Security News

Apple Releases Urgent iPhone and iPad Updates to Patch New Zero-Day Vulnerability
2021-10-19 22:21

CVE-2021-30663 - Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2021-30665 - Processing maliciously crafted web content may lead to arbitrary code execution.

Microsoft issues advisory for Surface Pro 3 TPM bypass vulnerability
2021-10-19 09:12

Microsoft has published an advisory regarding a security feature bypass vulnerability impacting Surface Pro 3 tablets which could allow threat actors to introduce malicious devices within enterprise environments. Device Health Attestation is a cloud and on-premises service that validates TPM and PCR logs for endpoints and informs Mobile Device Management solutions if Secure Boot, BitLocker, and Early Launch Antimalware are enabled, Trusted Boot is correctly signed, and more.

A holistic approach to vulnerability management solidifies cyberdefenses
2021-10-07 18:46

Vulnerability scanners are not enough, according to an expert who champions an all-encompassing holistic approach to vulnerability management as a means to eliminate surprises. If that's not bad enough, there is confusion surrounding managing vulnerabilities, with most organizations depending on vulnerability scanners and some kind of policy as to when to update or patch the software/hardware.

Apache fixes actively exploited zero-day vulnerability, patch now
2021-10-05 13:56

The Apache Software Foundation has released version 2.4.50 of the HTTP Web Server to address two vulnerabilities, one of which is an actively exploited path traversal and file disclosure flaw.The Apache HTTP Server is an open-source, cross-platform web server that is extremely popular for being versatile, robust, and free.

Apache fixes zero-day vulnerability exploited in the wild, patch now
2021-10-05 13:56

The Apache Software Foundation has released version 2.4.50 of the HTTP Web Server to address two vulnerabilities, one of which is an actively exploited path traversal and file disclosure flaw. The Apache HTTP Server is an open-source, cross-platform web server that is extremely popular for being versatile, robust, and free.

Combating vulnerability fatigue with automated security validation
2021-10-04 06:00

Dealing with a problem with the wrong toolset leads to reverse evolution - as we can see in the vulnerability management market, where tools are becoming more of a distraction to security professionals than the insightful guide to better security that they promise to be. Legacy vulnerability management tools flood security teams with long lists of community prioritized vulnerabilities - there were more than 15,000 vulnerabilities found only in 2020.

How to install the Nessus vulnerability scanner on Rocky Linux
2021-09-30 19:05

If you're looking for one of the best vulnerability scanners on the market, Nessus might be the ticket. Nessus is a very popular vulnerability scanner used by tens of thousands of organizations across the globe.

Urgent Chrome Update Released to Patch Actively Exploited Zero-Day Vulnerability
2021-09-26 21:38

Google on Friday rolled out an emergency security patch to its Chrome web browser to address a security flaw that's known to have an exploit in the wild. Tracked as CVE-2021-37973, the vulnerability has been described as use after free in Portals API, a web page navigation system that enables a page to show another page as an inset and "Perform a seamless transition to a new state, where the formerly-inset page becomes the top-level document."

VMware Warns of Critical File Upload Vulnerability Affecting vCenter Server
2021-09-21 20:22

The most urgent among them is an arbitrary file upload vulnerability in the Analytics service that impacts vCenter Server 6.7 and 7.0 deployments. "A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file," the company noted, adding "This vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of the configuration settings of vCenter Server."

Unpatched High-Severity Vulnerability Affects Apple macOS Computers
2021-09-21 19:58

Cybersecurity researchers on Tuesday disclosed details of an unpatched vulnerability in macOS Finder that could be abused by remote adversaries to trick users into running arbitrary commands on the machines. "A vulnerability in macOS Finder allows files whose extension is inetloc to execute arbitrary commands, these files can be embedded inside emails which if the user clicks on them will execute the commands embedded inside them without providing a prompt or warning to the user," SSD Secure Disclosure said in a write-up published today.