Invinsense Cybersecurity Newsletter 24-Jan-22

2022-01-24


Patch Notes

  • Adobe Patches Reader Flaws That Earned Hackers $150,000 at Chinese Contest

  • First Patch Tuesday of 2022 Brings Fix for a Critical ‘Wormable’ Windows Vulnerability

  • Apple Releases iPhone and iPad Updates to Patch HomeKit DoS Vulnerability

  • Cisco Patches Critical Vulnerability in Contact Center Products

  • GitLab shifts left to patch high-impact vulnerabilities

  • Firefox fixes fullscreen notification bypass bug that could have led to convincing phishing campaigns

Cyber Attacks

Malware and Vulnerabilities

  • New SysJoker backdoor targets Windows, macOS, and Linux

  • IP spoofing bug leaves Django REST applications open to DDoS, password-cracking attacks

  • Critical SonicWall NAC Vulnerability Stems from Apache Mods

  • Microsoft: New critical Windows HTTP vulnerability is wormable

  • Threat actors can bypass malware detection due to Microsoft Defender weakness

  • Three Plugins with Same Bug Put 84K WordPress Sites at Risk

Cyber Tech

  • New KCodes NetUSB Bug Affect Millions of Routers from Different Vendors

  • A New Approach to Detect Stealthy Malware on IoT Devices

  • NoReboot - Faking iPhone Shutdown and Reboot

  • Introducing vAPI – an open source lab environment to learn about API security

Download Newsletter