Security News

Week in review: Patch Tuesday forecast, how to select a DLP solution, is it OK to publish PoC exploits?
2021-05-09 08:00

Apple fixes four zero-days under attackA week after Apple patched a macOS zero-day exploited by Shlayer malware for months for months, the company has released new security updates for macOS, iOS, iPadOS and watch OS that plug four additional zero-days that "May have been actively exploited". Users increasingly putting password security best practices into playWhile there is awareness of password security best practices, there is still work to be done to put that awareness to full use, a Bitwarden survey reveals.

May 2021 Patch Tuesday forecast: Spring cleaning is in order
2021-05-07 05:04

Coming back to the CIS controls, re-evaluate your patch management program to ensure you are prioritizing and applying updates to systems at highest risk of exploitation. You should have a plan in place to update to a newer version of these operating systems.

Microsoft Has Busy April Patch Tuesday with Zero-Days, Exchange Fixes
2021-04-14 12:46

Microsoft had its hands full Tuesday snuffing out five zero-day vulnerabilities, a flaw under active attack and applying more patches to its problem-plagued Microsoft Exchange Server software. Of note, the U.S. National Security Agency released information on four critical Exchange Server vulnerabilities impacting versions released between 2013 and 2019.

Microsoft Patch Tuesday, April 2021 Edition
2021-04-13 23:12

Microsoft today released updates to plug at least 110 security holes in its Windows operating systems and other products. The patches include four security fixes for Microsoft Exchange Server - the same systems that have been besieged by attacks on four separate bugs in the email software over the past month.

MS Patch Tuesday: NSA Reports New Critical Exchange Flaws
2021-04-13 18:26

Just weeks after a wave of major in-the-wild zero-day attacks against Exchange Server installations globally, Microsoft is raising a fresh alarm for four new critical security flaws that expose businesses to remote code execution attacks. The four new Exchange Server vulnerabilities were fixed as part of this month's Patch Tuesday bundle and because of the severity of these issues, Microsoft has joined with the U.S. National Security Agency to urge the immediate deployment of the new fixes.

Microsoft April 2021 Patch Tuesday fixes 108 flaws, 5 zero-days
2021-04-13 17:39

Today is Microsoft's April 2021 Patch Tuesday, and with it comes five zero-day vulnerabilities and more Critical Microsoft Exchange vulnerabilities. With today's update, Microsoft has fixed 108 vulnerabilities, with 19 classified as Critical and 89 as Important.

Week in review: SAP apps under attack, Zero Trust creator talks, Patch Tuesday forecast
2021-04-11 08:10

SAP applications are getting compromised by skilled attackersNewly provisioned, unprotected SAP applications in cloud environments are getting discovered and compromised in mere hours, Onapsis researchers have found, and vulnerabilities affecting them are being weaponized in less than 72 hours after SAP releases security patches. MindAPI makes API security research and testing easierSecurity researcher David Sopas has published a new open-source project: MindAPI, a mind map with resources for making API security research easier.

April 2021 Patch Tuesday forecast: Security best practices
2021-04-09 05:26

March kept us all very busy with the ongoing out-of-band Microsoft updates for Exchange Server and the printing BSODs, which plagued us since last Patch Tuesday. The Forum of Incident Response and Security Teams is an international organization that provides best practices and assistance when dealing with a security incident.

Microsoft Patch Tuesday, March 2021 Edition
2021-03-10 01:42

On the off chance you were looking for more security to-dos from Microsoft todaythe company released software updates to plug more than 82 security flaws in Windows and other supported software. This is probably a good place to quote Ghacks.net's Martin Brinkman: This is the last patch hurrah for the legacy Microsoft Edge web browser, which is being retired by Microsoft.

Microsoft Patch Tuesday Updates Fix 14 Critical Bugs
2021-03-09 22:12

Microsoft has released its regularly scheduled March Patch Tuesday updates, which address 89 security vulnerabilities overall. Included in the slew are 14 critical flaws and 75 important-severity flaws.