Microsoft November 2021 Patch Tuesday fixes 6 zero-days, 55 flaws
Today is Microsoft's November 2021 Patch Tuesday, and with it comes fixes for six zero-day vulnerabilities and a total of 55 flaws. The actively exploited vulnerabilities are for Microsoft Exchange and Excel, with the Exchange zero-day used as part of the Tianfu hacking contest. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-november-2021-patch-tuesday-fixes-6-zero-days-55-flaws/
Today is Microsoft's November 2021 Patch Tuesday, and with it comes fixes for six zero-day vulnerabilities and a total of 55 flaws. The actively exploited vulnerabilities are for Microsoft Exchange and Excel, with the Exchange zero-day used as part of the Tianfu hacking contest. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-november-2021-patch-tuesday-fixes-6-zero-days-55-flaws/
BleepingComputer
Microsoft November 2021 Patch Tuesday fixes 6 zero-days, 55 flaws
Today is Microsoft's November 2021 Patch Tuesday, and with it comes fixes for six zero-day vulnerabilities and a total of 55 flaws. The actively exploited vulnerabilities are for Microsoft Exchange and Excel, with the Exchange zero-day used as part of theβ¦
Windows 11 KB5007215 update released with application fixes
Microsoft has released the Windows 11 KB5007215 cumulative update to fix security vulnerabilities and bugs introduced in previous versions. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5007215-update-released-with-application-fixes/
Microsoft has released the Windows 11 KB5007215 cumulative update to fix security vulnerabilities and bugs introduced in previous versions. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5007215-update-released-with-application-fixes/
BleepingComputer
Windows 11 KB5007215 update released with application fixes
Microsoft has released the Windows 11 KB5007215 cumulative update to fix security vulnerabilities and bugs introduced in previous versions.
Microsoft urges Exchange admins to patch bug exploited in the wild
Microsoft warned admins today to immediately patch a high severity Exchange Server vulnerability that may allow authenticated attackers to execute code remotely on vulnerable servers. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-urges-exchange-admins-to-patch-bug-exploited-in-the-wild/
Microsoft warned admins today to immediately patch a high severity Exchange Server vulnerability that may allow authenticated attackers to execute code remotely on vulnerable servers. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-urges-exchange-admins-to-patch-bug-exploited-in-the-wild/
BleepingComputer
Microsoft urges Exchange admins to patch bug exploited in the wild
Microsoft warned admins today to immediately patch a high severity Exchange Server vulnerability that may allow authenticated attackers to execute code remotely on vulnerable servers.
Microsoft: Windows 10 2004 reaches end of service next month
Microsoft has reminded users today that all editions of Windows 10, version 2004 and Windows Server, version 2004 (also known as the Windows 10 May 2020 Update), will reach end of servicing on December 14, 2021. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-10-2004-reaches-end-of-service-next-month/
Microsoft has reminded users today that all editions of Windows 10, version 2004 and Windows Server, version 2004 (also known as the Windows 10 May 2020 Update), will reach end of servicing on December 14, 2021. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-10-2004-reaches-end-of-service-next-month/
BleepingComputer
Microsoft: Windows 10 2004 reaches end of service next month
Microsoft has reminded users today that all editions of Windows 10, version 2004 and Windows Server, version 2004 (also known as the Windows 10 May 2020 Update), will reach end of servicing on December 14, 2021.
TeamTNT hackers target your poorly configured Docker servers
Poorly configured Docker servers and being actively targeted by the TeamTNT hacking group in an ongoing campaign started last month. [...]
https://www.bleepingcomputer.com/news/security/teamtnt-hackers-target-your-poorly-configured-docker-servers/
Poorly configured Docker servers and being actively targeted by the TeamTNT hacking group in an ongoing campaign started last month. [...]
https://www.bleepingcomputer.com/news/security/teamtnt-hackers-target-your-poorly-configured-docker-servers/
BleepingComputer
TeamTNT hackers target your poorly configured Docker servers
Poorly configured Docker servers and being actively targeted by the TeamTNT hacking group in an ongoing campaign started last month.
