21 August 2022

BLEEPING COMPUTER UPDATES: 3 from today (21 Aug 2022) + Latest Articles

 Introduction: Included is a Package Deal Offer. 



www.bleepingcomputer.com

CISA adds 7 vulnerabilities to list of bugs exploited by hackers

Lawrence Abrams
9 - 11 minutes

CISA

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added seven vulnerabilities to its list of bugs actively exploited by hackers, with the new flaws disclosed by Apple. Microsoft, SAP, and Google.

The 'Known Exploited Vulnerabilities Catalog' is a list of vulnerabilities shared by CISA that are known to be actively exploited in cyberattacks and must be patched by Federal Civilian Executive Branch (FCEB) agencies.

"Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise," explains CISA.

The seven new vulnerabilities added yesterday are listed below, with CISA requiring all of them to be patched by September 8th, 2022.

CVE Number Vulnerability Title
CVE-2017-15944 Palo Alto Networks PAN-OS Remote Code Execution Vulnerability
CVE-2022-21971 Microsoft Windows Runtime Remote Code Execution Vulnerability
CVE-2022-26923 Microsoft Active Directory Domain Services Privilege Escalation Vulnerability
CVE-2022-2856 Google Chrome Intents Insufficient Input Validation Vulnerability
CVE-2022-32893 Apple iOS and macOS Out-of-Bounds Write Vulnerability
CVE-2022-32894 Apple iOS and macOS Out-of-Bounds Write Vulnerability
CVE-2022-22536 SAP Multiple Products HTTP Request Smuggling Vulnerability

How are these bugs used in attacks?

While it's helpful to know what vulnerabilities are being exploited, no details have been provided on how threat actors use them in attacks. Below we have provided the details we could find about the newly added bugs.

The critical SAP CVE-2022-22536 vulnerability was disclosed by Onapsis in February and assigned a 10/10 severity rating. CISA quickly warned admins to patch the bug as it could lead to data theft, financial fraud risks, disruptions of mission-critical business processes, ransomware attacks, and a halt of all operations.

At this time, it is not known how attackers exploit this bug, but details of the flaw were disclosed at the BlackHat security conference last week and appear to be quickly used by threat actors after the technical details were revealed.

YOUR ATTENTION EXPANDS 


  • Google blocks largest HTTPS DDoS attack 'reported to date'

    A Google Cloud Armor customer was hit with a distributed denial-of-service (DDoS) attack over the HTTPS protocol that reached 46 million requests per second (RPS), making it the largest ever recorded of its kind.

  • Android malware apps with 2 million installs found on Google Play

    A new batch of thirty-five Android malware apps that display unwanted advertisements was found on the Google Play Store, with the apps installed over 2 million times on victims' mobile devices.

  • An encrypted ZIP file can have two correct passwords — here's why

    Password-protected ZIP archives are common means of compressing and sharing sets of files—from sensitive documents to malware samples to even malware (phishing "invoices" in emails). But, did you know it is possible for an encrypted ZIP file to have two correct passwords, with both producing the same outcome on extraction?

  • Hackers target hotel and travel companies with fake reservations

    A hacker tracked as TA558 has upped their activity this year, running phishing campaigns that target multiple hotels and firms in the hospitality and travel space.

  • The Week in Ransomware - August 19th 2022 - Evolving extortion tactics

    Bringing you the latest ransomware news, including new research, tactics, and cyberattacks. We also saw the return of the BlackByte ransomware operation, who has started to use new extortion tactics.

  • ✓ PLEASE NOTE

  • New tool checks if a mobile app's browser is a privacy risk

    A new online tool named 'InAppBrowser' lets you analyze the behavior of in-app browsers embedded within mobile apps and determine if they inject privacy-threatening JavaScript into websites you visit.

  • WordPress sites hacked with fake Cloudflare DDoS alerts pushing malware

    WordPress sites are being hacked to display fake Cloudflare DDoS protection pages to distribute malware that installs the NetSupport RAT and the RaccoonStealer password-stealing Trojan.

