Welcome to the latest edition of the Neu Cyber Threats, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, malware including Ransomware and DDoS, in order to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:

 

Dropbox

Urgent: Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit

It’s the second Tuesday of the month, and Microsoft has released another set of security updates to fix a total of 97 flaws impacting its software, one of which has been actively exploited in ransomware attacks in the wild.

Seven of the 97 bugs are rated Critical and 90 are rated Important in severity. Interestingly, 45 of the shortcomings are remote code execution flaws, followed by 20 elevation of privilege vulnerabilities. The updates also follow fixes for 26 vulnerabilities in its Edge browser that were released over the past month.

The security flaw that’s come under active exploitation is CVE-2023-28252 (CVSS score: 7.8), a privilege escalation bug in the Windows Common Log File System (CLFS) Driver.

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft said in an advisory, crediting researchers Boris Larin, Genwei Jiang, and Quan Jin for reporting the issue.

Microsoft angers admins as April Patch Tuesday delivers password feature without migration guidance

Microsoft’s April 2023 Patch Tuesday delivered not just the usual score of security fixes for Windows admins, but also a new feature that has attracted criticism from the IT community.

The Windows 11 22H2 KB5025239 cumulative update, among other fixes and features, delivers the new Windows Local Administrator Password Solution (LAPS) to IT teams managing both on-prem and cloud environments.

Microsoft LAPS manages and backs up local admin account passwords on Azure Active Directory-joined devices.

It’s seen as one of the most secure ways to ensure unauthorized users aren’t able to access things they’re not supposed to.

Lawsuit concerning HP’s “fraudulent” printing supply sales resurrected following appeal

A lawsuit against HP alleging the company defrauded investors is set to continue after a US appeals court reversed a ruling which dismissed the case.

The case was previously dismissed amid claims that complainants had filed a legal challenge too late.

However, the 9th US Circuit Court of Appeals overturned the decision on Tuesday, potentially paving the way for a renewed challenge.

Complainants in the case argue that HP misled shareholders by making “fraudulent statements” about its printing supplies business in 2015 and 2016.

If you are concerned about any cyber security issues within your business, contact us today on 01283 753 333 or email hello@neuways.com.