Ivanti plugs critical bug – but not before it was used against Norwegian...
Uncle Sam warns sysadmins to get patching as soon as possibleA critical security flaw in Ivanti's mobile endpoint management code was exploited and used to compromise 12 Norwegian government agencies...
View ArticleSneaky Python package security fixes help no one – except miscreants
Good thing these eggheads have created a database of patchesPython security fixes often happen through "silent" code commits, without an associated Common Vulnerabilities and Exposures (CVE)...
View ArticlePrepare for plenty more pain from Ivanti's MDM flaws, warn cyber agencies
Invaders already spent four or more months frolicking inside Norwegian government serversIntruders who exploited a critical Ivanti bug to compromise 12 Norwegian government agencies spent at least four...
View ArticleMicrosoft, Intel lead this month's security fix emissions
Downfall processor leaks, Teams holes, VPN clients at risk, and morePatch Tuesday Microsoft's August patch party seems almost boring compared to the other security fires it's been putting out lately.…
View ArticleNearly every AMD CPU since 2017 vulnerable to Inception data-leak attacks
It's like a nesting doll of security flawsAMD processor users, you have another data-leaking vulnerability to deal with: like Zenbleed, this latest hole can be to steal sensitive data from a running...
View ArticleMagento shopping cart attack targets critical vulnerability revealed in early...
Really? You didn't bother to patch a 9.8 severity critical flaw?Ecommerce stores using Adobe's open source Magento 2 software are being targeted by an ongoing exploitation campaign based on a critical...
View ArticleDon't just patch your Citrix gear, check for intrusion: Two bugs exploited in...
About 2,000 NetScaler installations feared compromised as CISA raises alarm over ShareFileUpdated Miscreants are actively exploiting critical bugs in two of Citrix's products, both of which the...
View ArticleIvanti Sentry exploited in the wild, patches emitted
Good thing you're not exposing admin port 8443 to the world, right? Uh, right?A critical authentication bypass bug in MobileIron Sentry has been exploited in the wild, its maker Ivanti said in an...
View ArticleYou patched yet? Years-old Microsoft security holes still hot targets for...
We're number one! We're number one! We're...It's generally accepted that security flaws in Microsoft's products are a top magnet for crooks and fraudsters: its sprawling empire of hardware and software...
View ArticleChrome, Firefox and more caught with their WebP down, offer hasty patch-up
Exploit observed in the wild against codec lib in browsers, appsUpdated Google and Mozilla have rushed out a fix for a vulnerability within their browsers – Chrome and Firefox, respectively – noting...
View ArticleGrab those updates: Microsoft flings out fixes for already-exploited bugs
Plus: Adobe and Android also tackle abused-in-the-wild flawsPatch Tuesday It's every Windows admin's favorite day of the month: Patch Tuesday. Microsoft emitted 59 patches for its September update...
View ArticleApple squashes security bugs after iPhone flaws exploited by Predator spyware
Holes in iOS, macOS and more fixed following tip off from Google, Citizen LabApple emitted patches this week to close security holes that have been exploited in the wild by commercial spyware.…
View ArticleNow MOVEit maker Progress patches holes in WS_FTP
Plus: Johnson Controls hit by IT 'incident', Exim and Chrome security updates, and moreInfosec in brief Progress Software, maker of the mass-exploited MOVEit document transfer tool, is back in the...
View ArticleMake-me-root 'Looney Tunables' security hole on Linux needs your attention
What's up, Doc? Try elevated permissionsGrab security updates for your Linux distributions: there's a security hole that can be fairly easily exploited by rogue users, intruders, and malicious software...
View ArticleIT networks under attack via critical Confluence zero-day. Patch now
'Handful' of customers hit so far, public-facing instances at riskAtlassian today said miscreants have exploited a critical bug in on-premises instances of Confluence Server and Confluence Data Center...
View ArticleAnother security update, Apple? You're really keeping up with your tech rivals
Zero day? More like every day, amirite?Apple has demonstrated that it can more than hold its own among the tech giants, at least in terms of finding itself on the wrong end of zero-day vulnerabilities.…
View ArticleFresh curl tomorrow will patch 'worst' security flaw in ages
It’s bad, folks. Pair of CVEs incoming on October 11Updated Start your patch engines – a new version of curl is due tomorrow that addresses a pair of flaws, one of which lead developer Daniel Stenberg...
View ArticleIt's 2023 and Microsoft WordPad can be exploited to hijack vulnerable systems
Happy Halloween! Security bugs under attack squashed, more flaws fixedPatch Tuesday Microsoft on Tuesday issued more than 100 security updates to fix flaws in its products, including two bugs that are...
View Articlecurl vulnerabilities ironed out with patches after week-long tease
The coordinated disclosure didn’t quite go to plan, thoughUpdated After a week of rampant speculation about the nature of the security issues in curl, the latest version of the command line transfer...
View ArticleUS cybercops urge admins to patch amid ongoing Confluence chaos
Do it now, no ifs or buts, says advisoryUS authorities have issued an urgent plea to network admins to patch the critical vulnerability in Atlassian Confluence Data Center and Server amid ongoing...
View Article
