Security News Bundle Update

Google has issued an emergency security update for Chrome 99 to resolve a vulnerability for which a public exploit already exists. read more

Western Digital fixed a critical flaw affecting My Cloud OS 5 devices that allowed attackers to gain remote code execution with root privileges. Western Digital has addressed a critical vulnerability, tracked as CVE-2021-44142 , that could have allowed attackers to gain remote code execution with root privileges on unpatched My Cloud OS 5 devices. The CVE-2021-44142 flaw affects the following dev

Sophos has addressed a critical vulnerability, tracked as CVE-2022-1040, in its Sophos Firewall that allows remote code execution (RCE). Sophos has fixed an authentication bypass vulnerability, tracked as CVE-2022-1040, that resides in the User Portal and Webadmin areas of Sophos Firewall. The CVE-2022-1040 flaw received a CVSS score of 9.8 and impacts Sophos Firewall versions 18.5 MR3 (18.5.3) a

Windows 11 version 22H2 aka Sun Valley 2 is set to launch later this year. Unlike the original Windows 11 release, it won’t be a massive update with radical design changes. Instead, Sun Valley 2 will be similar to Windows 10 Anniversary Update, so you can expect minor improvements and a few new features. […]

The Hive ransomware operation has converted their VMware ESXi Linux encryptor to the Rust programming language and added new features to make it harder for security researchers to snoop on victim’s ransom negotiations. […]

This post provides a timeline of the events related to the Russian invasion of Ukraine from the cyber security perspective. March 25 – Anonymous leaked 28GB of data stolen from the Central Bank of Russia Anonymous announced that the affiliate group Black Rabbit World has leaked 28 GB of data stolen from the Central Bank of Russia March 25 – Chinese threat actor Scarab targets Ukraine, CERT-UA war

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here . FCC adds Kaspersky to Covered List due to unacceptable risks to national security Anonymous leaked 28GB of data stolen from the Central Bank of Ru

Okta has admitted that it made a mistake delaying the disclosure of hack from the Lapsus$ data extortion group that took place in January. Additionally, the company has provided a detailed timeline of the incident and its investigation activities. […]

The US Cybersecurity and Infrastructure Security Agency (CISA) added 66 new flaws to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added 15 vulnerabilities to its Known Exploited Vulnerabilities Catalog . ⓘ According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , F