Security News

Microsoft Patch Tuesday, May 2020 Edition
2020-05-12 21:16

Microsoft today issued software updates to plug at least 111 security holes in Windows and Windows-based programs. May marks the third month in a row that Microsoft has pushed out fixes for more than 110 security flaws in its operating system and related software.

Microsoft Addresses 111 Bugs for May Patch Tuesday
2020-05-12 20:14

An attacker who successfully exploited either vulnerability could run arbitrary code in kernel mode; thus, an attacker could then install programs; view, change or delete data; or create new accounts with full user rights. In all cases an attack requires user interaction, such as tricking users into clicking a link that takes them to the attacker's site.

May 2020 Patch Tuesday: Microsoft fixes 111 flaws, Adobe 36
2020-05-12 19:03

For the May 2020 Patch Tuesday, Microsoft has fixed 111 CVE-numbered flaws and Adobe 36, but none are under active attack. The vulnerability is found in most Windows 10 and Windows Server builds and Microsoft deems it "More likely to be exploited."

VMware to Patch Recent Salt Vulnerabilities in vROps
2020-05-11 14:25

VMware is working on patches for its vRealize Operations Manager product to fix two recently disclosed Salt vulnerabilities that have already been exploited to hack organizations. Researchers discovered recently that the configuration management and orchestration system Salt is affected by serious vulnerabilities that can be exploited for authentication bypass and directory traversal.

An Undisclosed Critical Vulnerability Affect vBulletin Forums — Patch Now
2020-05-11 12:11

If you are running an online discussion forum based on vBulletin software, make sure it has been updated to install a newly issued security patch that fixes a critical vulnerability. Maintainers of the vBulletin project recently announced an important patch update but didn't reveal any information on the underlying security vulnerability, identified as CVE-2020-12720.

An Undisclosed Critical Vulnerability Affect vBulletin Forums — Patch Now
2020-05-11 12:11

If you are running an online discussion forum based on vBulletin software, make sure it has been updated to install a newly issued security patch that fixes a critical vulnerability. Maintainers of the vBulletin project recently announced an important patch update but didn't reveal any information on the underlying security vulnerability, identified as CVE-2020-12720.

vBulletin fixes critical vulnerability, patch immediately!
2020-05-11 11:08

If you're using vBulletin to power your online forum(s), you should implement the newest security patches offered by the developers as soon as possible. The patches fix CVE-2020-12720, a vulnerability affecting versions 5.5.6, 5.6.0 and 5.6.1 with could be exploited without previous authentication.

Week in review: Password psychology, SaltStack Salt vulnerabilities exploited, Patch Tuesday forecast
2020-05-10 07:10

SaltStack Salt vulnerabilities actively exploited by attackers, patch ASAP!Two vulnerabilities in SaltStack Salt, an open-source remote task and configuration management framework, are being actively exploited by attackers, CISA warns. The US Department of Homeland Security and the UK National Cyber Security Centre issued a joint advisory in early April, warning about this increasing activity.

One malicious MMS is all it takes to pwn a Samsung smartphone: Bug squashed amid Android patch batch
2020-05-08 23:42

Today I'm happy to release new research I've been working on for a while: 0-click RCE via MMS in all modern Samsung phones, due to numerous bugs in a little-known custom "Qmage" image codec supported by Skia on Samsung devices. The patch coincides with Android's monthly release of security fixes: all owners of devices running supported versions of Android will want to check for and install relevant updates in May's patch batch.

May 2020 Patch Tuesday forecast: Time for a break?
2020-05-08 06:30

The forecast for May is looking light on updates, which will be a relief to many IT professionals busy dealing with increasing threats and the challenges of remote system management. Oracle released their Critical Patch Updates last month which happened to coincide with April Patch Tuesday.