May 2022 - Securezoo

Microsoft issues workaround for Windows Support Diagnostic Tool “Follina” Vulnerability

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / May 31, 2022 May 31, 2022

Microsoft has issued a workaround for a vulnerability in its Microsoft Support Diagnostic Tool (MSDT) “Follina” vulnerability CVE-2022-30190 in Windows.

CISA adds 75 vulnerabilities to Known Exploited Vulnerabilities Catalog

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / May 28, 2022 May 31, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has added more than 75 vulnerabilities to its Known Exploited Vulnerabilities Catalog, to include Cisco, Microsoft, Adobe, Oracle, Linux vulnerabilities and more.

Drupal patches High risk Guzzle third-party library vulnerability (CVE-2022-29248)

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / May 28, 2022 May 28, 2022

Drupal has patched a High risk Guzzle third-party library vulnerability (CVE-2022-29248) that affects multiple versions of Drupal Core.

Zoom patches XMPP vulnerability chain that could allow an attacker to compromise user over Zoom chat

Cybersecurity Attacks, Messaging Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / May 26, 2022 May 26, 2022

Zoom recommends users upgrade their Zoom client to version 5.10.0 to fix an XMPP vulnerability chain that could enable an attacker to execute remote code and compromise another user over Zoom chat.

Google releases Chrome 102 security updates with fixes for 32 vulnerabilities (1 Critical)

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / May 25, 2022 May 25, 2022

Google has released Chrome for Windows (102.0.5005.61/62/63) and Chrome 102.0.5005.61 for Mac and Linux, with fixes for 32 vulnerabilities.

Mozilla fixes 2 Critical vulnerabilities in Firefox 100.0.2

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / May 25, 2022 May 25, 2022

The Mozilla Foundation has patched two Critical risk vulnerabilities in Firefox 100.0.2. An attacker could exploit these vulnerabilities to take control of impacted systems.

XorDdos: DDoS malware targets Linux systems

Cybersecurity Attacks, Malware / By Frank Crast / May 21, 2022 May 21, 2022

Over the past six months, Microsoft has observed a spike in cyberactivity of 254% from XorDdos, a trojan targeting Linux-based cloud systems and Internet of Things (IoT) devices.

Apache patches High risk Tomcat vulnerability (CVE-2022-25762)

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / May 20, 2022 May 20, 2022

The Apache Software Foundation has patched a High risk Apache Tomcat ‘Request Mix-up’ vulnerability CVE-2022-25762.

ISC fixes High risk BIND vulnerability (CVE-2022-1183)

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / May 20, 2022 May 20, 2022

The Internet Systems Consortium (ISC) has released a security update that fixes a High risk vulnerability CVE-2022-1183 in multiple versions of ISC Berkeley Internet Name Domain (BIND).

Apple patches vulnerabilities in multiple products (CVE-2022-22675 exploited in the wild)

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / May 20, 2022 May 20, 2022

Apple has released security updates for Apple iOS 15.5, macOS Monterey 12.4, macOS Big Sur 11.6.6, and other products. Apple is aware of known exploits in the wild for a zero-day vulnerability CVE-2022-22675 that affects macOS Big Sur, watchOS, and tvOS.

Month: May 2022