Trojan appears that leverages patched Microsoft Office flaw

February 09, 2012

The exploit, which is being used in targeted attacks, arrives as an email that contains a Microsoft Word file and a separate DLL file, a rare combination considering DLL files are not typically sent over email.
 

Microsoft issues patch plans, includes Internet Explorer fix

February 09, 2012

Tuesday's monthly patch batch from Microsoft will be relatively light, with the software giant planning nine fixes -- four rated "critical" -- to address 21 vulnerabilities.
 

Adobe patches Reader bugs, releases new JavaScript feature

January 10, 2012

Adobe joined Microsoft with software updates on Tuesday for Reader and Acrobat. In addition, the PDF software company released a new capability that allows JavaScript to run based on document trust.
 

Microsoft issues seven security patches, BEAST fix included

January 10, 2012

While Tuesday's security update only contains one fix for a "critical" issue, it addresses a number of issues that could lead to malware infestations.
 

Microsoft preps seven security patches

January 05, 2012

The security update, which plans to address eight vulnerabilities, will include one "critical" fix.
 

Microsoft delivers rare out-of-band patch for ASP.NET issue

December 29, 2011

Some Microsoft engineers likely spent the holidays prepping a patch for a dangerous denial-of-service vulnerability affecting the .NET Framework.
 

Mozilla fixes crash issue after new Firefox version issued

December 22, 2011

One day after releasing version 9 of its Firefox web browser, Mozilla on Wednesday issued Firefox 9.0.1 to address an issue that caused Windows, Mac and Linux users' browsers to crash.
 

"Critical" Microsoft security bugs at lowest level since 2005

December 14, 2011

Microsoft officials credit more robust software security design with a diminished number of bugs garnering the tech giant's most severe rating.
 

Oracle updates Java, Adobe patches ColdFusion

December 13, 2011

An update from Oracle clears up, among other vulnerabilities, an issue that caused Java 6 Update 29 to break SSL connectivity. Meanwhile, Adobe offered a fix for its ColdFusion development platform.
 

Three "critical" patches to be in Microsoft security update

December 08, 2011

Microsoft on Tuesday is scheduled to release 14 patches to fix 20 vulnerabilities across its product line.
 

Firefox updates for security, user add-on control

November 09, 2011

Mozilla joined Microsoft and Adobe with security software updates on Tuesday.
 

Australian gov't wins U.S. security award from SANS

Darren Pauli, editor, SC Magazine, Australia/New Zealand October 27, 2011

An Australian government agency that instituted patching, whitelisting and account control as the foundation of its targeted attack defense took home a U.S. award from the SANS Institute.
 

HTC working with carriers to push Android bug fix

October 26, 2011

Users of HTC-made Android devices are receiving software security updates to correct a vulnerability that could be exploited by a third-party to steal personal information.
 

Apple releases OS X, iOS, Safari updates

October 13, 2011

Apple on Wednesday issued much-anticipated updates for its Mac OS X and iOS mobile operating system, adding support for its new iCloud service, and fixing a bevy of security flaws.
 

HTC confirms hole in its Android phones

October 04, 2011

HTC plans to release a patch after a "short" testing period, the company said Tuesday.
 

Oracle patches "Apache Killer" flaw in HTTP Server

September 16, 2011

A vulnerability could allow attackers to crash Oracle HTTP Server products based on Apache 2.0 or 2.2.
 

Microsoft, Adobe release scheduled security patches

September 13, 2011

Microsoft released five important bulletins addressing 15 flaws, along with an update revoking six more DigiNotar certificates, while Adobe issued critical updates for Reader and Acrobat.
 

Microsoft, Adobe announce forthcoming patches

September 08, 2011

Microsoft is readying five "important" security bulletins for Windows and Office, while Adobe plans to release critical updates for Reader and Acrobat.
 

Microsoft prepping 13 patches for 22 flaws

August 04, 2011

The software giant's monthly security update will include fixes for bugs in all versions of Internet Explorer.
 

Massive Safari update fixes dozens of security flaws

July 22, 2011

Along with the release of its latest platform, OS X Lion, Apple this week issued a new version of its Safari web browser, closing dozens of security flaws.
 

Report says firms must rethink patching strategy

July 15, 2011

Organizations should consider risk when fixing vulnerabilities, especially considering most bugs are present in third-party applications.
 

Microsoft issues four patches for 22 flaws

July 12, 2011

A vulnerability addressed Tuesday by Microsoft is present in the Bluetooth stack and places mobile users at risk to compromise.
 

