Security News

Microsoft Patch Tuesday, April 2021 Edition
2021-04-13 23:12

Microsoft today released updates to plug at least 110 security holes in its Windows operating systems and other products. The patches include four security fixes for Microsoft Exchange Server - the same systems that have been besieged by attacks on four separate bugs in the email software over the past month.

CISA gives federal agencies until Friday to patch Exchange servers
2021-04-13 21:59

The US Cybersecurity and Infrastructure Security Agency has ordered federal agencies to install newly released Microsoft Exchange security updates by Friday. Today, Microsoft released security updates for four Microsoft Exchange vulnerabilities discovered by the NSA. These Exchange vulnerabilities are capable of remote code execution, with two vulnerabilities not requiring attackers to authenticate first.

NSA discovers critical Exchange Server vulnerabilities, patch now
2021-04-13 19:15

Microsoft today has released security updates for Exchange Server that address a set of four vulnerabilities with severity scores ranging from high to critical. The flaws affect on-premise Exchange Server versions 2013 through 2019 and while there is no evidence of being exploited in the wild, Microsoft assesses that threat actors are likely to leverage them as soon as they create an exploit.

MS Patch Tuesday: NSA Reports New Critical Exchange Flaws
2021-04-13 18:26

Just weeks after a wave of major in-the-wild zero-day attacks against Exchange Server installations globally, Microsoft is raising a fresh alarm for four new critical security flaws that expose businesses to remote code execution attacks. The four new Exchange Server vulnerabilities were fixed as part of this month's Patch Tuesday bundle and because of the severity of these issues, Microsoft has joined with the U.S. National Security Agency to urge the immediate deployment of the new fixes.

Microsoft April 2021 Patch Tuesday fixes 108 flaws, 5 zero-days
2021-04-13 17:39

Today is Microsoft's April 2021 Patch Tuesday, and with it comes five zero-day vulnerabilities and more Critical Microsoft Exchange vulnerabilities. With today's update, Microsoft has fixed 108 vulnerabilities, with 19 classified as Critical and 89 as Important.

Week in review: SAP apps under attack, Zero Trust creator talks, Patch Tuesday forecast
2021-04-11 08:10

SAP applications are getting compromised by skilled attackersNewly provisioned, unprotected SAP applications in cloud environments are getting discovered and compromised in mere hours, Onapsis researchers have found, and vulnerabilities affecting them are being weaponized in less than 72 hours after SAP releases security patches. MindAPI makes API security research and testing easierSecurity researcher David Sopas has published a new open-source project: MindAPI, a mind map with resources for making API security research easier.

April 2021 Patch Tuesday forecast: Security best practices
2021-04-09 05:26

March kept us all very busy with the ongoing out-of-band Microsoft updates for Exchange Server and the printing BSODs, which plagued us since last Patch Tuesday. The Forum of Incident Response and Security Teams is an international organization that provides best practices and assistance when dealing with a security incident.

Cisco Will Not Patch Critical RCE Flaw Affecting End-of-Life Business Routers
2021-04-09 04:56

Networking equipment major Cisco Systems has said it does not plan to fix a critical security vulnerability affecting some of its Small Business routers, instead urging users to replace the devices. The bug, tracked as CVE-2021-1459, is rated with a CVSS score of 9.8 out of 10, and affects RV110W VPN firewall and Small Business RV130, RV130W, and RV215W routers, allowing an unauthenticated, remote attacker to execute arbitrary code on an affected appliance.

Sitting comfortably? Then it's probably time to patch, as critical flaw uncovered in npm's netmask package
2021-03-29 18:27

The widely used npm library netmask has a networking vulnerability arising from how it parses IP addresses with a leading zero, leaving an estimated 278,000 projects at risk. Researchers Victor Viale, Sick Codes, Kelly Kaoudis, John Jackson, and Nick Sahler have disclosed a digital nasty, tracked as CVE-2021-28918, in the hugely widespread netmask npm package.

Patch alert for Apple fans: Cybercrooks have already been exploiting this flaw in iPhones, iPads, and watches
2021-03-29 10:27

Apple has issued critical security patches for all supported phones, fondleslabs, and watches after being alerted to multiple possible intrusions by Google. According to Apple, the flaw allows for the creation of "Maliciously crafted web content," which "May lead to universal cross-site scripting." Apple has heard that the code snafu "May have been actively exploited."