NUCLEUS:13 TCP security bugs impact critical healthcare devices
Researchers today published details about a suite of 13 vulnerabilities in the Nucleus real-time operating system (RTOS) from Siemens that powers devices used in the medical, industrial, automotive, and aerospace sectors. [...]
https://www.bleepingcomputer.com/news/security/nucleus-13-tcp-security-bugs-impact-critical-healthcare-devices/
Researchers today published details about a suite of 13 vulnerabilities in the Nucleus real-time operating system (RTOS) from Siemens that powers devices used in the medical, industrial, automotive, and aerospace sectors. [...]
https://www.bleepingcomputer.com/news/security/nucleus-13-tcp-security-bugs-impact-critical-healthcare-devices/
BleepingComputer
NUCLEUS:13 TCP security bugs impact critical healthcare devices
Researchers today published details about a suite of 13 vulnerabilities in the Nucleus real-time operating system (RTOS) from Siemens that powers devices used in the medical, industrial, automotive, and aerospace sectors.
These invisible characters could be hidden backdoors in your JS code
Could malicious backdoors be hiding in your code, that otherwise appears perfectly clean to the human eye and text editors alike? A security researcher has shed light on how invisible characters can be snuck into JavaScript code to introduce security risks, like backdoors, into your software. [...]
https://www.bleepingcomputer.com/news/security/these-invisible-characters-could-be-hidden-backdoors-in-your-js-code/
Could malicious backdoors be hiding in your code, that otherwise appears perfectly clean to the human eye and text editors alike? A security researcher has shed light on how invisible characters can be snuck into JavaScript code to introduce security risks, like backdoors, into your software. [...]
https://www.bleepingcomputer.com/news/security/these-invisible-characters-could-be-hidden-backdoors-in-your-js-code/
BleepingComputer
These invisible characters could be hidden backdoors in your JS code
Could malicious backdoors be hiding in your code, that otherwise appears perfectly clean to the human eye and text editors alike? A security researcher has shed light on how invisible characters can be snuck into JavaScript code to introduce security risksβ¦
New Android malware targets Netflix, Instagram, and Twitter users
A new Android malware known as MasterFred uses fake login overlays to steal the credit card information of Netflix, Instagram, and Twitter users. [...]
https://www.bleepingcomputer.com/news/security/new-android-malware-targets-netflix-instagram-and-twitter-users/
A new Android malware known as MasterFred uses fake login overlays to steal the credit card information of Netflix, Instagram, and Twitter users. [...]
https://www.bleepingcomputer.com/news/security/new-android-malware-targets-netflix-instagram-and-twitter-users/
BleepingComputer
New Android malware targets Netflix, Instagram, and Twitter users
A new Android malware known as MasterFred uses fake login overlays to steal the credit card information of Netflix, Instagram, and Twitter users.
PhoneSpy: Android spyware campaign targeting South Korean users
An ongoing spyware campaign dubbed 'PhoneSpy' targets South Korean users via a range of lifestyle apps that nest in the device and silently exfiltrate data. [...]
https://www.bleepingcomputer.com/news/security/phonespy-android-spyware-campaign-targeting-south-korean-users/
An ongoing spyware campaign dubbed 'PhoneSpy' targets South Korean users via a range of lifestyle apps that nest in the device and silently exfiltrate data. [...]
https://www.bleepingcomputer.com/news/security/phonespy-android-spyware-campaign-targeting-south-korean-users/
BleepingComputer
PhoneSpy: Android spyware campaign targeting South Korean users
An ongoing spyware campaign dubbed 'PhoneSpy' targets South Korean users via a range of lifestyle apps that nest in the device and silently exfiltrate data.
Microsoft patches Excel zero-day used in attacks, asks Mac users to wait
During this month's Patch Tuesday, Microsoft has patched an Excel zero-day vulnerability exploited in the wild by threat actors. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-excel-zero-day-used-in-attacks-asks-mac-users-to-wait/
During this month's Patch Tuesday, Microsoft has patched an Excel zero-day vulnerability exploited in the wild by threat actors. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-excel-zero-day-used-in-attacks-asks-mac-users-to-wait/
BleepingComputer
Microsoft patches Excel zero-day used in attacks, asks Mac users to wait
During this month's Patch Tuesday, Microsoft has patched an Excel zero-day vulnerability exploited in the wild by threat actors.
TrickBot teams up with Shatak phishers for Conti ransomware attacks
A threat actor tracked as Shatak (TA551) recently partnered with the ITG23 gang (aka TrickBot and Wizard Spider) to deploy Conti ransomware on targeted systems. [...]
https://www.bleepingcomputer.com/news/security/trickbot-teams-up-with-shatak-phishers-for-conti-ransomware-attacks/
A threat actor tracked as Shatak (TA551) recently partnered with the ITG23 gang (aka TrickBot and Wizard Spider) to deploy Conti ransomware on targeted systems. [...]
https://www.bleepingcomputer.com/news/security/trickbot-teams-up-with-shatak-phishers-for-conti-ransomware-attacks/
BleepingComputer
TrickBot teams up with Shatak phishers for Conti ransomware attacks
A threat actor tracked as Shatak (TA551) recently partnered with the ITG23 gang (aka TrickBot and Wizard Spider) to deploy Conti ransomware on targeted systems.
