security update

Microsoft will offer extended security updates for Windows 10

Microsoft will offer extended security updates for Windows 10 06/12/2023 at 16:16 By Zeljka Zorz Microsoft will not abandon Windows 10 users to an insecure fate once it reaches end of support (EOS) on October 14, 2025: both enterprises and individual consumers will be able receive Extended Security Updates (ESU), but will have to pay […]

React to this headline:

Loading spinner

Microsoft will offer extended security updates for Windows 10 Read More »

Qlik Sense flaws exploited in Cactus ransomware campaign

Qlik Sense flaws exploited in Cactus ransomware campaign 01/12/2023 at 15:18 By Helga Labus Attackers are exploiting three critical vulnerabilities in internet-facing Qlik Sense instances to deliver Cactus ransomware to target organizations, Arctic Wolf researchers have warned. The exploited vulnerabilities Qlik Sense is a business intelligence and data analytics solution popular with governmental organizations and

React to this headline:

Loading spinner

Qlik Sense flaws exploited in Cactus ransomware campaign Read More »

Critical Zyxel NAS vulnerabilities patched, update quickly!

Critical Zyxel NAS vulnerabilities patched, update quickly! 01/12/2023 at 14:33 By Zeljka Zorz Zyxel has patched six vulnerabilities affecting its network attached storage (NAS) devices, including several (OS) command injection flaws that can be easily exploited by unauthenticated attackers. The vulnerabilities in Zyxel NAS devices One of the six plugged security holes is an improper

React to this headline:

Loading spinner

Critical Zyxel NAS vulnerabilities patched, update quickly! Read More »

Apple patches two zero-days used to target iOS users (CVE-2023-42916 CVE-2023-42917)

Apple patches two zero-days used to target iOS users (CVE-2023-42916 CVE-2023-42917) 01/12/2023 at 12:33 By Zeljka Zorz With the latest round of security updates, Apple has fixed two zero-day WebKit vulnerabilities (CVE-2023-42916, CVE-2023-42917) that “may have been exploited against versions of iOS before iOS 16.7.1.” About the vulnerabilities (CVE-2023-42916, CVE-2023-42917) CVE-2023-42916 is a out-of-bounds read

React to this headline:

Loading spinner

Apple patches two zero-days used to target iOS users (CVE-2023-42916 CVE-2023-42917) Read More »

Google fixes Chrome zero day exploited in the wild (CVE-2023-6345)

Google fixes Chrome zero day exploited in the wild (CVE-2023-6345) 29/11/2023 at 14:46 By Helga Labus Google has released an urgent security update to fix a number of vulnerabilities in Chrome browser, including a zero-day vulnerability (CVE-2023-6345) that is being actively exploited in the wild. About CVE-2023-6345 CVE-2023-6345, reported by Benoît Sevens and Clément Lecigne

React to this headline:

Loading spinner

Google fixes Chrome zero day exploited in the wild (CVE-2023-6345) Read More »

Why it’s the perfect time to reflect on your software update policy

Why it’s the perfect time to reflect on your software update policy 27/11/2023 at 08:04 By Help Net Security The threat landscape is evolving by the minute, with both malicious actors and well-intentioned researchers constantly on the hunt for new attack vectors that bypass security controls and gain control of systems and applications. In fact,

React to this headline:

Loading spinner

Why it’s the perfect time to reflect on your software update policy Read More »

MOVEit hackers leverage new zero-day bug to breach organizations (CVE-2023-47246)

MOVEit hackers leverage new zero-day bug to breach organizations (CVE-2023-47246) 09/11/2023 at 18:01 By Helga Labus A critical zero-day vulnerability (CVE-2023-47246) in the SysAid IT support and management software solution is being exploited by Lace Tempest, a ransomware affiliate known for deploying Cl0p ransomware. Lace Tempest has previously exploited zero-day vulnerability (CVE-2023-34362) in Progress Software’s

React to this headline:

Loading spinner

MOVEit hackers leverage new zero-day bug to breach organizations (CVE-2023-47246) Read More »

Attackers exploiting Apache ActiveMQ flaw to deliver ransomware (CVE-2023-46604)

Attackers exploiting Apache ActiveMQ flaw to deliver ransomware (CVE-2023-46604) 02/11/2023 at 17:01 By Zeljka Zorz Ransomware-wielding attackers are trying to break into servers running outdated versions of Apache ActiveMQ by exploiting a recently fixed vulnerability (CVE-2023-46604). “Beginning Friday, October 27, Rapid7 Managed Detection and Response (MDR) identified suspected exploitation of Apache ActiveMQ CVE-2023-46604 in two

React to this headline:

Loading spinner

Attackers exploiting Apache ActiveMQ flaw to deliver ransomware (CVE-2023-46604) Read More »

Atlassian patches critical Confluence bug, urges for immediate action (CVE-2023-22518)

Atlassian patches critical Confluence bug, urges for immediate action (CVE-2023-22518) 31/10/2023 at 13:16 By Zeljka Zorz Atlassian is urging enterprise administrators to update their on-premises Confluence Data Center and Server installations quickly to plug a critical security vulnerability (CVE-2023-22518) that could lead to “significant data loss if exploited by an unauthenticated attacker.” About CVE-2023-22518 CVE-2023-22518

React to this headline:

Loading spinner

Atlassian patches critical Confluence bug, urges for immediate action (CVE-2023-22518) Read More »

VMware patches critical vulnerability in vCenter Server (CVE-2023-34048)

VMware patches critical vulnerability in vCenter Server (CVE-2023-34048) 25/10/2023 at 13:47 By Helga Labus VMware has fixed a critical out-of-bounds write vulnerability (CVE-2023-34048) and a moderate-severity information disclosure flaw (CVE-2023-34056) in vCenter Server, its popular server management software. About CVE-2023-34048 and CVE-2023-34056 CVE-2023-34048 allows an attacker with network access to a vulnerable vCenter Server virtual

React to this headline:

Loading spinner

VMware patches critical vulnerability in vCenter Server (CVE-2023-34048) Read More »

“Disappearing” implants, followed by first fixes for exploited Cisco IOS XE zero-day

“Disappearing” implants, followed by first fixes for exploited Cisco IOS XE zero-day 23/10/2023 at 13:04 By Zeljka Zorz Cisco has released the first fixes for the IOS XE zero-day (CVE-2023-20198) exploited by attackers to ultimately deliver a malicious implant. The fixes were made available on Sunday, but a curious thing happened the day before: several

React to this headline:

Loading spinner

“Disappearing” implants, followed by first fixes for exploited Cisco IOS XE zero-day Read More »

Citrix NetScaler bug exploited in the wild since August (CVE-2023-4966)

Citrix NetScaler bug exploited in the wild since August (CVE-2023-4966) 18/10/2023 at 17:18 By Helga Labus A recently patched Citrix NetScaler ADC/Gateway information disclosure vulnerability (CVE-2023-4966) has been exploited by attackers in the wild since late August 2023, Mandiant researchers have revealed. About CVE-2023-4966 Citrix’s security advisory, published on October 10, says that the vulnerability

React to this headline:

Loading spinner

Citrix NetScaler bug exploited in the wild since August (CVE-2023-4966) Read More »

Valve introduces SMS-based confirmation to prevent malicious games on Steam

Valve introduces SMS-based confirmation to prevent malicious games on Steam 17/10/2023 at 16:32 By Helga Labus Video game publisher/digital distribution company Valve is forcing developers who publish games on its Steam platform to “validate” new builds with a confirmation code received via SMS. The Steam SMS confirmation requirement Valve sent out notices last month to

React to this headline:

Loading spinner

Valve introduces SMS-based confirmation to prevent malicious games on Steam Read More »

Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545)

Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545) 11/10/2023 at 13:31 By Zeljka Zorz Curl v8.4.0 is out, and fixes – among other things – a high-severity SOCKS5 heap buffer overflow vulnerability (CVE-2023-38545). Appropriate patches for some older curl versions have been released, too. Preparation for the security updates A little over a

