Security News

Was that November's Patch Tuesday? Already? Oh, no, it's just Adobe issuing 14 emergency security fixes
2020-11-04 06:28

Adobe on Tuesday published updated versions of its Acrobat and Reader software to fix fourteen flaws, four of which have been designated "Critical." These updates should be installed as soon as possible to close off their vulnerabilities. Adobe generally issues patches on "Patch Tuesday," a date observed by many tech companies that falls on the second Tuesday of every month.

Automation software slinger SaltStack warns of stop-watching-the-election-and-patch-now bugs
2020-11-04 02:45

SaltStack has officially revealed three bugs in its code - two of them seemingly critical - and told users: "We strongly recommend that you prioritize this update." But the biz appears to have known about the bugs for months and quietly patched them over the summer. SaltStack offers open-source, Python-based automation tools.

SaltStack reveals new critical vulnerabilities, patch now
2020-11-03 14:33

SaltStack, a VMware-owned company, has revealed critical vulnerabilities impacting Salt versions 3002 and prior, with patches available as of today. While the vulnerabilities were disclosed today, it is worth noting that fixes for all three vulnerabilities were committed and disclosed to GitHub much earlier.

Oracle issues emergency patch for critical WebLogic Server flaw
2020-11-02 14:06

Oracle issued an out-of-band security update over the weekend to address a critical remote code execution vulnerability impacting multiple Oracle WebLogic Server versions. Supported Oracle WebLogic Server versions that are affected by CVE-2020-14750 include 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0.

AST TaaS 3.0 enables orgs to accelerate release, patch, and upgrade test cycles across Oracle Cloud apps
2020-10-29 01:00

Applications Software Technology announced the version 3.0 release of AST's automated Testing-as-a-Service, powered by the unique and proprietary AST Autonomous Cloud Tester tool. The latest series of enhancements enables organizations to further accelerate their release, patch, and upgrade test cycles across the full breadth of Oracle Cloud applications.

How much does Oracle love you? Thiiiis much: Latest patch bundle has 402 fixes
2020-10-21 18:32

"Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches," the database giant warned in its advisory accompanying its software patches. "In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay."

Chrome zero-day in the wild – patch now!
2020-10-21 17:47

A trip to the About Chrome or About Chromium dialog should give the version identifier 86.0.4240.111. If you're in the habit of rarely shutting down your computer, or even of rarely exiting from your browser, now would be a good "Rare moment" to give Chrome a chance to ingest the update.

Oracle Kills 402 Bugs in Massive October Patch Update
2020-10-21 17:21

Business software giant Oracle is urging customers to update their systems in the October release of its quarterly Critical Patch Update, which fixes 402 vulnerabilities across various product families. "In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay."

Top tip, everyone: Chinese hackers are hitting these 25 vulns, so make sure you patch them ASAP, says NSA
2020-10-20 23:40

The NSA has blown the lid off 25 computer security vulnerabilities Chinese government hackers are using to break into networks, steal data, and so on. CVE-2019-0708: A remote code execution vulnerability exists within Microsoft Windows' Remote Desktop Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests.

First, Patch Tuesday. Now, Oh Hell, Monday: Microsoft emits bonus fixes for Visual Studio, Windows 10 security bugs
2020-10-19 14:43

Just days after issuing fixes for scores of bugs in its products for this month's Patch Tuesday, Microsoft has issued two more patches for security holes that can be exploited by maliciously crafted files to run malware on victims' computers. The first, CVE-2020-17023, is a Visual Studio issue that allows for remote code execution after getting the target to click on a specially crafted package.