Ironic twist: WP Reset PRO bug lets hackers wipe WordPress sites
A high severity security flaw in the WP Reset PRO WordPress plugin can let authenticated attackers wipe vulnerable websites, as revealed by Patchstack security researchers. [...]
https://www.bleepingcomputer.com/news/security/ironic-twist-wp-reset-pro-bug-lets-hackers-wipe-wordpress-sites/
A high severity security flaw in the WP Reset PRO WordPress plugin can let authenticated attackers wipe vulnerable websites, as revealed by Patchstack security researchers. [...]
https://www.bleepingcomputer.com/news/security/ironic-twist-wp-reset-pro-bug-lets-hackers-wipe-wordpress-sites/
BleepingComputer
Ironic twist: WP Reset PRO bug lets hackers wipe WordPress sites
A high severity security flaw in the WP Reset PRO WordPress plugin can let authenticated attackers wipe vulnerable websites, as revealed by Patchstack security researchers.
Lazarus hackers target researchers with trojanized IDA Pro
A North Korean state-sponsored hacking group known as Lazarus is again trying to hack security researchers, this time with a trojanized pirated version of the popular IDA Pro reverse engineering application. [...]
https://www.bleepingcomputer.com/news/security/lazarus-hackers-target-researchers-with-trojanized-ida-pro/
A North Korean state-sponsored hacking group known as Lazarus is again trying to hack security researchers, this time with a trojanized pirated version of the popular IDA Pro reverse engineering application. [...]
https://www.bleepingcomputer.com/news/security/lazarus-hackers-target-researchers-with-trojanized-ida-pro/
BleepingComputer
Lazarus hackers target researchers with trojanized IDA Pro
A North Korean state-sponsored hacking group known as Lazarus is again trying to hack security researchers, this time with a trojanized pirated version of the popular IDA Pro reverse engineering application.
Researchers show that Appleβs CSAM scanning can be fooled easily
A team of researchers at the Imperial College in London have presented a simple method to evade detection by image content scanning mechanisms, such as Apple's CSAM. [...]
https://www.bleepingcomputer.com/news/technology/researchers-show-that-apple-s-csam-scanning-can-be-fooled-easily/
A team of researchers at the Imperial College in London have presented a simple method to evade detection by image content scanning mechanisms, such as Apple's CSAM. [...]
https://www.bleepingcomputer.com/news/technology/researchers-show-that-apple-s-csam-scanning-can-be-fooled-easily/
BleepingComputer
Researchers show that Appleβs CSAM scanning can be fooled easily
A team of researchers at the Imperial College in London have presented a simple method to evade detection by image content scanning mechanisms, such as Apple's CSAM.
Telnyx is the latest VoIP provider hit with DDoS attacks
Telnyx is the latest VoIP telephony provider targeted with distributed denial-of-service (DDoS) attacks, causing worldwide outages since yesterday. [...]
https://www.bleepingcomputer.com/news/security/telnyx-is-the-latest-voip-provider-hit-with-ddos-attacks/
Telnyx is the latest VoIP telephony provider targeted with distributed denial-of-service (DDoS) attacks, causing worldwide outages since yesterday. [...]
https://www.bleepingcomputer.com/news/security/telnyx-is-the-latest-voip-provider-hit-with-ddos-attacks/
BleepingComputer
Telnyx is the latest VoIP provider hit with DDoS attacks
Telnyx is the latest VoIP telephony provider targeted with distributed denial-of-service (DDoS) attacks, causing worldwide outages since yesterday.
FBI warns of Iranian hackers looking to buy US orgsβ stolen data
The Federal Bureau of Investigation (FBI) warned private industry partners of attempts by an Iranian threat actor to buy stolen information regarding US and worldwide organizations. [...]
https://www.bleepingcomputer.com/news/security/fbi-warns-of-iranian-hackers-looking-to-buy-us-orgs-stolen-data/
The Federal Bureau of Investigation (FBI) warned private industry partners of attempts by an Iranian threat actor to buy stolen information regarding US and worldwide organizations. [...]
https://www.bleepingcomputer.com/news/security/fbi-warns-of-iranian-hackers-looking-to-buy-us-orgs-stolen-data/
BleepingComputer
FBI warns of Iranian hackers looking to buy US orgsβ stolen data
The Federal Bureau of Investigation (FBI) warned private industry partners of attempts by an Iranian threat actor to buy stolen information regarding US and worldwide organizations.
