Security

Cybersecurity researchers have found that attackers are exploiting the recently discovered Windows zero-day flaw dubbed “Follina” to infect victims’ computers with Qbot malware. Qbot operators have also teamed up with the Black Basta group to spread ransomware. Qbot, also known as QuakBot QakBot, and Pinkslipbot, was first identified in 2008 as a trojan capable of…

Atlassian has released new security updates to fix a critical flaw affecting its Confluence Server and Data Center products. The vulnerability, tracked as CVE-2022-26134, allows for unauthenticated remote code execution on unpatched servers. The zero-day security flaw was disclosed by security company Volexity last week, and it impacts all supported versions (except those hosted on…

Atlassian has published a security advisory about a new critical flaw impacting its Confluence Server and Data Center products. The company warned IT teams that the security vulnerability could lead to unauthenticated remote code execution (RCE). The security vulnerability, tracked as CVE-2022-26134, was discovered by the cybersecurity company Volexity. Atlassian released an advisory about the…

Security researchers have discovered a new zero-day vulnerability that allows hackers to launch a Windows search window via malicious Word documents. The security flaw exists in the Windows search protocol handler (search-ms) that allows applications and links to open searches for malicious attacks. According to Bleeping Computer, an attacker could abuse the protocol handler to…

What is rugged DevOps? DevOps on treads? Not so fast.

Microsoft has unveiled enhancements coming to the Learn platform during its Build 2022 developer conference. The Redmond giant is expanding its Microsoft Learn portfolio with a bunch of new and updated training and certifications for security experts and IT administrators. Microsoft Learn is a free online training platform that provides interactive and hands-on training sessions…

Microsoft has announced some improvements coming to the preset security policies in Defender for Office 365 solution this summer. These policy changes should help IT admins use Microsoft’s recommended settings. According to Microsoft, the preset security policies enable organizations to apply all recommended settings to Office 365 users. The list includes Strict protection, Standard protection,…

Microsoft has published an advisory about a distributed denial-of-service (DDoS) malware called XorDdos that is targeting Linux endpoints and servers. The company has warned that its security researchers have detected a 254 percent surge in the malware’s activity during the last six months. The security research group MalwareMustDie first discovered the XorDDoS malware back in…

The Cybersecurity and Infrastructure Security Agency (CISA) has warned US government agencies to immediately patch critical vulnerabilities in VMware products. The security authority instructed all federal agencies to remove the actively exploited VMware offerings from their networks if patches can’t be applied by May 23, 2022. VMware recently disclosed multiple security flaws in five different…

The US Cybersecurity and Infrastructure Security Agency (CISA) has temporarily removed the security flaw CVE-2022-26925 from its Known Exploited Vulnerability Catalog. It has warned that IT admins should not install the May 2021 Patch Tuesday updates on Windows Servers used as domain controllers due to the risk of authentication failures. The security advisory comes amid…