React to this headline:

Loading spinner

Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545) Read More »

Microsoft plugs exploited WordPad, Skype for Business zero-days (CVE-2023-36563, CVE-2023-41763)

Microsoft plugs exploited WordPad, Skype for Business zero-days (CVE-2023-36563, CVE-2023-41763) 10/10/2023 at 22:01 By Zeljka Zorz On this October 2023 Patch Tuesday, Microsoft has released 103 patches and has fixed three actively exploited vulnerabilities (CVE-2023-36563, CVE-2023-41763, CVE-2023-44487). The exploited zero-days (CVE-2023-36563, CVE-2023-41763, CVE-2023-44487) CVE-2023-36563, discovered by Microsoft Threat Intelligence, is a WordPad vulnerability that could

React to this headline:

Loading spinner

Microsoft plugs exploited WordPad, Skype for Business zero-days (CVE-2023-36563, CVE-2023-41763) Read More »

Be prepared to patch high-severity vulnerability in curl and libcurl

Be prepared to patch high-severity vulnerability in curl and libcurl 10/10/2023 at 12:20 By Zeljka Zorz Details about two vulnerabilities (CVE-2023-38545, CVE-2023-38546) in curl, a foundational and widely used open-source software for data transfer via URLs, are to be released on Wednesday, October 11. Daniel Stenberg, the original author and lead developer, has said that

React to this headline:

Loading spinner

Be prepared to patch high-severity vulnerability in curl and libcurl Read More »

“Looney Tunables” bug allows root access on Linux distros (CVE-2023-4911)

“Looney Tunables” bug allows root access on Linux distros (CVE-2023-4911) 05/10/2023 at 16:17 By Zeljka Zorz A vulnerability (CVE-2023-4911) in the GNU C Library (aka “glibc”) can be exploited by attackers to gain root privileges on many popular Linux distributions, according to Qualys researchers. About CVE-2023-4911 Dubbed “Looney Tunables”, CVE-2023-4911 is a buffer overflow vulnerability

React to this headline:

Loading spinner

“Looney Tunables” bug allows root access on Linux distros (CVE-2023-4911) Read More »

Apple patches another iOS zero-day under attack (CVE-2023-42824)

Apple patches another iOS zero-day under attack (CVE-2023-42824) 05/10/2023 at 13:47 By Helga Labus Apple has released a security update for iOS and iPadOS to fix another zero-day vulnerability (CVE-2023-42824) exploited in the wild. About the vulnerability (CVE-2023-42824) CVE-2023-42824 is a kernel vulnerability that could allow a local threat actor to elevate its privileges on

React to this headline:

Loading spinner

Apple patches another iOS zero-day under attack (CVE-2023-42824) Read More »

Critical Atlassian Confluence zero-day exploited by attackers (CVE-2023-22515)

Critical Atlassian Confluence zero-day exploited by attackers (CVE-2023-22515) 05/10/2023 at 13:02 By Helga Labus Atlassian has fixed a critical zero-day vulnerability (CVE-2023-22515) in Confluence Data Center and Server that is being exploited in the wild. “Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited

React to this headline:

Loading spinner

Critical Atlassian Confluence zero-day exploited by attackers (CVE-2023-22515) Read More »

Qualcomm patches 3 actively exploited zero-days

Qualcomm patches 3 actively exploited zero-days 04/10/2023 at 16:46 By Helga Labus Qualcomm has fixed three actively exploited vulnerabilities (CVE-2023-33106, CVE-2023-33107, CVE-2023-33063) in its Adreno GPU and Compute DSP drivers. Vulnerabilities exploited in Qualcomm GPU and DSP drivers The US-based semiconductor company has been notified by Google Threat Analysis Group and Google Project Zero that

React to this headline:

Loading spinner

Qualcomm patches 3 actively exploited zero-days Read More »

Buy Me A Coffee
Thank you for visiting!