Six 0-Days Lead Microsoft’s August 2024 Patch Push

Microsoft today released updates to fix at least 90 security vulnerabilities in Windows and related software, including a whopping six zero-day flaws that are already being actively exploited by attackers. Continue reading Six 0-Days Lead Microsoft’s August 2024 Patch Push

Microsoft Patch Tuesday, March 2023 Edition

Microsoft on Tuesday released updates to quash at least 74 security bugs in its Windows operating systems and software. Two of those flaws are already being actively attacked, including an especially severe weakness in Microsoft Outlook that can be exploited without any user interaction. Continue reading Microsoft Patch Tuesday, March 2023 Edition

‘Wormable’ Flaw Leads January 2022 Patch Tuesday

Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. Six of the vulnerabilities were publicly detailed already, potentially giving attackers a head start in figuring out how to exploit them in unpatched systems. More concerning, Microsoft warns that one of the flaws fixed this month is “wormable,” meaning no human interaction would be required for an attack to spread from one vulnerable Windows box to another. Continue reading ‘Wormable’ Flaw Leads January 2022 Patch Tuesday

Patch Tuesday, November 2020 Edition

Adobe and Microsoft each issued a bevy of updates today to plug critical security holes in their software. Microsoft’s release includes fixes for 112 separate flaws, including one zero-day vulnerability that is already being exploited to attack Windows users. Microsoft also is taking flak for changing its security advisories and limiting the amount of information disclosed about each bug. Continue reading Patch Tuesday, November 2020 Edition

Microsoft Patch Tuesday, October 2020 Edition

It’s Cybersecurity Awareness Month! In keeping with that theme, if you (ab)use Microsoft Windows computers you should be aware the company shipped a bevy of software updates today to fix at least 87 security problems in Windows and programs that run on top of the operating system. That means it’s once again time to backup and patch up. Continue reading Microsoft Patch Tuesday, October 2020 Edition

It’s No ‘Giggle’: Managing Expectations for Vulnerability Disclosure

Vulnerability-disclosure policies (VDPs), if done right, can help provide clarity and clear guidelines to both bug-hunters and vendors when it comes to going public with security flaws. Continue reading It’s No ‘Giggle’: Managing Expectations for Vulnerability Disclosure

Microsoft Patch Tuesday, Sept. 2020 Edition

Microsoft today released updates to remedy nearly 130 security vulnerabilities in its Windows operating system and supported software. None of the flaws are known to be currently under active exploitation, but 23 of them could be exploited by malware or malcontents to seize complete control of Windows computers with little or no help from users. Continue reading Microsoft Patch Tuesday, Sept. 2020 Edition

Vulnerability Disclosure: Ethical Hackers Seek Best Practices

Cybersecurity researchers Brian Gorenc and Dustin Childs talk about the biggest vulnerability disclosure challenges in IoT and the industrial vertical. Continue reading Vulnerability Disclosure: Ethical Hackers Seek Best Practices

Netgear Zero-Day Allows Full Takeover of Dozens of Router Models

An unpatched vulnerability in the web server of device firmware gives attackers root privileges, researchers said. Continue reading Netgear Zero-Day Allows Full Takeover of Dozens of Router Models

Netgear moves to plug vulnerability in routers after researchers find zero-day

A newly discovered software vulnerability could allow hackers to remotely exploit home internet routers, offering a foothold for breaking into the devices running on those networks. Researchers say the flaw in routers made by Netgear — revealed this week by cybersecurity company GRIMM and Trend Micro’s Zero Day Initiative (ZDI) — underscores the long-running challenge of improving security in a market that prizes affordable and functional networking equipment. Netgear told CyberScoop on Wednesday that it was close to releasing a patch for the vulnerability. The flaw affects how Netgear devices handle incoming data and could let hackers who manage to connect to the router to bypass its authentication process using a software exploit. The router could then be a pathway to other devices, such as a laptop housing sensitive work information. (Breaking into the laptop would likely require an additional exploit.) The findings show how the potential impact of a bug can grow as investigations proceed. Researchers initially singled out […]

The post Netgear moves to plug vulnerability in routers after researchers find zero-day appeared first on CyberScoop.

Continue reading Netgear moves to plug vulnerability in routers after researchers find zero-day