat actor hitting vulnerable VMWare Horizon servers with exploits for the ubiquitous Log4j security flaw.
Research: Simulated Phishing Tests Make Organizations Less Secure
A large-scale, long-term phishing experiment conducted in a 56,000-employee organization has come to a startling conclusion: Those simulated phishing tests commonly seen in corporate user-education campaigns are actually making things much worse.
Microsoft Confirms ‘NotLegit’ Azure Flaw Exposed Source Code Repositories
Microsoft has quietly started notifying some Azure customers that a serious security vulnerability in the Azure App Service has caused the exposure of hundreds of source code repositories.
Google Finds 35,863 Java Packages Using Defective Log4j
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
