patching – WindowsTechs.com

Microsoft vulnerabilities: What’s improved, what’s at risk

Posted on April 17, 2025 by Help Net Security

Microsoft reported a record 1,360 vulnerabilities in 2024, according to the latest BeyondTrust Microsoft Vulnerabilities Report. The volume marks an 11% increase from the previous record in 2022 and fits within a broader post-pandemic trend: more vulne… Continue reading Microsoft vulnerabilities: What’s improved, what’s at risk→

Best Sources to Track If a CVE Is Patched? [closed]

Posted on March 18, 2025 by Abuyv

I’m looking for a reliable source that tracks whether a new CVE has been patched by the vendor.
So far, I’ve found: Feedly, zero-day.cz, Github Advisory Database, IBM X-Force Exchange, Opensource Vulnerability DB
But these aren’t always co… Continue reading Best Sources to Track If a CVE Is Patched? [closed]→

Apple discloses zero-day vulnerability, releases emergency patches

Posted on March 11, 2025 by Greg Otto

Apple released emergency software patches Tuesday that address a newly identified zero-day vulnerability in the company’s WebKit web browser engine. Tracked as CVE-2025-24201, an attacker can potentially escape the constraints of Webkit’s Web Content sandbox, potentially leading to unauthorized actions. The sandbox is a security feature that isolates untrusted web content in order to prevent […]

The post Apple discloses zero-day vulnerability, releases emergency patches appeared first on CyberScoop.

Continue reading Apple discloses zero-day vulnerability, releases emergency patches→

When you shouldn’t patch: Managing your risk factors

Posted on February 12, 2025 by Sue Poremba

Look at any article with advice about best practices for cybersecurity, and about third or fourth on that list, you’ll find something about applying patches and updates quickly and regularly. Patching for known vulnerabilities is about as standard as it gets for good cybersecurity hygiene, right up there with using multi-factor authentication and thinking before […]

The post When you shouldn’t patch: Managing your risk factors appeared first on Security Intelligence.

Continue reading When you shouldn’t patch: Managing your risk factors→

Best practices for ensuring a secure browsing environment

Posted on January 3, 2025 by Mirko Zorz

In this Help Net Security interview, Devin Ertel, CISO at Menlo Security, discusses how innovations like AI and closer collaboration between browser vendors and security providers will shape the future of browser security.
The post Best practices for e… Continue reading Best practices for ensuring a secure browsing environment→

The effect of compliance requirements on vulnerability management strategies

Posted on November 29, 2024 by Mirko Zorz

In this Help Net Security interview, Steve Carter, CEO of Nucleus Security, discusses the ongoing challenges in vulnerability management, including prioritizing vulnerabilities and addressing patching delays. Carter also covers compliance requirements … Continue reading The effect of compliance requirements on vulnerability management strategies→

Roger Grimes on Prioritizing Cybersecurity Advice

Posted on October 31, 2024 by Bruce Schneier

This is a good point:

Part of the problem is that we are constantly handed lists…list of required controls…list of things we are being asked to fix or improve…lists of new projects…lists of threats, and so on, that are not ranked for risks. For example, we are often given a cybersecurity guideline (e.g., PCI-DSS, HIPAA, SOX, NIST, etc.) with hundreds of recommendations. They are all great recommendations, which if followed, will reduce risk in your environment.

What they do not tell you is which of the recommended things will have the most impact on best reducing risk in your environment. They do not tell you that one, two or three of these things…among the hundreds that have been given to you, will reduce more risk than all the others…

Continue reading Roger Grimes on Prioritizing Cybersecurity Advice→

Defenders must adapt to shrinking exploitation timelines

Posted on October 16, 2024 by Zeljka Zorz

A new report from Mandiant reveals that the average time-to-exploit vulnerabilities before or after a patch is released has plunged to just five days in 2023, down from 32 days in 2021 in 2022. One reason for this is the fact that, in 2023, exploitatio… Continue reading Defenders must adapt to shrinking exploitation timelines→

Windows Server 2025 gets hotpatching option, without reboots

Posted on September 23, 2024 by Zeljka Zorz

Organizations that plan to upgrade to Windows Server 2025 once it becomes generally available will be able to implement some security updates by hotpatching running processes. What is hotpatching? “Hotpatching has been around for years in Windows… Continue reading Windows Server 2025 gets hotpatching option, without reboots→

Legacy Ivanti Cloud Service Appliance Being Exploited

Posted on September 16, 2024 by Bruce Schneier

CISA wants everyone—and government agencies in particular—to remove or upgrade an Ivanti Cloud Service Appliance (CSA) that is no longer being supported.
Welcome to the security nightmare that is the Internet of Things.
Continue reading Legacy Ivanti Cloud Service Appliance Being Exploited→