[NCSC-FI News] CISA Temporarily Removes CVE-2022-26925 from Known Exploited Vulnerability Catalog

CISA is temporarily removing CVE-2022-26925 from its Known Exploited Vulnerability Catalog due to a risk of authentication failures when the May 10, 2022 Microsoft rollup update is applied to domain controllers
After installing May 10, 2022 rollup update on domain controllers, organizations might experience authentication failures on the server or client for services, such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP).

Source: Read More (NCSC-FI daily news followup)

You might be interested in …

[SecurityWeek] Russian Man Extradited to U.S. for Role in TrickBot Malware Development

All posts, Security Week

A Russian national has been extradited from South Korea to the United States to face charges for his alleged role in the cybercriminal organization behind the TrickBot malware. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[SecurityWeek] Secretive Israeli Exploit Company Behind Wave of Zero-Day Exploits

All posts, Security Week

A secretive Israeli commercial surveillance company named after a parasitic freshwater fish is being blamed for supplying Windows and Chrome zero-day exploits to nation-state APT actors. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[ThreatPost] Windows EoP Bug Detailed by Google Project Zero

All posts, ThreatPost

Microsoft first dismissed the elevation of privilege flaw but decided yesterday that attackers injecting malicious code is worthy of attention. Source: Read More (Threatpost)

Read More