Security

HP has acknowledged that its several printer models are vulnerable to a new critical buffer overflow bug that can potentially lead to remote code execution (RCE). This latest security flaw is being tracked under CVE-2022-3942, and it was first discovered by Trend Micro’s Zero Day Initiative team. As noted in a post by Bleeping Computer,…

Last week, the infamous hacker group Lapsus$ claimed that it had breached several Azure DevOps source code repositories. Microsoft is currently investigating claims of this hack, but the source code of Bing, Bing Maps, Cortana, and other internal projects may have been leaked online (via VentureBeat). Over the weekend, the hacker group Lapsus$ posted a…

The US Cybersecurity and Infrastructure Security Agency (CISA) and FBI released an alert about a Russian state-backed activity that allowed hackers to bypass multi-factor authentication (MFA) and exploit a security flaw to compromise networks. The security advisory indicates that the cyberattacks targeting a non-governmental organization (NGO) started back in May 2021. The threat actors leveraged…

German federal cybersecurity agency BSI has warned its citizens against using antivirus products from Russian-based Kaspersky Lab. The security agency has issued a statement today saying that the Kaspersky antivirus software could be exploited in launching cyberattacks amid Russia’s ongoing war in Ukraine. The advisory did not accuse Kaspersky Lab of any specific security violations,…

Here’s a look at what you need to know QNAP has issued an advisory about a new Dirty Pipe Linux vulnerability that affects a wide range of Network Attached Storage (NAS) devices. It allows attackers to overwrite data in arbitrary read-only files. The Dirty Pipe security flaw affects all NAS devices running kernel version 5.10.60….

Microsoft has added support for action accounts to its Microsoft Defender for Identity solution. The new action accounts feature was spotted by Twitter user @JimSycurity earlier this week, and it is now generally available for all enterprise customers worldwide. The action accounts setting allows IT Admins to take actions (such as reset their password or…

Last week, security researchers revealed that a hacking group had been involved in using leaked Nvidia code-signing certificates for malware purposes. As reported by Bleeping Computer, two expired certificates are currently being used by threat actors to gain remote access and install malicious drivers on targeted Windows machines. For those unfamiliar, Windows requires that all…

Microsoft has announced the general availability of Microsoft Defender for Business, a new endpoint security offering designed for small and medium-sized businesses (SMBs). The new security offering was first unveiled at Ignite 2021, and it began rolling out in preview to select Microsoft 365 Business Premium customers back in December. Microsoft describes Microsoft Defender for…

Google has announced its plans to acquire Mandiant, a US-based cyber security company, in an all-cash deal valued at $5.4 billion. The software giant says that this new acquisition will help to improve its security offerings to better protect Google Cloud customers. Once the deal closes, Mandiant will join Google’s cloud computing business, which should…

Microsoft released 71 fixes this month, 3 of which are rated Critical and 68 Important. While three are publicly known at the time they were released, none are believed to be in active use by hackers. Windows and Windows Server Microsoft released an update for CVE-2022-21990, which is a Remote Desktop Client (RDP) remote code…