Security News

Microsoft has plugged 120 flaws, two of which are being exploited in attacks in the wild. One is publicly known and being actively exploited, and another one is also under attack.

How can security leaders maximize security budgets during a time of budget cuts?While some security programs have become bloated, many don't necessarily deserve to be cut. Given the gravity of today's situation, it's time for security leaders to step in and do what they can to justify spending that bolsters their company's overall security posture.

The operational lifespan of an operating system version is shrinking, and the model has changed as Microsoft moved to the software-as-a-service model for Windows 10. Double check your applications to ensure compatibility as you make the operating system upgrades on these systems - you only have 2-3 months left!

Cisco has emitted 33 security bug fixes in its latest crop of software updates, five of those deemed critical. Affected devices include multiple RV-series routers, the RV110W series VPN Firewall, and the Cisco Prime License Manager.

A critical DNS bug and a publicly known elevation-of-privilege flaw top Microsoft's July Patch Tuesday list of 123 fixes. "A remote, unauthenticated attacker could exploit this vulnerability by sending a malicious request to a vulnerable Windows DNS server. Successful exploitation would allow the attacker to execute arbitrary code under the local system account context," wrote Satnam Narang, staff research engineer at Tenable, in the company's Patch Tuesday analysis.

Attackers are probing Citrix controllers and gateways through recently patched flawsSANS ISC's Dr. Johannes Ullrich spotted attackers attempting to exploit two of the Citrix vulnerabilities on his F5 BigIP honeypot. Exposing the privacy risks of home security camerasAn international study has used data from a major provider of home IP security cameras to evaluate potential privacy risks for users.

Despite these record CVE numbers, the actual number of updates have been down; we haven't seen Exchange or SQL Server updates in a while. Keep your eyes open on Tuesday to see if these CVEs show up in the cumulative monthly update.

Windows 10 users woke up to borked printers following the monthly Microsoft bugfix party, Patch Tuesday. The timing is unfortunate since many Windows 10 users are now working from home and relying on directly connected printers for remote working.

The lion's share of the bugs are rated important, but there are 11 CVEs rated critical. These are all bugs affecting Windows 10, and many also affected the latest 2004 build.

Microsoft today released software patches to plug at least 129 security holes in its Windows operating systems and supported software, by some accounts a record number of fixes in one go for the software giant. June marks the fourth month in a row that Microsoft has issued fixes to address more than 100 security flaws in its products.