Your daily dose of tech news, in brief.
We made it to Friday! And not just any Friday, but the last one before SpiceWorld 2022!
While not necessarily directly related to the IT industry, a fun fact is that back on September 23, 1962, the futuristic family cartoon "The Jetsons" first debuted. It was set 100 years in the future in the year 2062. Now that we're over halfway there, it's surprising that many of the technologies they predicted in the cartoon are already a reality, such as video calls, robotic vacuums, tablet computers, smartwatches, and flat-screen TVs.You need to hear this. CISA Warns of Hackers Exploiting Recent Zoho ManageEngine Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently added a critical Java deserialization bug affecting multiple Zoho ManageEngine products to its Known Exploited Vulnerabilities (KEV) catalog and warned that the flaw has been actively exploited in attacks.
According to The Hacker News:
""Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability which allows for remote code execution," the agency said in a notice.
The critical vulnerability, tracked as CVE-2022-35405, is rated 9.8 out of 10 for severity on the CVSS scoring system, and was patched by Zoho as part of updates released on June 24, 2022.
Although the exact nature of the flaw remains unknown, the India-based enterprise solutions company said it addressed the issue by removing the vulnerable components that could lead to the remote execution of arbitrary code.
Zoho has also warned of the public availability of a proof-of-concept (PoC) exploit for the vulnerability, making it imperative that customers move quickly to upgrade the instances of Password Manager Pro, PAM360 and Access Manager Plus as soon as possible."
Microsoft warned of a consumer-facing attack that made use of rogue OAuth applications deployed on compromised cloud tenants in an effort to seize control of Exchange servers and spread spam.
According to BleepingComputer:
"The attacker then used this inbound connector and transport rules designed to help evade detection to deliver phishing emails through the compromised Exchange servers.
The threat actors deleted the malicious inbound connector and all the transport rules between spam campaigns as an additional defense evasion measure.
In contrast, the OAuth application remained dormant for months between attacks until it was used again to add new connectors and rules before the next wave of attacks.
These email campaigns were triggered from Amazon SES and Mail Chimp email infrastructure commonly used to send marketing emails in bulk."
Microsoft shares workarounds for Windows Group Policy issues
I know many (MANY) of our members use Group Policies, so I wanted to make sure we highlighted this one as it goes over some of the workarounds to issues introduced in the latest Patch Tuesday.
According to BleepingComputer:
""Known affected Group Policy Objects are related to files and shortcuts in User Configuration -> Preferences -> Windows Settings in Group Policy Editor."
The list of affected platforms includes client (from Windows 8.1 up to Windows 11 22H2) and server releases (from Windows Server 2008 SP2 and up to Windows Server 2022).
Microsoft acknowledged the issue following a stream of Windows admin reports across multiple social networks and on Microsoft's online community regarding issues with Group Policy settings after deploying September 2022 Patch Tuesday updates.
At the time, some of the affected admins suggested a radical fix requiring manually uninstalling and hiding the offending cumulative updates. Unfortunately, this would also remove all fixes for recently patched security vulnerabilities.
However, multiple admins have also reported that un-checking the "Run in user security context" option on the affected GPOs will help address the file copying and shortcut creation problems."
Water has been found in an asteroid sample collected by Japan's Hayabusa-2 space probe, marking the first such discovery and shedding light on how the Earth's oceans may have formed.
According to The Guardian:
"Specks of dust that a Japanese space probe retrieved from an asteroid about 186 million miles (300m kilometres) from Earth have revealed a surprising component: a drop of water.
The discovery offers new support for the theory that life on Earth may have been seeded from outer space."
NASA gears up to deflect asteroid, in key test of planetary defense
I imagine we'll hear more about this early next week after the Double Asteroid Redirection Test (DART) spaceship crashes into the Dimorphos asteroid. But, this is a good article to give you a bit more background on it all.
According to SpaceDaily:
"Bet the dinosaurs wish they'd thought of this.
NASA on Monday will attempt a feat humanity has never before accomplished: deliberately smacking a spacecraft into an asteroid to slightly deflect its orbit, in a key test of our ability to stop cosmic objects from devastating life on Earth.
The Double Asteroid Redirection Test (DART) spaceship launched from California last November and is fast approaching its target, which it will strike at roughly 14,000 miles per hour (23,000 kph).
To be sure, neither the asteroid moonlet Dimorphos, nor the big brother it orbits, called Didymos, pose any threat as the pair loop the Sun, passing some seven million miles from Earth at nearest approach."
The FDA cautions that the practice of misusing nonprescription drugs as part of social media challenges is unsafe.
According to TechCrunch:
"It’s about time that we learn the difference between what’s a viral trend and what’s just one person posting a meme that goes viral.
For the sake of humanity, let’s count our lucky stars: NyQuil chicken is not a real threat to public health. But this week, the FDA issued a warning about what the agency perceived as a TikTok challenge encouraging users to cook raw chicken in a pool of NyQuil, a sleep-inducing cold medicine."
This one felt a bit clickbaity... but it worked because I did click on it. Granted, this is a serious issue for those who attempt to do such a thing. Luckily, I believe members of our community would think twice and do their homework before even considering doing such a thing.
Reading the email notification for this and you want to chat with others? Go directly to this Snap!'s community topic and join in on the conversation.