Security News
Zyxel has patched six vulnerabilities affecting its network attached storage devices, including several command injection flaws that can be easily exploited by unauthenticated attackers. One of the six plugged security holes is an improper authentication vulnerability in the devices' authentication module, and may allow unauthenticated attackers to grab system information by sending a specially crafted URL to a vulnerable device.
Google has rolled out six Chrome security fixes including one emergency patch for a bug for which exploit code is already out there. Google doesn't provide a whole lot of detail about the bug, nor any details about who may be exploiting it and to what nefarious end.
Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year. Citizen Lab disclosed two other zero-days, fixed by Apple in September and abused as part of a zero-click exploit chain to install NSO Group's Pegasus spyware.
Google has fixed the sixth Chrome zero-day vulnerability this year in an emergency security update released today to counter ongoing exploitation in attacks. Google TAG is known for uncovering zero-days, often exploited by state-sponsored hacking groups in spyware campaigns targeting high-profile individuals like journalists and opposition politicians.
Google has fixed the fifth Chrome zero-day vulnerability this year in an emergency security update released today to counter ongoing exploitation in attacks. Google TAG is known for uncovering zero-days, often exploited by state-sponsored hacking groups in spyware campaigns targeting high-profile individuals like journalists and opposition politicians.
It's time for all organizations to examine and potentially recalibrate their software update policies. This article delves into the why and how of this necessary introspection, aiming to provide a comprehensive guide to developing a robust software update policy fit for the modern workplace.
The 'ClearFake' fake browser update campaign has expanded to macOS, targeting Apple computers with Atomic Stealer malware. The ClearFake campaign started in July this year to target Windows users with fake Chrome update prompts that appear on breached sites via JavaScript injections.
Microsoft announced a new policy that allows admins to control how optional updates are deployed on Windows 10 enterprise endpoints on their networks. The policy will be available after installing the November optional update, and it can be configured as a Group Policy Object or a Configuration Service Provider policy to choose how monthly preview updates will be delivered to users across the entire organization via Windows Update for Business.
Something likely to be absent from Microsoft's Ignite event is talk of a fix rolled out to deal with malfunctioning Windows Server 2022 Virtual Machines following a problematic update from the company. The culprit was the KB5031364 October update, which contained a variety of fixes and updates for Windows Server 2022, from changing the spelling of Ukraine's capital from Kiev to Kyiv to addressing issues with the Server Message Block service.
Microsoft fixed a known issue causing blue screens and boot failures in Windows Server 2022 virtual machines deployed on VMware ESXi hosts. The company confirmed the issue days later, saying it only affects guest VMs on VMware ESXi hosts with an AMD Epyc physical processor, the "Expose IOMMU to guest OS" VMware option toggled on, and Virtualization Based Security and System Guard Secure Launch enabled in Windows Server 2022.