Cybersecurity, CISA adds CVE-2022-26134 to its Known Exploited Vulnerabilities Catalog
It’s a critical zero-day flaw in Atlassian’s Confluence Server and Data Center. The company patched it, but It’s actively exploited.
Cybercrime, EXOTIC LILY works with Conti and others as AIB
Google TAG cybersecurity experts: The group is the opportunistic locksmiths of the security world. It leverages legitimate file-sharing services to deliver malware.
Cybersecurity, Apple patches the zero-day flaw CVE-2022-22620
Security updates for iOS, iPadOS (15.3.1) and macOS (Monterey 12.2.1). The vulnerability is actively exploited by cybercrime actors.
Cybersecurity, Apple fixes two zero-day critical vulnerabilities
One is the CVE-2022-22587 and the other, the CVE-2022-22594. The first one is already actively exploited by cybercrime actors.
Cybersecurity, new zero-day vulnerability on Windows despite the last patch
Abdelhamid Naceri discovered a flaw, which bypass the CVE-2021-41379 security update. It allows a privilege escalation to admin level.
Cybersecurity, serious vulnerability on SolarWinds Serv-U
Yoroi: All versions up to 15.2.3 HF1 are involved and there have already been targeted cybercrime attacks. Update the systems now!
Cybersecurity, Kaseya patches the VSA zero-day vulnerabilities used by REvil
Bleeping Computer: The cybercrime ransomware gang probably exploited one or a combination of CVE-2021-30116, CVE-2021-30119, and CVE-2021-30120.
Cybersecurity, the PrintNightmare flaw has been patched in all Windows versions
Microsoft released the emergency security update KB5004948 for the Print Spooler critical zero-day vulnerability, the CVE-2021-34527.
Cybersecurity, disable the Windows Print Spooler service on servers not used for printing
The US CISA: An attacker could exploit the critical PrintNightmare zero-day vulnerability to take control of an affected system.
Cybersecurity, Zero-day exploit in Desktop Window Manager
It’s the CVE-2021-28310, discovered by Kaspersky and linked to escalation of privilege (EoP). It has just been patched, but cybercrime use it.