Introduction: Included is a Package Deal Offer.
CISA adds 7 vulnerabilities to list of bugs exploited by hackers
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added seven vulnerabilities to its list of bugs actively exploited by hackers, with the new flaws disclosed by Apple. Microsoft, SAP, and Google.
The 'Known Exploited Vulnerabilities Catalog' is a list of vulnerabilities shared by CISA that are known to be actively exploited in cyberattacks and must be patched by Federal Civilian Executive Branch (FCEB) agencies.
"Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise," explains CISA.
The seven new vulnerabilities added yesterday are listed below, with CISA requiring all of them to be patched by September 8th, 2022.
CVE Number | Vulnerability Title |
---|---|
CVE-2017-15944 | Palo Alto Networks PAN-OS Remote Code Execution Vulnerability |
CVE-2022-21971 | Microsoft Windows Runtime Remote Code Execution Vulnerability |
CVE-2022-26923 | Microsoft Active Directory Domain Services Privilege Escalation Vulnerability |
CVE-2022-2856 | Google Chrome Intents Insufficient Input Validation Vulnerability |
CVE-2022-32893 | Apple iOS and macOS Out-of-Bounds Write Vulnerability |
CVE-2022-32894 | Apple iOS and macOS Out-of-Bounds Write Vulnerability |
CVE-2022-22536 | SAP Multiple Products HTTP Request Smuggling Vulnerability |
How are these bugs used in attacks?
While it's helpful to know what vulnerabilities are being exploited, no details have been provided on how threat actors use them in attacks. Below we have provided the details we could find about the newly added bugs.
The critical SAP CVE-2022-22536 vulnerability was disclosed by Onapsis in February and assigned a 10/10 severity rating. CISA quickly warned admins to patch the bug as it could lead to data theft, financial fraud risks, disruptions of mission-critical business processes, ransomware attacks, and a halt of all operations.
At this time, it is not known how attackers exploit this bug, but details of the flaw were disclosed at the BlackHat security conference last week and appear to be quickly used by threat actors after the technical details were revealed.
YOUR ATTENTION EXPANDS
✓
Google blocks largest HTTPS DDoS attack 'reported to date'
A Google Cloud Armor customer was hit with a distributed denial-of-service (DDoS) attack over the HTTPS protocol that reached 46 million requests per second (RPS), making it the largest ever recorded of its kind.
- August 18, 2022
- 12:00 PM
- 3
Android malware apps with 2 million installs found on Google Play
A new batch of thirty-five Android malware apps that display unwanted advertisements was found on the Google Play Store, with the apps installed over 2 million times on victims' mobile devices.
- August 18, 2022
- 03:19 PM
- 2
An encrypted ZIP file can have two correct passwords — here's why
Password-protected ZIP archives are common means of compressing and sharing sets of files—from sensitive documents to malware samples to even malware (phishing "invoices" in emails). But, did you know it is possible for an encrypted ZIP file to have two correct passwords, with both producing the same outcome on extraction?
- August 21, 2022
- 12:27 PM
- 0
Hackers target hotel and travel companies with fake reservations
A hacker tracked as TA558 has upped their activity this year, running phishing campaigns that target multiple hotels and firms in the hospitality and travel space.
- August 21, 2022
- 10:12 AM
- 0
The Week in Ransomware - August 19th 2022 - Evolving extortion tactics
Bringing you the latest ransomware news, including new research, tactics, and cyberattacks. We also saw the return of the BlackByte ransomware operation, who has started to use new extortion tactics.
- August 19, 2022
- 07:08 PM
- 0
✓ PLEASE NOTE
New tool checks if a mobile app's browser is a privacy risk
A new online tool named 'InAppBrowser' lets you analyze the behavior of in-app browsers embedded within mobile apps and determine if they inject privacy-threatening JavaScript into websites you visit.
- August 19, 2022
- 02:12 PM
- 0
WordPress sites hacked with fake Cloudflare DDoS alerts pushing malware
WordPress sites are being hacked to display fake Cloudflare DDoS protection pages to distribute malware that installs the NetSupport RAT and the RaccoonStealer password-stealing Trojan.