HPE says hackers breached Aruba Central using stolen access key
HPE has disclosed that data repositories for their Aruba Central network monitoring platform were compromised, allowing a threat actor to access collected data about monitored devices and their locations. [...]
https://www.bleepingcomputer.com/news/security/hpe-says-hackers-breached-aruba-central-using-stolen-access-key/
HPE has disclosed that data repositories for their Aruba Central network monitoring platform were compromised, allowing a threat actor to access collected data about monitored devices and their locations. [...]
https://www.bleepingcomputer.com/news/security/hpe-says-hackers-breached-aruba-central-using-stolen-access-key/
BleepingComputer
HPE says hackers breached Aruba Central using stolen access key
HPE has disclosed that data repositories for their Aruba Central network monitoring platform were compromised, allowing a threat actor to access collected data about monitored devices and their locations.
Void Balaur hackers-for-hire sell stolen mailboxes and private data
A hacker-for-hire group called Void Balaur has been stealing emails and highly-sensitive information for more than five years, selling it to customers with both financial and espionage goals [...]
https://www.bleepingcomputer.com/news/security/void-balaur-hackers-for-hire-sell-stolen-mailboxes-and-private-data/
A hacker-for-hire group called Void Balaur has been stealing emails and highly-sensitive information for more than five years, selling it to customers with both financial and espionage goals [...]
https://www.bleepingcomputer.com/news/security/void-balaur-hackers-for-hire-sell-stolen-mailboxes-and-private-data/
BleepingComputer
Void Balaur hackers-for-hire sell stolen mailboxes and private data
A hacker-for-hire group called Void Balaur has been stealing emails and highly-sensitive information for more than five years, selling it to customers with both financial and espionage goals
Careful: 'Smart TV remote' Android app on Google Play is malware
Two Android apps sitting on the Google Play store have been found to contain malware this week. These apps are called 'Smart TV remote' and 'Halloween Coloring'. [...]
https://www.bleepingcomputer.com/news/security/careful-smart-tv-remote-android-app-on-google-play-is-malware/
Two Android apps sitting on the Google Play store have been found to contain malware this week. These apps are called 'Smart TV remote' and 'Halloween Coloring'. [...]
https://www.bleepingcomputer.com/news/security/careful-smart-tv-remote-android-app-on-google-play-is-malware/
BleepingComputer
Careful: 'Smart TV remote' Android app on Google Play is malware
Two Android apps sitting on the Google Play store have been found to contain malware this week. These apps are called 'Smart TV remote' and 'Halloween Coloring'.
Gmail accounts are used in 91% of all baiting email attacks
Bait attacks are on the rise, and it appears that actors who distribute this special kind of phishing emails prefer to use Gmail accounts to conduct their attacks. [...]
https://www.bleepingcomputer.com/news/security/gmail-accounts-are-used-in-91-percent-of-all-baiting-email-attacks/
Bait attacks are on the rise, and it appears that actors who distribute this special kind of phishing emails prefer to use Gmail accounts to conduct their attacks. [...]
https://www.bleepingcomputer.com/news/security/gmail-accounts-are-used-in-91-percent-of-all-baiting-email-attacks/
BleepingComputer
Gmail accounts are used in 91% of all baiting email attacks
Bait attacks are on the rise, and it appears that actors who distribute this special kind of phishing emails prefer to use Gmail accounts to conduct their attacks.
Microsoft: New security updates trigger Windows Server auth issues
Microsoft says users might experience authentication issues on Domain Controllers (DC) running Windows Server. after installing security updates released during the November Patch Tuesday. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-new-security-updates-trigger-windows-server-auth-issues/
Microsoft says users might experience authentication issues on Domain Controllers (DC) running Windows Server. after installing security updates released during the November Patch Tuesday. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-new-security-updates-trigger-windows-server-auth-issues/
BleepingComputer
Microsoft: New security updates trigger Windows Server auth issues
Microsoft says users might experience authentication issues on Domain Controllers (DC) running Windows Server. after installing security updates released during the November Patch Tuesday.