Security News

Apple fixes four zero-days under attackA week after Apple patched a macOS zero-day exploited by Shlayer malware for months for months, the company has released new security updates for macOS, iOS, iPadOS and watch OS that plug four additional zero-days that "May have been actively exploited". Users increasingly putting password security best practices into playWhile there is awareness of password security best practices, there is still work to be done to put that awareness to full use, a Bitwarden survey reveals.

Coming back to the CIS controls, re-evaluate your patch management program to ensure you are prioritizing and applying updates to systems at highest risk of exploitation. You should have a plan in place to update to a newer version of these operating systems.

Microsoft had its hands full Tuesday snuffing out five zero-day vulnerabilities, a flaw under active attack and applying more patches to its problem-plagued Microsoft Exchange Server software. Of note, the U.S. National Security Agency released information on four critical Exchange Server vulnerabilities impacting versions released between 2013 and 2019.

Microsoft today released updates to plug at least 110 security holes in its Windows operating systems and other products. The patches include four security fixes for Microsoft Exchange Server - the same systems that have been besieged by attacks on four separate bugs in the email software over the past month.

Just weeks after a wave of major in-the-wild zero-day attacks against Exchange Server installations globally, Microsoft is raising a fresh alarm for four new critical security flaws that expose businesses to remote code execution attacks. The four new Exchange Server vulnerabilities were fixed as part of this month's Patch Tuesday bundle and because of the severity of these issues, Microsoft has joined with the U.S. National Security Agency to urge the immediate deployment of the new fixes.

Today is Microsoft's April 2021 Patch Tuesday, and with it comes five zero-day vulnerabilities and more Critical Microsoft Exchange vulnerabilities. With today's update, Microsoft has fixed 108 vulnerabilities, with 19 classified as Critical and 89 as Important.

SAP applications are getting compromised by skilled attackersNewly provisioned, unprotected SAP applications in cloud environments are getting discovered and compromised in mere hours, Onapsis researchers have found, and vulnerabilities affecting them are being weaponized in less than 72 hours after SAP releases security patches. MindAPI makes API security research and testing easierSecurity researcher David Sopas has published a new open-source project: MindAPI, a mind map with resources for making API security research easier.

March kept us all very busy with the ongoing out-of-band Microsoft updates for Exchange Server and the printing BSODs, which plagued us since last Patch Tuesday. The Forum of Incident Response and Security Teams is an international organization that provides best practices and assistance when dealing with a security incident.

On the off chance you were looking for more security to-dos from Microsoft todaythe company released software updates to plug more than 82 security flaws in Windows and other supported software. This is probably a good place to quote Ghacks.net's Martin Brinkman: This is the last patch hurrah for the legacy Microsoft Edge web browser, which is being retired by Microsoft.

Microsoft has released its regularly scheduled March Patch Tuesday updates, which address 89 security vulnerabilities overall. Included in the slew are 14 critical flaws and 75 important-severity flaws.