Security News

Why is patch management so difficult to master?
2021-05-26 05:30

Each vendor, platform, and application has its own approach to patch management. These processes can alleviate patch management pitfalls, support staff, and up-level an organization's overall security posture.

Critical RCE Vulnerability Found in VMware vCenter Server — Patch Now!
2021-05-25 21:57

VMware has rolled out patches to address a critical security vulnerability in vCenter Server that could be leveraged by an adversary to execute arbitrary code on the server. VMware vCenter Server is a server management utility that's used to control virtual machines, ESXi hosts, and other dependent components from a single centralized location.

May Android security updates patch 4 zero-days exploited in the wild
2021-05-19 16:53

According to info provided by Google's Project Zero team, four Android security vulnerabilities were exploited in the wild as zero-day bugs before being patched earlier this month. Attacks attempting to exploit these flaws were targeted and impacted a limited number of users based on information shared after this month's Android security updates were published.

When exploit code precedes a patch, attackers gain a massive head start
2021-05-14 03:30

The research found that when exploit code disclosure precedes a patch, attackers gain a 98-day advantage over defenders - that is, attackers deploy the exploit against more assets than defenders can mitigate for more than three months. The release of exploit code also drives a massive volume of exploits.

May 2021 Patch Tuesday: Adobe fixes exploited Reader 0-day, Microsoft patches 55 holes
2021-05-12 08:40

Adobe has fixed a Reader flaw exploited in attacks in the wild, as well as delivered security updates for eleven other products, including Magento, Adobe InDesign, Adobe After Effects, Adobe Creative Cloud Desktop Application, and others. Microsoft has plugged 55 security holes, none actively exploited.

Latest Microsoft Windows Updates Patch Dozens of Security Flaws
2021-05-12 02:15

Microsoft on Tuesday rolled out its scheduled monthly security update with patches for 55 security flaws affecting Windows, Exchange Server, Internet Explorer, Office, Hyper-V, Visual Studio, and Skype for Business. Another vulnerability of note is a remote code execution flaw in Hyper-V, which also scores the highest severity among all flaws patched this month with a CVSS rating of 9.9.

Microsoft Patch Tuesday, May 2021 Edition
2021-05-11 20:28

Microsoft today released fixes to plug at least 55 security holes in its Windows operating systems and other software. Kevin Breen from Immersive Labs said the fact that this one is just 0.2 points away from a perfect 10 CVSS score should be enough to identify just how important it is to patch.

Microsoft Patch Tuesday: 55 Vulnerabilities, 4 Critical, 3 Publicly Known
2021-05-11 18:45

Microsoft's monthly security patch release for May 2021 includes cover for 55 documented vulnerabilities, some serious enough to expose Windows users to remote code execution attacks. Microsoft on Tuesday shipped another massive Patch Tuesday bundle with cover for at least 55 documented security vulnerabilities affecting products in the Windows ecosystem.

Microsoft May 2021 Patch Tuesday fixes 55 flaws, 3 zero-days
2021-05-11 17:28

Today is Microsoft's May 2021 Patch Tuesday, and with it comes three zero-day vulnerabilities, so Windows admins will be rushing to apply updates. With today's update, Microsoft has fixed 55 vulnerabilities, with four classified as Critical, 50 as Important, and one as Moderate.

Week in review: Patch Tuesday forecast, how to select a DLP solution, is it OK to publish PoC exploits?
2021-05-09 08:00

Apple fixes four zero-days under attackA week after Apple patched a macOS zero-day exploited by Shlayer malware for months for months, the company has released new security updates for macOS, iOS, iPadOS and watch OS that plug four additional zero-days that "May have been actively exploited". Users increasingly putting password security best practices into playWhile there is awareness of password security best practices, there is still work to be done to put that awareness to full use, a Bitwarden survey reveals.