Tag: cyber security news today

A newly discovered malware has been put to use in the wild at least since March 2021 to backdoor Microsoft Exchange servers belonging to a wide range of entities worldwide, with infections lingering in 20 organizations as of June 2022. Dubbed SessionManager, the malicious tool masquerades as a module for Internet Information Services (IIS), a … Read More “New ‘SessionManager’ Backdoor Targeting Microsoft IIS Servers in the Wild” »

Your smartphone is your daily companion. The chances are that most of our activities rely on them, from ordering food to booking medical appointments. However, the threat landscape always reminds us how vulnerable smartphones can be. Consider the recent discovery by Oversecured, a security startup. These experts observed the dynamic code loading and its potential … Read More “Overview of Top Mobile Security Threats in 2022” »

A security flaw in Apple Safari that was exploited in the wild earlier this year was originally fixed in 2013 and reintroduced in December 2016, according to a new report from Google Project Zero. The issue, tracked as CVE-2022-22620 (CVSS score: 8.8), concerns a case of a use-after-free vulnerability in the WebKit component that could … Read More “Google Researchers Detail 5-Year-Old Apple Safari Vulnerability Exploited in the Wild” »

Microsoft on Tuesday rolled out fixes for as many as 74 security vulnerabilities, including one for a zero-day bug that’s being actively exploited in the wild. Of the 74 issues, seven are rated Critical, 66 are rated Important, and one is rated low in severity. Two of the flaws are listed as publicly known at … Read More “Microsoft Releases Fix for New Zero-Day with May 2022 Patch Tuesday Updates” »

A security flaw in the Windows Print Spooler component that was patched by Microsoft in February is being actively exploited in the wild, the US Cybersecurity and Infrastructure Security Agency (CISA) has warned. To that end, the agency has added the shortcoming to its Known Exploited Vulnerabilities Catalog, requiring Federal Civilian Executive Branch (FCEB) agencies … Read More “Hackers Exploiting Recently Reported Windows Print Spooler Vulnerability in the Wild” »

Microsoft last week announced that it intends to make generally available a feature called Autopatch as part of Windows Enterprise E3 in July 2022. “This service will keep Windows and Office software on enrolled endpoints up-to-date automatically, at no additional cost,” said Lior Bela, senior product marketing manager at Microsoft, in a post last week. … Read More “Microsoft’s New Autopatch Feature To Help Businesses Keep Their Systems Up-to-Date” »

The US Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Energy (DoE) are jointly warning of attacks against internet-connected uninterruptible power supply (UPS) devices by means of default usernames and passwords. “Organizations can mitigate attacks against their UPS devices, which provide emergency power in a variety of applications when normal power sources are … Read More “CISA Warns of Ongoing Cyber ​​Attacks Targeting Internet-Connected UPS Devices” »