Microsoft’s first batch of patches for 2022 is a big one: 97 documented security flaws in the Windows ecosystem, some serious enough to cause remote code execution attacks.
Patch Tuesday: Microsoft Calls Attention to ‘Wormable’ Windows Flaw
Adobe Patches Reader Flaws That Earned Hackers $150,000 at Chinese Contest
Adobe on Tuesday announced security updates for several products, including for Acrobat and Reader, in which the software giant patched a total of 26 vulnerabilities.
Details Disclosed for Recent Vulnerabilities in SonicWall Remote Access Appliances
Rapid7 today shared details on a series of vulnerabilities that SonicWall patched in the Secure Mobile Access (SMA) 100 series secure access gateway products last month.
Millions of Routers Impacted by NetUSB Kernel Vulnerability
A vulnerability in the NetUSB kernel module could allow remote attackers to execute code on millions of router devices, endpoint security company SentinelOne warns.
Moxie Marlinspike Steps Down as Signal CEO
Celebrated cryptographer Moxie Marlinspike is stepping down as chief executive at Signal, temporarily turning the reins of the popular encrypted messaging platform to WhatsApp co-founder Brian Acton.
CISA Unaware of Any Significant Log4j Breaches in U.S.
CISA Concerned About Risk Posed by Log4Shell to Critical Infrastructure
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) says it’s currently unaware of any significant breaches related to the recently disclosed Log4j vulnerabilities.
New ‘powerdir’ Vulnerability in macOS Exposes Protected Data
A vulnerability addressed recently in Apple’s macOS platform could be exploited to gain unauthorized access to a user’s personal data, Microsoft explains.
Industrial Firms Advised Not to Ignore Security Risks Posed by URL Parsing Confusion
Researchers from industrial cybersecurity firm Claroty and developer security company Snyk have analyzed more than a dozen URL parsing libraries and showed how inconsistencies can lead to various types of vulnerabilities. Industrial organizations have been advised not to ignore these findings.
Apache Foundation Calls Out Open-Source Leechers
The Apache Software Foundation (ASF) is calling out for-profit companies leeching on open-source code, warning that “only a tiny percentage” of downstream vendors are contributing to securing the open-source ecosystem.
SonicWall Patches Y2K22 Bug in Email Security, Firewall Products
Cybersecurity firm SonicWall says it has released patches for some of its email security and firewall products to address a bug that resulted in failed junk box and message log updates.
