Cisco releases patches to address a new set of critical vulnerabilities affecting Expressway Series and TelePresence Video Communication Server that could allow attackers to gain elevated privileges and execute arbitrary code.

Read: https://thehackernews.com/2022/03/critical-patches-issued-for-cisco.html

Researchers demonstrate what they say is the "first side-channel attack" on homomorphic encryption, which could be exploited to leak data during the encryption process.

Read details: https://thehackernews.com/2022/03/researchers-demonstrate-new-side.html

Russian government has published a list of 17,576 IP addresses and 166 domains allegedly used in a series of DDoS attacks on the country's domestic infrastructure.

Read details: https://thehackernews.com/2022/03/russia-releases-list-of-ips-domains.html

A new vulnerability (CVE-2021-4191) affects thousands of GitLab instances that could allow a remote, unauthenticated attacker to access user-related information.

https://thehackernews.com/2022/03/new-security-vulnerability-affects.html

Patched versions 14.8.2, 14.7.4, 14.6.5 issued for self-managed servers.

Both sides in the Russia-Ukraine war are heavily leveraging Telegram messenger to coordinate hacking activities, leak data, and spread disinformation.

Read: https://thehackernews.com/2022/03/both-sides-in-russia-ukraine-war.html

Imperva has reported that the website of one of its customers was recently the target of a ransom-driven DDoS attack that reached a peak of 2.5 million requests per second (RPS).

Read details: https://thehackernews.com/2022/03/imperva-thwarts-25-million-rps-ransom.html

U.S. cybersecurity agency CISA has added a new batch of 95 actively exploited flaws to its "Known Exploited Vulnerabilities Catalog."

Read: https://thehackernews.com/2022/03/cisa-adds-another-95-flaws-to-its.html

Researchers warn of a new high-risk vulnerability (CVE-2022-0492) affecting the Linux kernel's cgroups feature that could potentially be abused to escape a container to execute arbitrary commands on the host.

Read details: https://thehackernews.com/2022/03/new-linux-kernel-cgroups-vulnerability.html

Mozilla has warned hundreds of millions of Firefox users about newly discovered 0-day bugs (CVE-2022-26485, CVE-2022-26486) that are being exploited in the wild.

https://thehackernews.com/2022/03/2-new-mozilla-firefox-0-day-bugs-under.html

Update to Firefox 97.0.2, ESR 91.6.1, Android v97.3.0, Focus 97.3.0 & Thunderbird 91.6.2.

Ukrainian Computer Emergency Response Team (CERT-UA) warns of new phishing attacks against its citizens using compromised email accounts from Indian entities.

Read: https://thehackernews.com/2022/03/ukrainian-cert-warns-citizens-of.html

Newly disclosed vulnerabilities in the operating system for TerraMaster NAS devices can be chained to achieve unauthorized RCE with highest privileges.

https://thehackernews.com/2022/03/critical-bugs-in-terramaster-tos-could.html

Bugs found by Ethiopian cybersecurity firm OctagonNetworks have been patched in v4.2.30 or higher.

Researchers have disclosed details of a now-patched Microsoft Azure automation vulnerability — dubbed AutoWarp — that could have allowed attackers unauthorized access to other Azure customer accounts.

Details: https://thehackernews.com/2022/03/microsoft-azure-autowarp-bug-could-have.html

Researchers warn of a new vulnerability (CVE-2022-0847) in the Linux kernel, dubbed "Dirty Pipe," which could allow an attacker to overwrite arbitrary data and take complete control of a system.

Details: https://thehackernews.com/2022/03/researchers-warn-of-linux-kernel-dirty.html

A series of newly discovered security vulnerabilities — dubbed "Access:7" — in PTC's Axeda software affects hundreds of thousands of ATMs, vending machines, SCADA systems, medical devices and IoT devices.

Read details: https://thehackernews.com/2022/03/critical-access7-supply-chain.html

Samsung confirms a security breach that led to the exposure of internal company data, including the source code related to its Galaxy smartphones.

Read details: https://thehackernews.com/2022/03/samsung-confirms-data-breach-after.html

Google is officially buying cybersecurity company Mandiant in an all-cash deal approximately valued at $5.4 billion.

Read: https://thehackernews.com/2022/03/google-buys-cybersecurity-firm-mandiant.html

Google warns that Russian and Belarusian hackers are targeting Ukraine and European allies through phishing attacks.

Read details: https://thehackernews.com/2022/03/google-russian-hackers-target.html

Researchers have discovered 16 new high-severity vulnerabilities in UEFI firmware affecting millions of HP devices, including laptops, desktops, PoS systems and edge computing nodes.

Read details: https://thehackernews.com/2022/03/new-16-high-severity-uefi-firmware.html

Researchers have uncovered 3 critical vulnerabilities in the Pascom Cloud Phone System (CPS) that could be combined to achieve full pre-authenticated remote code execution of affected systems.

Details: https://thehackernews.com/2022/03/critical-rce-bugs-found-in-pascom-cloud.html

Cybersecurity researchers at Mandiant have revealed that China-backed APT41 hacker group compromised at least 6 state government networks in the United States between May 2021 and February 2022.

Read details: https://thehackernews.com/2022/03/chinese-apt41-hackers-broke-into-at.html

Patch Tuesday, March 2022: In addition to Microsoft, Adobe, and Google, the following major software vendors have also released patches to fix various security vulnerabilities:

—Cisco
—Citrix
—HP
—Intel
—Juniper Networks
—Linux distributions
— Mozilla Firefox and ESR
—SAP
—Schneider Electric, and
—Siemens

https://thehackernews.com/2022/03/critical-security-patches-issued-by.html