Connect with us


Microsoft patches 71 security vulnerabilities, 3 critical • The Register

Patch Tuesday Microsoft has addressed 71 security flaws, including three critical remote code execution vulnerabilities, in its monthly Patch Tuesday update. The IT giant is confident none of the bugs have been actively exploited. 

One of those critical RCEs is in Microsoft Exchange Server, and labeled CVE-2022-23277. It can be exploited by an authenticated user to “trigger malicious code in the context of the server’s account through a network call,” said Redmond.

Yes, an attacker needs to be authenticated, though Sophos Lab threat researcher Christopher Budd noted: “Given what we’ve seen recently around attacks against Exchange vulnerabilities, the critical severity rating and the nature of the vulnerability makes this an issue that should be patched as soon as possible.”

The other two critical RCEs affect Microsoft’s Video Extensions products. One, CVE-2022-24501, exists in the VP9 Video Extensions app available on the Microsoft Store. An attacker could exploit this flaw by convincing a user to open a malicious video file, which would cause code stashed within the footage to execute on the victim’s machine. Microsoft will automatically update — and patch — affected customers.

Similarly, CVE-2022-22006, is an HEVC Video Extensions remote code execution vulnerability that could be exploited the same way. Microsoft also pushed an automatic patch for this app.

Microsoft also issued fixes for several other products including Office, Windows, Internet Explorer, Defender, and Azure Site Recovery. Dustin Childs at the Zero Day Initiative highlighted a number of vulnerabilities, such as:

  • CVE-2022-21990: Remote-code execution, non-critical. It’s possible to hijack a PC via its RDP client when connecting to a malicious server. Details of this flaw are public, and Childs said this bug should be treated as critical.
  • CVE-2022-24508: Remote-code execution, non-critical. An authenticated user can execute malicious code on Windows 10 version 2004 and newer systems via SMBv3. “This is another one I would treat as critical and mitigate quickly,” said Childs.
  • CVE-2022-24512: Remote-code execution, non-critical. This is in .NET and Visual Studio, and details of the bug are public.
  • And a ton of elevation-of-privilege flaws, particularly CVE-2022-24459 in the Windows Fax and Scan Service of which details are public; CVE-2022-21967 in the Xbox Live Auth Manager for Windows; and CVE-2022-23266 in Defender for IoT (which also has an RCE, CVE-2022-23265.)

Test Microsoft’s patches as necessary, and deploy them as soon as you are able to avoid exploitation.

And the rest

In addition to Microsoft’s relatively light Patch Tuesday, Adobe issued three security updates for Photoshop and rated all of them “priority 3,” its lowest-level ranking bestowed on holes in products that have “historically not been a target for attackers.”

SAP’s March patch day proved slightly more exciting with 17 new and updated security notes. Most of the critical fixes are still Log4j patches. 

SAP Security Note #3154684, which received a perfect 10.0 CVSS score, is one of these Log4j patches. It affects on-premises versions of the SAP Work Manager and SAP Inventory app, both of which run on the SAP Mobile Platform.

Additionally, SAP Security Note #3145987, with a CVSS score of 9.3, patches a missing authentication vulnerability in the SAP Simple Diagnostics Agent. Onapsis Research Labs detected this critical vulnerability, which could allow an attacker to access administrative or other privileged functionalities and read, modify, or delete sensitive information and configurations.

“The only thing that prevents it from being tagged with a CVSS score of 10 is that, for a successful exploit to occur, local OS access to the SAP Focused Run system — or to one of the managed systems — is required,” according to the threat researchers. “However, a successful exploit can lead to a complete compromise of the affected system.” 

Meanwhile, Cisco patched three flaws — one critical, one high, and one medium impact — but said it’s not aware of any of these being actively exploited. 

CVE-2021-1577 is a critical vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller and Cisco Cloud Application Policy Infrastructure Controller. This flaw could allow an unauthenticated, remote attacker to read or write arbitrary files on an affected system.

