Microsoft’s Patch Tuesday train rumbled into Windows networks with fixes for 51 documented security vulnerabilities, some serious enough to cause full computer takeover attacks.
Microsoft Patches for 51 Windows Security Defects
High-Severity Flaw in Argo CD is Information Leak Risk
A high-severity security vulnerability in Argo CD could allow an attacker to access sensitive information from target applications.
Volexity Warns of ‘Active Exploitation’ of Zimbra Zero-Day
Malware hunters at Volexity are raising the alarm for a Chinese threat actor seen exploiting a zero-day flaw in the Zimbra email platform to infect media and government targets in Europe.
Attack Surface Management Play Censys Scores $35M Investment
The jostling for space in the attack surface management space intensified this week with Michigan startup Censys banking a new $35 million funding round to fuel growth and expansion.
UK’s NCSC Pushes NMAP Scanner Scripts to Fill Defender Gap
The U.K. government’s cybersecurity agency has announced plans to ship a collection of well-tested, reliable scanning scripts to help defenders find and fix high-priority software security vulnerabilities.
PrinterLogic Patches Code Execution Flaws in Printer Management Suite
PrinterLogic has released security updates to address a total of nine vulnerabilities in Web Stack and Virtual Appliance, including three security defects that carry “high severity” ratings.
Microsoft Restricts Excel 4.0 Macros by Default
Microsoft has announced improved security for the users of its flagship Office productivity suite, courtesy of Excel 4.0 (XLM) macros now being restricted by default.
CISA Releases Final IPv6 Security Guidance for Federal Agencies
The U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released the final version of its IPv6 security guidance for federal agencies.
Multi-Factor Authentication Bypass Led to Box Account Takeover
A vulnerability in Box’s implementation of multi-factor authentication (MFA) allowed attackers to take over victim’s accounts without having access to the victim’s phone, according to new research from Varonis.
Details Published on AWS Flaws Leading to Data Leaks
Researchers at cloud security startup Orca Security have publicly documented a pair of vulnerabilities in AWS CloudFormation and AWS Glue that attackers could use to leak sensitive files or access other customers’ data.
