Microsoft’s first batch of patches for 2022 is a big one: 97 documented security flaws in the Windows ecosystem, some serious enough to cause remote code execution attacks.
Patch Tuesday: Microsoft Calls Attention to ‘Wormable’ Windows Flaw
Moxie Marlinspike Steps Down as Signal CEO
Celebrated cryptographer Moxie Marlinspike is stepping down as chief executive at Signal, temporarily turning the reins of the popular encrypted messaging platform to WhatsApp co-founder Brian Acton.
Apache Foundation Calls Out Open-Source Leechers
The Apache Software Foundation (ASF) is calling out for-profit companies leeching on open-source code, warning that “only a tiny percentage” of downstream vendors are contributing to securing the open-source ecosystem.
Abcbot DDoS Botnet Linked to Older Cryptojacking Campaign
The relatively recent Abcbot botnet appears to be operated by the same cybercriminals that launched a Xanthe-based cryptojacking campaign first detailed a couple of years ago, Cado Security says.
Zloader Banking Malware Exploits Microsoft Signature Verification
The aggressive Zloader banking malware campaign is exploiting Microsoft’s digital signature verification method to inject code into a signed system DLL, according to researchers at Check Point.
VMware Plugs Security Holes in Workstation, Fusion and ESXi
VMware this week shipped security updates for its Workstation, Fusion and ESXi product lines, warning that a heap-overflow vulnerability could expose users to code execution attacks.
Recorded Future Acquires SecurityTrails in $65M Deal
With eyes firmly set on the booming attack surface management space, threat intel powerhouse Recorded Future is shelling out $65 million to purchase SecurityTrails, a startup that helps organizations keep track of internet-facing assets.
Attackers Hitting VMWare Horizon Servers With Log4j Exploits
Threat hunters in the U.K.’s National Health Service have raised an alarm for an unknown threat actor hitting vulnerable VMWare Horizon servers with exploits for the ubiquitous Log4j security flaw.
Eight New macOS Malware Families Emerged in 2021
Eight new macOS malware families emerged in 2021, according to Patrick Wardle, a security researcher who specializes in Apple products.
Research: Simulated Phishing Tests Make Organizations Less Secure
A large-scale, long-term phishing experiment conducted in a 56,000-employee organization has come to a startling conclusion: Those simulated phishing tests commonly seen in corporate user-education campaigns are actually making things much worse.
