Critical vulnerabilities in Adobe Commerce and Magento, Microsoft ups Windows security and bugs found in Moxa MXview.
Welcome to Cyber Security Today. It’s Monday February 14th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Ecommerce Administrators whose websites use Adobe Commerce or Magento are urged to install the latest updates to close a critical vulnerability. Successful exploitation could allow an attacker to run arbitrary code. Adobe said Sunday the vulnerability has been exploited in the wild “in very limited attacks.” Versions above Adobe Commerce 2.3.3 are affected.
Windows administrators should know that Microsoft has quietly made a change to make it harder for hackers to steal usernames and passwords from the operating system. As reported by Bleeping Computer, a researcher noted that Microsoft changed a default Attack Surface Reduction rule to block credential-stealing in Defender. The default had been Not Configured. Now it will be Configured. This prevents a portion of memory that might have credentials from being captured by a hacker. The article says the solution is only good on systems running Microsoft Defender as the primary antivirus system.
Finally, network administrators using Moxa’s MXview network management software should install the latest security update. Researchers at Cisco Systems discovered two vulnerabilities in web version of the platform that could allow an attacker to sniff traffic and gain enough information to exploit the bug and view unencrypted network communication. An attacker could exploit another vulnerability to access the device without any prior authorization by sending a specially crafted HTTP request.
That’s it for today. Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.