- August 20, 2022
- 11:15 AM
- 1
Russia's 'Oculus' to use AI to scan sites for banned information
Russia's internet watchdog Roskomnadzor is developing a neural network that will use artificial intelligence to scan websites for prohibited information.
- August 20, 2022
- 10:07 AM
- 0
Get started with big data visualization for $39 in this course deal
If you want to learn a new skill that could reshape your career and pay dividends, consider purchasing the 2022 Big Data Visualization Toolkit Bundle, on sale for $39 during our Back to Education event ending August 24.
- August 20, 2022
- 08:12 AM
- 0
✓ POPULAR
Hackers steal crypto from Bitcoin ATMs by exploiting zero-day bug
Hackers have exploited a zero-day vulnerability in General Bytes Bitcoin ATM servers to steal cryptocurrency from customers.
- August 20, 2022
- 03:17 PM
- 0
Russian APT29 hackers abuse Azure services to hack Microsoft 365 users
The state-backed Russian cyberespionage group Cozy Bear has been particularly prolific in 2022, targeting Microsoft 365 accounts in NATO countries and attempting to access foreign policy information.
- August 19, 2022
- 11:10 AM
- 0
Get an HP EliteBook, Microsoft Office Pro, and Office training for $670
The Microsoft Office suite ranks number 8 in the most-downloaded Windows software ever, and that's not by accident. From its game-changing word processor (appropriately named Microsoft Word) to its industry-standard spreadsheet tool, Excel, Office has become a staple in office, school, and library computers worldwide. Microsoft also releases frequent updates for the suite, as well.
The suite has become so essential that roles ranging from Financial Analyst to Retail Store Manager require at least rudimentary skill in these programs to get hired. And there's a good chance that folks who apply to jobs that require Office proficiency simply don't know how to create stellar presentations or use VLOOKUP in Excel. But now, you can get the training necessary to learn these tools, a computer to use them on, and the award-winning software itself. This HP EliteBook is on sale for $669.99, and it comes with a lifetime Microsoft Office Pro license and courses to boot.
Nearly 40 hours of training with your new laptop
Calling this bundle a "package deal" is an understatement.
For one, it comes with a refurbished HP EliteBook 840 with Windows 10
Pro pre-installed, providing you with valuable security features like BitLocker. Its also equipped with an Intel Core i5 CPU, 8GB of RAM, and a sharp 14-inch display.
Don't let the refurbished status fool you. It was given an "A" refurbished rating, meaning there should be next to zero cosmetic defects — it basically looks and runs like new. As for Microsoft Office, this deal comes with a lifetime Professional 2021 license for Windows, which you can instantly redeem via software keys and download links
Finally, the bundle features courses to help you get the most out of your new software. Each class is led by an expert instructor that will guide you through the ins and outs of each program. One such instructor is Chris Dutton, a certified Microsoft Excel Expert and founder of Maven Analytics. The courses comprise 39 hours of training overall.
Want to take your Microsoft Office skills to the next level? This Microsoft Office Pro and HP EliteBook bundle are on sale for just $669.99, and they come with all the training you need to get started.
Prices subject to change.
Disclosure: This is a StackCommerce deal in partnership with BleepingComputer.com. In order to participate in this deal or giveaway you are required to register an account in our StackCommerce store. To learn more about how StackCommerce handles your registration information please see the StackCommerce Privacy Policy. Furthermore, BleepingComputer.com earns a commission for every sale made through StackCommerce.
✓
Janet Jackson's music video is now a vulnerability for crashing hard disks
Janet Jackson's Rhythm Nation music video of 1989 has officially been declared a security vulnerability as it freezes some models of hard drives on older computers.
- August 18, 2022
- 01:07 PM
- 2
-
Version: 4.5.124M+ Downloads
-
Version: 1.4.1.101721,137 Downloads
-
Version: 1.8.2.32051,001 Downloads
-
Version: NA302,397 Downloads
-
Version: 4.13.02M+ Downloads
✓
No comments:
Post a Comment