Industries: Retail

What You Need to Know: Over the Fourth of July weekend, Google released a patch for a high-severity zero-day Chrome vulnerability. The vulnerability is being exploited in the wild and affects Google Chrome and other chromium-based browsers. The heap-based buffer overflow vulnerability is found in the WebRTC (Web-Real-Time Communications) component. The vulnerability is being tracked

What You Need to Know: A ransomware attack was deployed against an unnamed target, using Mitel’s VoIP appliance an entry point. CVE-2022-29499 is actively being used by attackers to achieve remote code execution and to gain initial access to their victim’s environment. The vulnerability is rated 9.8 in severity on the CVSS vulnerability scoring system.

What You Need to Know: Today, VMware issued patches for two security flaws discovered in Workspace ONE Access, Identity Manager, and vRealize Automation. The vulnerabilities are tracked as CVE-2022-22972 and CVE-2022-22973 and could be exploited to backdoor enterprise networks. The first vulnerability, CVE-2022-22972 has a critical CVSS score of 9.8 and is an authentication bypass

What You Need to Know: This week, ESET researchers discovered three new cyberattacks against Ukraine: HermeticWizard, HermeticRansom, and IsaacWiper. There is a new exploit, HermeticWizard, which spreads HermeticWiper across local networks via WMI and SMB. HermeticWizard is a worm that was deployed on a Ukrainian system on February 23, 2022. The malware starts by trying