CVE-2022-41128

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Evil, pure and simple

North Korea has hit a new low, using the death of over 150 people to exploit a zero-day flaw in Internet Explorer. Google’s Threat Analysis Group on Wednesday spotted the flaw, CVE-2022-41128, an RCE bug in the JScript9 scripting language engine. Microsoft fixed it in November 2022’s patch dump. But Google says the North Korean government-backed actors known as APT37 created an exploit for the flaw and embedded it in a document titled ““221031 Seoul Yongsan Itaewon accident response situ...

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources FTX Japan payment promise evaporates; VR/AR to boom across APAC; Google wins privacy case

Asia In Brief Australia's home affairs and cybersecurity minister Clare O'Neill has given the nation a goal of becoming the world's most cyber secure nation by 2030. "I believe that is possible. But we need a reset, and a pathway to get there," the minister said in a speech late last week, in which she described the 2030 goal as the hoped-for outcome of a new cyber security strategy the government will develop. The minister outlined four goals for that strategy: You want details? Sorry, hard to ...

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Plus: Fixes from Intel, AMD, Citrix and more

Patch Tuesday November's Patch Tuesday also falls on election day in the US, so let's hope that democracy fares better than Microsoft, which reported six of today's bugs are already being exploited in the wild by miscreants. Another 22 vulnerabilities in the Windows giant's products have been labeled "more likely to be exploited" than not. Also, shockingly, Adobe skipped the monthly patch party. "Heads-up that Adobe does not have regularly scheduled updates planned for today," a spokesperson tol...