Security News

Microsoft has disclosed a high-severity zero-day vulnerability affecting Office 2016 and later, which is still waiting for a patch. [...]

First, we had a large set of updates on Patch Tuesday, then we had to work through the CrowdStrike event, and finally many of us had Azure outages due to Microsoft responding to a DDoS attack. The July 2024 Patch Tuesday release kept everyone busy with updates for Microsoft Windows, Office, SharePoint, SQL Server and.

Password manager 1Password is warning that all Mac users running versions before 8.10.36 are vulnerable to a bug that allows attackers to steal vault items. Based on 1Password's description of the vulnerability, an attacker would need to develop and install a specific program on a victim's machine that targeted 1Password on Mac, either through social engineering or other means.

A critical security flaw impacting Progress Software WhatsUp Gold is seeing active exploitation attempts, making it essential that users move quickly to apply the latest. The vulnerability in question is CVE-2024-4885, an unauthenticated remote code execution bug impacting versions of the network monitoring application released before 2023.1.3.

Although endpoint anti-malware and other security controls are now standard at the operating system level, keeping all endpoint software up-to-date and secure remains an open issue for many organizations. Having worked with many enterprise security software, I noticed that established market players tend to accumulate substantial technical debt, which translates into bloated endpoints that spawn several processes and services bolted together as new functionalities get added, ultimately noticeably hitting endpoint performance and hampering employee productivity.

Livne explains the role of effective patch management in minimizing business risk and maintaining strong cybersecurity. Can you speak to the importance of a good patch management strategy in reducing business risk?

Coupled with an exploding ecosystem of third-party apps, endpoint management tools that aren't really designed to handle patch management, bandwidth issues, and architectural challenges, IT teams have "An overwhelming amount of work to do," Hewitt told us. Endpoint management biz Adaptiva revealed in its 2023 state of patch handling report [PDF] that the average organization manages around 2,900 software applications, and 69 percent of IT teams believe it's impossible to get all of them patched on schedule.

Not now, Microsoft Some Windows devices are presenting users with a BitLocker recovery screen upon reboot following the installation of July's Patch Tuesday update.…

Threat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead to remote code execution attacks. It has been described as a remote command execution flaw in the Gremlin graph traversal language API. "Users are recommended to upgrade to version 1.3.0 with Java11 and enable the Auth system, which fixes the issue," the Apache Software Foundation noted in late April 2024.

Netgear warned customers to update their devices to the latest available firmware, which patches stored cross-site scripting and authentication bypass vulnerabilities in several WiFi 6 router models. The stored XSS security flaw impacts the XR1000 Nighthawk gaming router.