The second “high impact” vulnerability, CVE-2021-1579, affects the same two Cisco products. It could allow an authenticated, remote attacker with administrator read-only credentials to elevate privileges on an affected system.

Intel has patched two issues in its products: CVE-2021-33150 in Trace Hub, which can be exploited to achieve elevation of privilege; and CVE-2022-0001 and CVE-2022-0002, which can be potentially exploited by software to leak information via the processor’s branch predictor.

Similarly, we’ve spotted AMD is addressing an issue in its processor families in which chips “may transiently execute instructions following an unconditional direct branch that may result in detectable cache activity.” In other words, another Spectre-Meltdown-style data-leaking side-channel via the cache. This is tracked as CVE-2021-26341 and explained in detail, here.

And finally Google announced details about a slew of flaws affecting Android devices in its March security bulletin. The vendor said it will issue source code patches for these vulnerabilities to the Android Open Source Project (AOSP) repository in the next 48 hours.

The most severe Android flaw is a critical security vulnerability in the system component that could lead to remote escalation of privilege with no additional execution privileges or user interaction needed. There’s no sign that kernel privilege-escalation flaw CVE-2022-0847, aka Dirty Pipe, has been addressed, we note. Many Android devices aren’t likely to be vulnerable, anyway, as the bug is present in Linux kernel versions 5.8 and higher. ®

Source link


Top 10 Florida Cities Dominate The Business Startup Landscape In The U.S.

Top 10 Florida Cities And Business Startup Landscape In The U.S.

The Voice Of EU | Florida emerges as a hub for entrepreneurial endeavors, with its vibrant business landscape and conducive environment for startups. Renowned for its low corporate tax rates and a high concentration of investors, the Sunshine State beckons aspiring entrepreneurs seeking fertile grounds to launch and grow their businesses.

In a recent report by WalletHub, Florida cities dominate the list of the top 10 best destinations for business startups, showcasing their resilience and economic vitality amidst challenging times.

From Orlando’s thriving market to Miami’s dynamic ecosystem, each city offers unique advantages and opportunities for entrepreneurial success. Let’s delve into the chronologically listed cities that exemplify Florida’s prominence in the business startup arena.

1. Orlando Leads the Way: Orlando emerges as the most attractive market in the U.S. for business startups, with a remarkable surge in small business establishments. WalletHub’s latest report highlights Orlando’s robust ecosystem, fostering the survival and growth of startups, buoyed by a high concentration of investors per capita.

2. Tampa Takes Second Place: Securing the second spot among large cities for business startups, Tampa boasts a favorable business environment attributed to its low corporate tax rates. The city’s ample investor presence further fortifies startups, providing essential resources for navigating the initial years of business operations.

3. Charlotte’s Diverse Industries: Claiming the third position, Charlotte stands out for its diverse industrial landscape and exceptionally low corporate taxes, enticing companies to reinvest capital. This conducive environment propels entrepreneurial endeavors, contributing to sustained economic growth.

4. Jacksonville’s Rising Profile: Jacksonville emerges as a promising destination for startups, bolstered by its favorable business climate. The city’s strategic positioning fosters entrepreneurial ventures, attracting aspiring business owners seeking growth opportunities.

5. Miami’s Entrepreneurial Hub: Miami solidifies its position as a thriving entrepreneurial hub, attracting businesses with its dynamic ecosystem and strategic location. The city’s vibrant startup culture and supportive infrastructure make it an appealing destination for ventures of all sizes.

6. Atlanta’s Economic Momentum: Atlanta’s ascent in the business startup landscape underscores its economic momentum and favorable business conditions. The city’s strategic advantages and conducive policies provide a fertile ground for entrepreneurial ventures to flourish.

7. Fort Worth’s Business-Friendly Environment: Fort Worth emerges as a prime destination for startups, offering a business-friendly environment characterized by low corporate taxes. The city’s supportive ecosystem and strategic initiatives facilitate the growth and success of new ventures.

