Microsoft plugs actively exploited zero-day hole (CVE-2023-21674)

To mark the January 2023 Patch Tuesday, Microsoft has released patches for 98 CVE-numbered vulnerabilities, including one exploited in the wild (CVE-2023-21674) and one (CVE-2023-21549) that’s been publicly disclosed. Both allow attackers to elev… Continue reading Microsoft plugs actively exploited zero-day hole (CVE-2023-21674)

Patch Tuesday, November 2022 Election Edition

Let’s face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are anxiously awaiting the results of how well we’ve patched our Democracy, it seems fitting that Microsoft Corp. today released gobs of security patches for its ubiquitous Windows operating systems. November’s patch batch includes fixes for a whopping six zero-day security vulnerabilities that miscreants and malware are already exploiting in the wild. Continue reading Patch Tuesday, November 2022 Election Edition

Microsoft fixes many zero-days under attack

November 2022 Patch Tuesday is here, with fixes for many vulnerabilities actively exploited in the wild, including CVE-2022-41091, a Windows Mark of the Web bypass flaw, and the ProxyNotShell MS Exchange vulnerabilities. Fixes to prioritize CVE-2022-41… Continue reading Microsoft fixes many zero-days under attack

Microsoft Patch Tuesday, October 2022 Edition

Microsoft today released updates to fix at least 85 security holes in its Windows operating systems and related software, including a new zero-day vulnerability in all supported versions of Windows that is being actively exploited. However, noticeably absent from this month’s Patch Tuesday are any updates to address a pair of zero-day flaws being exploited this past month in Microsoft Exchange Server. Continue reading Microsoft Patch Tuesday, October 2022 Edition

Adaptive Shield and Tenable joint solution helps organizations protect their SaaS stack

Adaptive Shield has joined forces with Tenable, to provide a consolidated posture management solution that correlates the risk of SaaS users and their endpoints. While SaaS providers build in security features, it is the company’s responsibility to cov… Continue reading Adaptive Shield and Tenable joint solution helps organizations protect their SaaS stack

Microsoft fixes exploited zero-day in the Windows CLFS Driver (CVE-2022-37969)

September 2022 Patch Tuesday is here, with fixes for 64 CVE-numbered vulnerabilities in various Microsoft products, including one zero-day (CVE-2022-37969) exploited by attackers. About CVE-2022-37969 CVE-2022-37969 is an elevation of privilege vulnera… Continue reading Microsoft fixes exploited zero-day in the Windows CLFS Driver (CVE-2022-37969)

Black Hat USA 2022 video walkthrough

In this Help Net Security video, we take you inside Black Hat USA 2022 at the Mandalay Bay Convention Center in Las Vegas. The video features the following vendors: Abnormal Security, Adaptive Shield, Airgap, Akamai, Anomali, Arctic Wolf Networks, Aris… Continue reading Black Hat USA 2022 video walkthrough

Microsoft fixes exploited zero-day in Windows Support Diagnostic Tool (CVE-2022-34713)

The August 2022 Patch Tuesday has arrived, with fixes for an unexpectedly high number of vulnerabilities in various Microsoft products, including two zero-days: one actively exploited (CVE-2022-34713) and one not yet (CVE-2022-30134). Vulnerabilities t… Continue reading Microsoft fixes exploited zero-day in Windows Support Diagnostic Tool (CVE-2022-34713)

VMware: Patch this critical vulnerability immediately! (CVE-2022-31656)

VMware has released fixes for ten vulnerabilities, including CVE-2022-31656, an authentication bypass vulnerability affecting VMware Workspace ONE Access, Identity Manager and vRealize Automation, which the company considers critical and advises to pat… Continue reading VMware: Patch this critical vulnerability immediately! (CVE-2022-31656)