Collaborate Disseminate
UPDATE: Researchers have finally disclosed complete technical details of two kernel side-channel attacks, Meltdown and Spectre—which affect not only Intel but also systems and devices running AMD, ARM processors—allowing attackers to steal sensitive da… Continue reading Huge Flaws Affect Nearly Every Modern Device; Patch Could Hit CPU Performance
A WordPress plug-in called Captcha with more than 300,000 active installations contained a backdoor that allowed its maintainer to gain unauthorized administrative access to other people’s websites. The plug-in was apparently backdoored after its… Continue reading Yet Another WordPress Extension Changes Owner and Gets Backdoored
Oracle has released out-of-band security patches for a component used by multiple ERP applications from its PeopleSoft suite. The updates fix five vulnerabilities, including two critical ones that can be exploited to access data from or completely comp… Continue reading Oracle Patches Critical Vulnerabilities in PeopleSoft Applications
You should be extra careful when opening files in MS Office.
When the world is still dealing with the threat of ‘unpatched’ Microsoft Office’s built-in DDE feature, researchers have uncovered a serious issue with another Office component that could al… Continue reading 17-Year-Old MS Office Flaw Lets Hackers Install Malware Without User Interaction
Adobe Systems has released security patches for nine of its products to fix 86 vulnerabilities, the majority of which are rated as critical and important. In addition to Flash Player, Reader and Acrobat, which are the usual recipients of Adobe’s security patches, the company has updated Photoshop CC, Adobe Connect, Adobe DNG Converter, InDesign, Digital..
The post Adobe Releases Critical Security Patches for 9 Products appeared first on Security Boulevard.
Continue reading Adobe Releases Critical Security Patches for 9 Products
As part of its “October Patch Tuesday,” Microsoft has today released a large batch of security updates to patch a total of 62 vulnerabilities in its products, including a severe MS office zero-day flaw that has been exploited in the wild.
Security upd… Continue reading Microsoft Issues Patches For Severe Flaws, Including Office Zero-Day & DNS Attack
“Always keep your operating system and software up-to-date.”
This is one of the most popular and critical advice that every security expert strongly suggests you to follow to prevent yourself from major cyber attacks.
However, even if you attempt to … Continue reading Millions of Up-to-Date Apple Macs Remain Vulnerable to EFI Firmware Hacks
Adobe may kill Flash Player by the end of 2020, but until then, the company would not stop providing security updates to the buggy software.
As part of its monthly security updates, Adobe has released patches for eight security vulnerabilities in its three products, including two vulnerabilities in Flash Player, four in ColdFusion, and two in RoboHelp—five of these are rated as critical.
Continue reading Adobe Patches Two Critical RCE Vulnerabilities in Flash Player
The world is reeling from the large-scale WannaCry ransomware attack. Over 350,000 machines in 150 countries were hit in a single weekend: the UK national health service, French car maker Renault, Portugal Telecom, FedEx, Deutsche Bahn rail, Russian rail, the National Bank of China, and many others were forced to cancel services as the attack froze computers across their sites, encrypted their data and demanded bitcoin as ransom. Wannacry is believed to be the biggest ransomware attack in history, but it’s only the beginning. Expect to see a lot more of this in the future. Expect to be one of the victims. Cyberattacks against hospitals and public transportation are extremely serious, but the growing “Internet of Things” is making everything much worse. “IoT” means simply, “runs on software” and “connected to the internet.” And that, as any security expert will tell you, means vulnerable to a remote attack. If not now, then […]
The post We’re running out of time with IoT security — here are some ways to fix it appeared first on Cyberscoop.
Continue reading We’re running out of time with IoT security — here are some ways to fix it
Democratic Sen. Mark Warner has written to federal officials asking for details about how agencies patched their systems to protect them against the fast-spreading WannaCry ransomware. White House homeland security adviser Thomas Bossert told reporters during the daily briefing Monday that no federal systems had been infected, but Warner noted in his letter that despite a National Institute of Standards and Technology recommendation that security-related software updates “be installed within a defined timeframe (in many cases seven to 30 days for critical patches),” the Government Accountability Office last year found “numerous instances where agencies failed to comply with those deadlines.” Microsoft included a fix for the vulnerability in a regularly scheduled patch in mid-March. Over the weekend, the company took the unprecedented step of releasing a patch for several discontinued but still widely used software products, including Windows XP. In the letter, released Monday afternoon, the Virginia senator asks Homeland Security Secretary John Kelly and Office of […]
The post Sen. Warner wants action on WannaCry patching from DHS, OMB appeared first on Cyberscoop.
Continue reading Sen. Warner wants action on WannaCry patching from DHS, OMB