8. Austin’s Innovation Hub: Austin cements its status as an innovation hub, attracting startups with its vibrant entrepreneurial community and progressive policies. The city’s robust infrastructure and access to capital foster a conducive environment for business growth and innovation.

9. Durham’s Emerging Entrepreneurship Scene: Durham’s burgeoning entrepreneurship scene positions it as a promising destination for startups, fueled by its supportive ecosystem and strategic initiatives. The city’s collaborative culture and access to resources contribute to the success of new ventures.

10. St. Petersburg’s Thriving Business Community: St. Petersburg rounds off the top 10 with its thriving business community and supportive ecosystem for startups. The city’s strategic advantages and favorable business climate make it an attractive destination for entrepreneurial endeavors.

Despite unprecedented challenges posed by the COVID-19 pandemic, the Great Resignation, and high inflation, these top Florida cities remain resilient and well-equipped to overcome obstacles, offering promising opportunities for business owners and entrepreneurs alike.

Continue Reading


European Startup Ecosystems Awash With Gulf Investment – Here Are Some Of The Top Investors

European Startup Ecosystem Getting Flooded With Gulf Investments

The Voice Of EU | In recent years, European entrepreneurs seeking capital infusion have widened their horizons beyond the traditional American investors, increasingly turning their gaze towards the lucrative investment landscape of the Gulf region. With substantial capital reservoirs nestled within sovereign wealth funds and corporate venture capital entities, Gulf nations have emerged as compelling investors for European startups and scaleups.

According to comprehensive data from Dealroom, the influx of investment from Gulf countries into European startups soared to a staggering $3 billion in 2023, marking a remarkable 5x surge from the $627 million recorded in 2018.

This substantial injection of capital, accounting for approximately 5% of the total funding raised in the region, underscores the growing prominence of Gulf investors in European markets.

Particularly noteworthy is the significant support extended to growth-stage companies, with over two-thirds of Gulf investments in 2023 being directed towards funding rounds exceeding $100 million. This influx of capital provides a welcome boost to European companies grappling with the challenge of securing well-capitalized investors locally.

Delving deeper into the landscape, Sifted has identified the most active Gulf investors in European startups over the past two years.

Leading the pack is Aramco Ventures, headquartered in Dhahran, Saudi Arabia. Bolstered by a substantial commitment, Aramco Ventures boasts a $1.5 billion sustainability fund, alongside an additional $4 billion allocated to its venture capital arm, positioning it as a formidable player with a total investment capacity of $7 billion by 2027. With a notable presence in 17 funding rounds, Aramco Ventures has strategically invested in ventures such as Carbon Clean Solutions and ANYbotics, aligning with its focus on businesses that offer strategic value.

Following closely is Mubadala Capital, headquartered in Abu Dhabi, UAE, with an impressive tally of 13 investments in European startups over the past two years. Backed by the sovereign wealth fund Mubadala Investment Company, Mubadala Capital’s diverse investment portfolio spans private equity, venture capital, and alternative solutions. Notable investments include Klarna, TIER, and Juni, reflecting its global investment strategy across various sectors.

Ventura Capital, based in Dubai, UAE, secured its position as a key player with nine investments in European startups. With a presence in Dubai, London, and Tokyo, Ventura Capital boasts an international network of limited partners and a sector-agnostic investment approach, contributing to its noteworthy investments in companies such as Coursera and Spotify.

Qatar Investment Authority, headquartered in Doha, Qatar, has made significant inroads into the European startup ecosystem with six notable investments. As the sovereign wealth fund of Qatar, QIA’s diversified portfolio spans private and public equity, infrastructure, and real estate, with strategic investments in tech startups across healthcare, consumer, and industrial sectors.

MetaVision Dubai, a newcomer to the scene, has swiftly garnered attention with six investments in European startups. Focusing on seed to Series A startups in the metaverse and Web3 space, MetaVision raised an undisclosed fund in 2022, affirming its commitment to emerging technologies and innovative ventures.

