Cyber Security Today, Feb. 14, 2022 – Critical vulnerabilities in Adobe Commerce and Magento, Microsoft ups Windows security and bugs found in Moxa MXview

Critical vulnerabilities in Adobe Commerce and Magento, Microsoft ups Windows security and bugs found in Moxa MXview.

Welcome to Cyber Security Today. It’s Monday February 14th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

 

E-commerce administrators whose websites use Adobe Commerce or Magento are urged to install the latest updates to close a critical vulnerability. Successful exploitation could allow an attacker to run arbitrary code. Adobe said Sunday the vulnerability has been exploited in the wild “in very limited attacks.” Versions above Adobe Commerce 2.3.3 are affected.

Windows administrators should know that Microsoft has quietly made a change to make it harder for hackers to steal usernames and passwords from the operating system. As reported by Bleeping Computer, a researcher noted that Microsoft changed a default Attack Surface Reduction rule to block credential-stealing in Defender. The default had been Not Configured. Now it will be Configured. This prevents a portion of memory that might have credentials from being captured by a hacker. The article says the solution is only good on systems running Microsoft Defender as the primary antivirus system.

Finally, network administrators using Moxa’s MXview network management software should install the latest security update. Researchers at Cisco Systems discovered two vulnerabilities in web version of the platform that could allow an attacker to sniff traffic and gain enough information to exploit the bug and view unencrypted network communication. An attacker could exploit another vulnerability to access the device without any prior authorization by sending a specially crafted HTTP request.

That’s it for today. Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.

You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Sponsored By:

Cyber Security Today Podcast