12 January 2022

BLEEP BLEEP BLEEP + MORE BLEEPS! ...We are Vulnerable

Yesterday was quite a day!
Yes there's always more to the stories and reports - for example those in this list selected for your individual attention - they do take up a lot of space, but please take the time to read  more... depending on what your interests are.
 
Hackers take over diplomat's email, target Russian deputy minister

Hackers take over diplomat's email, target Russian deputy minister

Hackers believed to work for the North Korean government have compromised the email account of a staff member of Russia's Ministry of Foreign Affairs (MID) and deployed spear-phishing attacks against the country's diplomats in other regions.

  • Log4J

    State hackers use new PowerShell backdoor in Log4j attacks

    Hackers believed to be part of the Iranian APT35 state-backed group (aka 'Charming Kitten' or 'Phosphorus') has been observed leveraging Log4Shell attacks to drop a new PowerShell backdoor.

  • Windows

    Microsoft: New critical Windows HTTP vulnerability is wormable

    Microsoft has patched a critical flaw tagged as wormable and found to impact the latest desktop and server Windows versions, including Windows 11 and Windows Server 2022.

  • Python

    This $39 course bundle is get you on the road to mastering Python

    Given how Python is incredibly in-demand, gaining mastery in it can increase your employability and may even help you land your dream role. The Ultimate Python Programmer's Bootcamp Bundle can get you acquainted with the language. It's worth $814 in total, but you can get the bundle today for just $39.

    • BleepingComputer Deals
    • January 11, 2022
    • 04:39 PM
    • Comment 0
  • Firefox Focus

    Firefox Focus now blocks cross-site tracking on Android devices

    Mozilla's Firefox Focus web browser can now protect Android users against cross-site tracking while browsing the Internet by preventing cookies from being used for advertising and monitoring your activity.

  • CISA

    CISA alerts federal agencies of ancient bugs still being exploited

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its list of known exploited vulnerabilities with 15 new security issues that serve as a frequent attack vector against federal enterprises.

  • Windows 10

    Windows 10 KB5009543 & KB5009545 updates released

    The new update is now available for Windows 10 version 21H2, version 21H1, and version 20H2 As per the official release notes, Microsoft has published two main cumulative updates for Windows 10 - KB5009543 and KB5009545.

  • Microsoft Office

    Microsoft fixes critical Office bug, delays macOS security updates

    During this year's first Patch Tuesday, Microsoft has addressed a critical severity Office vulnerability that can let attackers execute malicious code remotely on vulnerable systems.

  • Windows 11 light

    Windows 11 KB5009566 update released with security fixes

    Microsoft has released the Windows 11 KB5009566 cumulative update with security updates, performance improvements, and fixes for known bugs.

  • Microsoft Patch Tuesday

    Microsoft January 2022 Patch Tuesday fixes 6 zero-days, 97 flaws

    Today is Microsoft's January 2022 Patch Tuesday, and with it comes fixes for six zero-day vulnerabilities and a total of 97 flaws.

  • RedLine

    New RedLine malware version spread as fake Omicron stat counter

    A new variant of the RedLine info-stealer is distributed via emails using a fake COVID-19 Omicron stat counter app as a lure.

  • US flag

    US govt warns of Russian hackers targeting critical infrastructure

    The FBI, CISA, and the NSA have warned critical infrastructure network defenders to be ready to detect and block incoming attacks targeting organizations from US critical infrastructure sectors orchestrated by Russian-backed hacking groups.

  • joker

    New SysJoker backdoor targets Windows, macOS, and Linux

    A new multi-platform backdoor malware named 'SysJoker' has emerged in the wild, targeting Windows, Linux, and macOS with the ability to evade detection on all three operating systems.

    Netgear Router Nighthawk

    KCodes NetUSB bug exposes millions of routers to RCE attacks

    A high-severity remote code execution flaw tracked as CVE-2021-45388 has been discovered in the KCodes NetUSB kernel module, used by millions of router devices from various vendors.

  • Log4J

    Night Sky ransomware uses Log4j bug to hack VMware Horizon servers

    The Night Sky ransomware gang has started to exploit the critical CVE-2021-4422 vulnerability in the Log4j logging library, also known as Log4Shell, to gain access to VMware Horizon systems.

     

    No comments: