Apple patch fixes zero-day kernel hole reported by Kaspersky – update now!
Apple didn’t use the words “Triangulation Trojan”, but you probably will. Continue reading Apple patch fixes zero-day kernel hole reported by Kaspersky – update now!
Category Archives: patch
VMware Aria Operations for Networks vulnerability exploited in the wild (CVE-2023-20887)
CVE-2023-20887, a pre-authentication command injection vulnerability in VMware Aria Operations for Networks (formerly vRealize Network Insight), has been spotted being exploited in the wild. There are no workarounds to mitigate the risk of exploitation… Continue reading VMware Aria Operations for Networks vulnerability exploited in the wild (CVE-2023-20887)
ASUS warns router customers: Patch now, or block all inbound requests
“Do as we say, not as we do!” – The patches took ages to come out, but don’t let that lure you into taking ages to install them. Continue reading ASUS warns router customers: Patch now, or block all inbound requests
Easily bypassed patch makes zero-click Outlook flaw exploitable again (CVE-2023-29324)
Among the vulnerabilities fixed by Microsoft on May 2023 Patch Tuesday is CVE-2023-29324, a bug in the Windows MSHTML platform that Microsoft rates as “important.” Akamai’s research team and Ben Barnea, the researcher who’s cred… Continue reading Easily bypassed patch makes zero-click Outlook flaw exploitable again (CVE-2023-29324)
Easily exploitable flaw in Oracle Opera could spell trouble for hotel chains (CVE-2023-21932)
A recently patched vulnerability (CVE-2023-21932) in Oracle Opera, a property management system widely used in large hotel and resort chains, is more critical than Oracle says it is and could be easily exploited by unauthenticated remote attackers to a… Continue reading Easily exploitable flaw in Oracle Opera could spell trouble for hotel chains (CVE-2023-21932)
Apple delivers first-ever Rapid Security Response “cyberattack” patch – leaves some users confused
Just when we’d got used to three-numbered versions, such as “13.3.1”, here comes an update suffix, bringing you “13.3.1 (a)”… Continue reading Apple delivers first-ever Rapid Security Response “cyberattack” patch – leaves some users confused
Double zero-day in Chrome and Edge – check your versions now!
Wouldn’t it be handy if there were a single version number to check for in every Chromium-based browser, on every supported platform?
Continue reading Double zero-day in Chrome and Edge – check your versions now!
Army helicopter crash blamed on skipped software patch
The emergency ditching of an Australian military helicopter in the water just off a beach in New South Wales, has been blamed on the failure to apply a software patch.
Read more in my article on the Hot for Security blog. Continue reading Army helicopter crash blamed on skipped software patch
Veeam Backup & Replication admins, get patching! (CVE-2023-27532)
Veeam Software has patched CVE-2023-27532, a high-severity security hole in its widely-used Veeam Backup & Replication solution, and is urging customer to implement the fix as soon as possible. About CVE-2023-27532 The nature of CVE-2023-27532 has… Continue reading Veeam Backup & Replication admins, get patching! (CVE-2023-27532)
Admins, patch your Cisco enterprise security solutions! (CVE-2023-20032)
Cisco has released security updates for several of its enterprise security and networking products, fixing (among other things): A critical vulnerability (CVE-2023-20032) in the ClamAV scanning library used by its Secure Endpoint, Secure Endpoint Priva… Continue reading Admins, patch your Cisco enterprise security solutions! (CVE-2023-20032)