Security News

Microsoft October 2021 Patch Tuesday fixes 4 zero-days, 71 flaws
2021-10-12 17:31

Today is Microsoft's October 2021 Patch Tuesday, and with it comes fixes for four zero-day vulnerabilities and a total of 74 flaws. Microsoft has fixed 74 vulnerabilities with today's update, with three classified as Critical, and 70 as Important, and one as Low.

Apple Releases Urgent iOS Updates to Patch New Zero-Day Bug
2021-10-12 15:17

Apple on Monday rushed out a security update for iOS 15.0.2 and iPadOS 15.0.2 to fix a remote code-execution zero-day vulnerability that's being actively exploited.Within hours, a security researcher had picked the bug apart and published both proof-of-concept code and an explanation of the vulnerability, meaning that now's a really good time to update your iOS device.

New Patch Released for Actively Exploited 0-Day Apache Path Traversal to RCE Attacks
2021-10-10 19:57

The Apache Software Foundation on Thursday released additional security updates for its HTTP Server product to remediate what it says is an "Incomplete fix" for an actively exploited path traversal and remote code execution flaw that it patched earlier this week. CVE-2021-42013, as the new vulnerability is identified as, builds upon CVE-2021-41773, a flaw that impacted Apache web servers running version 2.4.49 and involved a path normalization bug that could enable an adversary to access and view arbitrary files stored on a vulnerable server.

Week in review: Electronic warfare, cybersecurity career plan, Patch Tuesday forecast
2021-10-10 08:00

Do you have a plan for your cybersecurity career? Time to skill up!Gerald Auger is a Managing Partner at Coastal Information Security Group, and Chief Content Creator at Simply Cyber. In this interview with Help Net Security, he talks about the cybersecurity skills shortage, the value of certification, as well as "Cybersecurity Career Master Plan", a book he co-authored.

Apache patch proves patchy – now you need to patch the patch
2021-10-08 18:21

If the first patch arrives too quickly, then it may not have been reviewed or tested quite as much as you might like. So it's not so much that the next patch in the queue catches up because the first one is too slow, but that the next one has to be completed in a rush to keep up.

October 2021 Patch Tuesday forecast: Halloween came early this year
2021-10-08 05:57

We'll need to watch closely to see which updates are released for the Finder vulnerability and if CVE-2021-30869 surfaces in any other versions of the operating system. Early indications show users having a smooth update from Windows 10.

Patch management complexity increased by remote work is putting organizations at risk
2021-10-08 04:30

57% of respondents stated that remote work has increased the complexity and scale of patch management. A patch for the vulnerability exploited by the ransomware had existed for several months before the initial attack, yet many organizations failed to implement it.

Apache emergency update fixes incomplete patch for exploited bug
2021-10-07 20:35

Apache Software Foundation has released HTTP Web Server 2.4.51 after researchers discovered that a previous security update didn't correctly fix an actively exploited vulnerability. On Tuesday, Apache released Apache HTTP 2.4.50 to fix an actively exploited path traversal vulnerability in version 2.4.49.

Apache Warns of Zero-Day Exploit in the Wild — Patch Your Web Servers Now!
2021-10-06 22:31

Apache has issued patches to address two security vulnerabilities, including a path traversal and file disclosure flaw in its HTTP server that it said is being actively exploited in the wild. "A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root," the open-source project maintainers noted in an advisory published Tuesday.

Apache web server zero-day bug is easy to exploit – patch now!
2021-10-06 18:29

The venerable Apache web server has just been updated to fix a dangerous remote code execution bug. This bug is already both widely-known and trivial to exploit, with examples now circulating freely on Twitter, and a single, innocent-looking web request aimed at your server could be enough for an attacker to take it over completely.