Critical vulnerabilities in Adobe Commerce and Magento, Microsoft tightens Windows security and bugs found in Moxa MXview.
Welcome to Cyber Security Today. Today is Monday, February 14. I’m Howard Solomon, contributing cybersecurity reporter for ITWorldCanada.com.
e-commerce administrators whose websites use Adobe Commerce or Magento are encouraged to install the latest updates to close a critical vulnerability. Successful exploitation could allow an attacker to execute arbitrary code. Adobe said on Sunday that the vulnerability had been exploited in the wild “in very limited attacks.” Versions greater than Adobe Commerce 2.3.3 are affected.
Windows administrators should know that Microsoft has quietly made a change to make it harder for hackers to steal operating system usernames and passwords. As reported by Bleeping Computer, a researcher noted that Microsoft changed a default attack surface reduction rule to block credential theft in Defender. The default was Not Configured. Now it will be configured. This prevents a portion of memory that might have credentials from being captured by a hacker. The article states that the solution is only good on systems running Microsoft Defender as the primary antivirus system.
Finally, Network administrators using Moxa’s MXview network management software should install the latest security update. Cisco Systems researchers found two vulnerabilities in the web version of the platform that could allow an attacker to sniff traffic and obtain enough information to exploit the bug and view unencrypted network communications. An attacker could exploit another vulnerability to gain access to the device without any prior authorization by sending a specially crafted HTTP request.
That’s all for today. Remember that links to podcast story details are in the text version on ITWorldCanada.com. This is where you will also find other stories of mine.
You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.