Security News

Microsoft March 2023 Patch Tuesday fixes 2 zero-days, 83 flaws
2023-03-14 17:29

Today is Microsoft's March 2023 Patch Tuesday, and security updates fix two actively exploited zero-day vulnerabilities and a total of 83 flaws. This month's Patch Tuesday fixes two zero-day vulnerabilities actively exploited in attacks.

Week in review: Public MS Word RCE PoC, API exploitation, Patch Tuesday forecast
2023-03-12 09:30

Veeam Backup & Replication admins, get patching!Veeam Software has patched CVE-2023-27532, a high-severity security hole in its widely-used Veeam Backup & Replication solution, and is urging customer to implement the fix as soon as possible. Fortinet plugs critical RCE hole in FortiOS, FortiProxyFortinet has patched 15 vulnerabilities in a variety of its products, including CVE-2023-25610, a critical flaw affecting devices running FortiOS and FortiProxy.

March 2023 Patch Tuesday forecast: It’s not about luck
2023-03-10 07:28

Every month I touch on a few hot topics related to security around patching and some important updates to look out for on the upcoming Patch Tuesday. March 2023 Patch Tuesday forecast The February release was small in terms of CVEs addressed as predicted with only 33 in Windows 11 and Server 2012, and 36 in Windows 10.

Exploit released for critical Fortinet RCE flaw, patch now
2023-02-21 18:21

Security researchers have released a proof-of-concept exploit for a critical-severity vulnerability in Fortinet's FortiNAC network access control suite. Proof-of-concept exploit code is also available from the company's repository on GitHub.

Exploit released for critical Fortinet RCE flaws, patch now
2023-02-21 18:21

Security researchers have released a proof-of-concept exploit for a critical-severity vulnerability in Fortinet's FortiNAC network access control suite. Proof-of-concept exploit code is also available from the company's repository on GitHub.

Week in review: Microsoft, Apple patch exploited zero-days, tips for getting hired in cybersecurity
2023-02-19 09:03

Get hired in cybersecurity: Expert tips for job seekersIn this Help Net Security interview, Joseph Cooper, Cybersecurity Recruiter at Aspiron Search, offers practical advice for job seekers and talks about how the cybersecurity profession continues to expand. Admins, patch your Cisco enterprise security solutions!Cisco has released security updates for several of its enterprise security and networking products.

Admins, patch your Cisco enterprise security solutions! (CVE-2023-20032)
2023-02-17 12:47

A critical vulnerability in the ClamAV scanning library used by its Secure Endpoint, Secure Endpoint Private Cloud, and Secure Web Appliance, and. High-risk vulnerabilities affecting Email Security Appliance and Cisco Secure Email and Web Manager, proof-of-concept exploit code for which is already available.

Hyundai, Kia patch bug allowing car thefts with a USB cable
2023-02-15 18:11

Automakers Hyundai and KIA are rolling out an emergency software update on several of their car models impacted by an easy hack that makes it possible to steal them."In response to increasing thefts targeting its vehicles without push-button ignitions and immobilizing anti-theft devices in the United States, Hyundai is introducing a free anti-theft software upgrade to prevent the vehicles from starting during a method of theft popularized on TikTok and other social media channels," reads Hyundai's announcement.

Microsoft Patch Tuesday: 36 RCE bugs, 3 zero-days, 75 CVEs
2023-02-14 22:12

We counted 75 CVE-numbered bugs dated 2023-02-14, given that this year's February updates arrived on Valentine's Day. We extracted a list and included it below, sorted so that the bugs dubbed Critical are at the top.

Apple fixes zero-day spyware implant bug – patch now!
2023-02-14 19:08

Apple has just released updates for all supported Macs, and for any mobile devices running the very latest versions of their respective operating systems. Apparently, tvOS recently received a product-specific functionality fix that already used up the version number 16.3.1 for Apple TVs. As we've seen before, mobile devices still using iOS 15 and iOS 12 get nothing, but whether that's because they're immune to this bug or simply that Apple hasn't got round to patching them yet.