Investcorp, headquartered in Manama, Bahrain, has solidified its presence with six investments in European startups. With a focus on mid-sized B2B businesses, Investcorp’s diverse investment strategies encompass private equity, real estate, infrastructure, and credit management, contributing to its notable investments in companies such as Terra Quantum and TruKKer.

Chimera Capital, based in Abu Dhabi, UAE, rounds off the list with four strategic investments in European startups. As part of a prominent business conglomerate, Chimera Capital leverages its global reach and sector-agnostic approach to drive investments in ventures such as CMR Surgical and Neat Burger.

In conclusion, the burgeoning influx of capital from Gulf investors into European startups underscores the region’s growing appeal as a vibrant hub for innovation and entrepreneurship. With key players such as Aramco Ventures, Mubadala Capital, and Ventura Capital leading the charge, European startups are poised to benefit from the strategic investments and partnerships forged with Gulf investors, propelling them towards sustained growth and success in the global market landscape.

We Can’t Thank You Enough For Your Support!

— By Darren Wilson, Team

— Contact us:

— Anonymous submissions:

Continue Reading


China Reveals Lunar Mission: Sending ‘Taikonauts’ To The Moon From 2030 Onwards

China Reveals Lunar Mission

The Voice Of EU | In a bold stride towards lunar exploration, the Chinese Space Agency has unveiled its ambitious plans for a moon landing set to unfold in the 2030s. While exact timelines remain uncertain, this endeavor signals a potential resurgence of the historic space race reminiscent of the 1960s rivalry between the United States and the USSR.

China’s recent strides in lunar exploration include the deployment of three devices on the moon’s surface, coupled with the successful launch of the Queqiao-2 satellite. This satellite serves as a crucial communication link, bolstering connectivity between Earth and forthcoming missions to the moon’s far side and south pole.

Unlike the secretive approach of the Soviet Union in the past, China’s strategy leans towards transparency, albeit with a hint of mystery surrounding the finer details. Recent revelations showcase the naming and models of lunar spacecraft, steeped in cultural significance. The Mengzhou, translating to “dream ship,” will ferry three astronauts to and from the moon, while the Lanyue, meaning “embrace the moon,” will descend to the lunar surface.

Drawing inspiration from both Russian and American precedents, China’s lunar endeavor presents a novel approach. Unlike its predecessors, China will employ separate launches for the manned module and lunar lander due to the absence of colossal space shuttles. This modular approach bears semblance to SpaceX’s Falcon Heavy, reflecting a contemporary adaptation of past achievements.

Upon reaching lunar orbit, astronauts, known as “taikonauts” in Chinese, will rendezvous with the lunar lander, reminiscent of the Apollo program’s maneuvers. However, distinct engineering choices mark China’s departure from traditional lunar landing methods.

The Chinese lunar lander, while reminiscent of the Apollo Lunar Module, introduces novel features such as a single set of engines and potential reusability and advance technology. Unlike past missions where lunar modules were discarded, China’s design hints at the possibility of refueling and reuse, opening avenues for sustained lunar exploration.

China Reveals Lunar Mission: Sending 'Taikonauts' To The Moon From 2030 Onwards
A re-creation of the two Chinese spacecraft that will put ‘taikonauts’ on the moon.CSM

Despite these advancements, experts have flagged potential weaknesses, particularly regarding engine protection during landing. Nevertheless, China’s lunar aspirations remain steadfast, with plans for extensive testing and site selection underway.

Beyond planting flags and collecting rocks, China envisions establishing a permanent lunar base, the International Lunar Research Station (ILRS), ushering in a new era of international collaboration in space exploration.

While the Artemis agreements spearheaded by NASA have garnered global support, China’s lunar ambitions stand as a formidable contender in shaping the future of space exploration. In conclusion, China’s unveiling of its lunar ambitions not only marks a significant milestone in space exploration but also sets the stage for a new chapter in the ongoing saga of humanity’s quest for the cosmos. As nations vie for supremacy in space, collaboration and innovation emerge as the cornerstones of future lunar endeavors.

Continue Reading


Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!