  • Russia's 'Oculus' to use AI to scan sites for banned information

    Russia's internet watchdog Roskomnadzor is developing a neural network that will use artificial intelligence to scan websites for prohibited information.

  • Get started with big data visualization for $39 in this course deal

    If you want to learn a new skill that could reshape your career and pay dividends, consider purchasing the 2022 Big Data Visualization Toolkit Bundle, on sale for $39 during our Back to Education event ending August 24.

    • BleepingComputer Deals
    • August 20, 2022
    • 08:12 AM
    • Comment 0
  • ✓ POPULAR 

  • Hackers steal crypto from Bitcoin ATMs by exploiting zero-day bug

    Hackers have exploited a zero-day vulnerability in General Bytes Bitcoin ATM servers to steal cryptocurrency from customers.

  •  
  • Russian APT29 hackers abuse Azure services to hack Microsoft 365 users

    The state-backed Russian cyberespionage group Cozy Bear has been particularly prolific in 2022, targeting Microsoft 365 accounts in NATO countries and attempting to access foreign policy information.

  • www.bleepingcomputer.com

    Get an HP EliteBook, Microsoft Office Pro, and Office training for $670

    Lawrence Abrams
    7 - 9 minutes

    HP Elitebook laptops

    The Microsoft Office suite ranks number 8 in the most-downloaded Windows software ever, and that's not by accident. From its game-changing word processor (appropriately named Microsoft Word) to its industry-standard spreadsheet tool, Excel, Office has become a staple in office, school, and library computers worldwide. Microsoft also releases frequent updates for the suite, as well.

    The suite has become so essential that roles ranging from Financial Analyst to Retail Store Manager require at least rudimentary skill in these programs to get hired. And there's a good chance that folks who apply to jobs that require Office proficiency simply don't know how to create stellar presentations or use VLOOKUP in Excel. But now, you can get the training necessary to learn these tools, a computer to use them on, and the award-winning software itself. This HP EliteBook is on sale for $669.99, and it comes with a lifetime Microsoft Office Pro license and courses to boot. 

    Nearly 40 hours of training with your new laptop

    Calling this bundle a "package deal" is an understatement. For one, it comes with a refurbished HP EliteBook 840 with Windows 10 Pro pre-installed, providing you with valuable security features like BitLocker. Its also equipped with an Intel Core i5 CPU, 8GB of RAM, and a sharp 14-inch display.

    Don't let the refurbished status fool you. It was given an "A" refurbished rating, meaning there should be next to zero cosmetic defects — it basically looks and runs like new. As for Microsoft Office, this deal comes with a lifetime Professional 2021 license for Windows, which you can instantly redeem via software keys and download links

    Finally, the bundle features courses to help you get the most out of your new software. Each class is led by an expert instructor that will guide you through the ins and outs of each program. One such instructor is Chris Dutton, a certified Microsoft Excel Expert and founder of Maven Analytics. The courses comprise 39 hours of training overall.

    Want to take your Microsoft Office skills to the next level? This Microsoft Office Pro and HP EliteBook bundle are on sale for just $669.99, and they come with all the training you need to get started. 

    Prices subject to change.

    Disclosure: This is a StackCommerce deal in partnership with BleepingComputer.com. In order to participate in this deal or giveaway you are required to register an account in our StackCommerce store. To learn more about how StackCommerce handles your registration information please see the StackCommerce Privacy Policy. Furthermore, BleepingComputer.com earns a commission for every sale made through StackCommerce.

    ✓ 

  • Janet Jackson's music video is now a vulnerability for crashing hard disks

    Janet Jackson's Rhythm Nation music video of 1989 has officially been declared a security vulnerability as it freezes some models of hard drives on older computers.

  • Latest Downloads


    No comments:

    AIN'T HAPPENING: 'Everybody thinking Infowars was shut down, you're in for a rude awakening.' . . . Judge halts Infowars' sale to The Onion in shock move

    A Texas judge pressed the pause button on   The Onion's winning bid for Alex Jones' Infowars  network over questions about the biddi...