…make sure that you check carefully before installing any on your systems: Malicious extension lets attackers control Google Chrome remotely (bleepingcomputer.com) Malicious extensions also exist for all the other browsers out there not just Google Chrome.
Yesterday was Patch Tuesday
It comes round every month – make sure your team has updated. Here is a link to Lawrence Abrams’ excellent roundup of the updates and patches from Microsoft at Bleeping Computer. It includes details of the zero-day vulnerabilities patched: Microsoft November 2022 Patch Tuesday fixes 6 exploited zero-days, 68 flaws …
VMware – vulnerabilities in their remote-control software
There are many, many users of VMware, I use it, so any vulnerability is critical especially as the VMware is designed for controlling systems! VMware warns of three critical flaws in remote-control tool • The Register
CISA adds seven vulnerabilities to the Known Exploited Vulnerabilities Catalog
The US government Cybersecurity and Infrastructure Security Agency has issued security advisories for Microsoft and Samsung products: CISA Adds Seven Known Exploited Vulnerabilities to Catalog | CISA
More on multi-factor authentication
Last week I wrote about some of the issues with multi-factor authentication: On the same day that I published, The Register also ran an article looking at MFA issues. I am continuing my story next week, but Jeff Burt’s article is worth reading as the more you know about this …
