Security News

April 2024 Patch Tuesday forecast: New and old from Microsoft
2024-04-08 05:20

Regular patch releases will be critical to keep this product updated because it does not receive immediate security updates like its related, cloud-connected versions. Hard to believe, Windows 11 21H2 for Education and Enterprise and Windows 11 22H2 Home and Pro are already reaching EOS on November 8th. Microsoft recently reversed its decision to end the preview updates for Windows 11 22H2 in February and announced it will continue through June.

March Patch Tuesday sees Hyper-V join the guest-host escape club
2024-03-13 00:16

Patch Tuesday Microsoft's monthly patch drop has arrived, delivering a mere 61 CVE-tagged vulnerabilities - none listed as under active attack or already known to the public. "This vulnerability would require an authenticated attacker on a guest VM to send specially crafted file operation requests on the VM to hardware resources on the VM which could result in remote code execution on the host server," according to the security update.

March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V
2024-03-12 19:55

On this March 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, but - welcome news! - none of them are currently publicly known or actively exploited. One of the two - CVE-2024-21338, an elevation of privilege vulnerability affecting the Windows Kernel - had been reported to Microsoft by Avast researchers, who later shared that it had been leveraged by North Korean hackers for months before the patch was released.

Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs
2024-03-12 17:52

Today is Microsoft's March 2024 Patch Tuesday, and security updates have been released for 60 vulnerabilities, including eighteen remote code execution flaws.This Patch Tuesday fixes only two critical vulnerabilities: Hyper-V remote code execution and denial of service flaws.

Week in review: Attackers use phishing emails to steal NTLM hashes, Patch Tuesday forecast
2024-03-10 09:00

What organizations need to know about the Digital Operational Resilience ActIn this Help Net Security interview, Kris Lovejoy, Global Security and Resilience Leader at Kyndryl, discusses the impact of the Digital Operational Resilience Act on organizations across the EU, particularly in ICT risk management and cybersecurity. Cisco patches Secure Client VPN flaw that could reveal authentication tokensCisco has fixed two high-severity vulnerabilities affecting its Cisco Secure Client enterprise VPN and endpoint security solution, one of which could be exploited by unauthenticated, remote attackers to grab users' valid SAML authentication token.

March 2024 Patch Tuesday forecast: A popular framework updated
2024-03-08 06:45

The February 2024 Patch Tuesday was pretty typical, with the standard Microsoft Windows, Office, and Exchange Server updates. Before we get to the March 2024 Patch Tuesday forecast, I want to provide information on the updated NIST framework.

Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 73 flaws
2024-02-13 19:07

Today is Microsoft's February 2024 Patch Tuesday, which includes security updates for 73 flaws and two actively exploited zero-days. The total count of 73 flaws does not include 6 Microsoft Edge flaws fixed on February 8th and 1 Mariner flaw.

Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 74 flaws
2024-02-13 19:07

Today is Microsoft's February 2024 Patch Tuesday, which includes security updates for 74 flaws and two actively exploited zero-days. The total count of 74 flaws does not include 6 Microsoft Edge and 1 Mariner flaw fixed on February 8th. To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5034765 cumulative update.

Week in review: 10 must-read cybersecurity books, AnyDesk hack, Patch Tuesday forecast
2024-02-11 09:00

Choosing the right partner when outsourcing cybersecurityIn this Help Net Security interview, Anya Shpilman, Senior Executive, Cyber Security Services at WDigital, discusses the benefits and potential risks of outsourcing cybersecurity services. Key strategies for ISO 27001 compliance adoptionIn this Help Net Security interview, Robin Long, founder of Kiowa Security, shares insights on how best to approach the implementation of the ISO/IEC 27001 information security standard.

February 2024 Patch Tuesday forecast: Zero days are back and a new server too
2024-02-09 06:24

Microsoft introduced the update process called 'flighting' for these preview builds, allowing automatic or manual in-place updates approximately every two weeks without needing a new install every time. Google released the Stable Channel updates 120.0.6099.234 for Mac, 120.0.6099.224 for Linux, and 120.0.6099.224/225 to Windows back on January 16.