Microsoft to plug 22 holes with four patches

July 07, 2011

Microsoft expects to release four patches next week to address 22 vulnerabilities in Windows and Office, the company said Thursday.
 

Apple updates Snow Leopard, preps for Lion

June 24, 2011

Apple on Thursday released an update to Mac OS X Snow Leopard (10.6), closing multiple vulnerabilities that could allow an attacker to run malicious code on an affected system.
 

Exploits begin for patched Internet Explorer bug

June 17, 2011

Attackers are now actively exploiting one of the 11 Internet Explorer (IE) vulnerabilities patched Tuesday by Microsoft, a Symantec researcher said Friday
 

Gmail users targeted by Adobe Flash exploit

June 06, 2011

Hackers are actively exploiting a cross-site scripting vulnerability in Adobe's Flash Player, the company revealed Sunday.
 

Oracle to patch Java SE next week

June 03, 2011

Oracle on Tuesday is planning to release patches to fix 17 vulnerabilities in its Java SE (Standard Edition) platform.
 

Microsoft distributes Windows, PowerPoint patches

May 10, 2011

Microsoft on Tuesday delivered two patches to address three vulnerabilities, but because of default settings, built-in protections and unaffected newer versions, experts don't anticipate widespread attacks ensuing.
 

Users asked to update to latest Skype for Mac

May 09, 2011

Skype already has fixed a major vulnerability in its Mac client, but many users only began installing the update Monday.
 

Apple delivers updates related to Comodo, Pwn2Own

April 15, 2011

Apple released a number of security updates for Mac OS X, Safari and iOS.
 

Microsoft distributes 17 patches for 64 flaws

April 12, 2011

The software giant ranks fixes for Internet Explorer, SMB as the month's most pressing.
 

Microsoft, Google warn of limited MHTML exploits

March 14, 2011

Cybercriminals are launching "limited, targeted attacks" against an unpatched scripting vulnerability that affects all supported versions of Windows, Microsoft has warned.
 

Microsoft closes four vulnerabilities, including DLL issues

March 08, 2011

Microsoft on Tuesday issued three patches to close four vulnerabilities that try to use a new remote attack vector to spread malware.
 

Microsoft fixes coming for Office, Windows flaws

March 03, 2011

Three fixes from Microsoft await security administrators next week, the software giant announced Thursday.
 

Two known flaws highlight Microsoft patch batch

February 08, 2011

Microsoft on Tuesday released 12 patches to correct 22 vulnerabilities, including two zero-day bugs, as part of its February security update.
 

Oracle releases 66 fixes in its quarterly patch cycle

January 19, 2011

Oracle released 66 security patches for 43 Oracle security vulnerabilities and 23 for Sun software.
 

Microsoft kicks off 2011 with light patch load

January 11, 2011

Tuesday's security update is comprised of two fixes for three vulnerabilities, but it does not address two publicly known flaws.
 

Fixes for two Windows flaws coming from Microsoft

January 06, 2011

Microsoft is letting administrators ease their way into the New Year, with plans to issue only two patches next week.
 

Microsoft security update includes IE, Stuxnet repairs

December 14, 2010

IT administrators on Tuesday received their holiday greetings from Microsoft: a whopper of a security update, comprised of 17 patches to fix 40 vulnerabilities.
 

Microsoft to address IE, Stuxnet flaws, 38 others

December 09, 2010

Two publicly known issues are expected to be addressed Tuesday when Microsoft releases 17 patches to correct 40 product vulnerabilities.
 

Latest Mac OS X update locks out some PGP users

November 12, 2010

A massive security update from Apple this week fixed more than 130 security flaws in its Mac OS X operating system, but it left some PGP users unable to reboot their computers.
 

Patch management should be core to operations

November 11, 2010

With the number of vulnerabilities rising, solid patch management is essential, a panel said Thursday at SC World Congress in New York.
 

Automated patches necessary for true endpoint security

November 10, 2010

Attackers are no longer going after the obvious software targets because there are too many ripe options available in the form of third-party applications, a panelist said at SC World Congress.
 

Targeted, smarter attacks dominate 2010 threat landscape

November 10, 2010

According to an SC World Congress speaker, cybercriminals have over the past year grown more innovative and relied heavily on opportunistic, targeted and blended attacks.
 

Quiet Microsoft update fixes 11 flaws with three patches

November 09, 2010

Microsoft on Tuesday released three patches to close 11 vulnerabilities, only one of which drew a "critical" rating.
 

Office, Unified Access Gateway to see fixes from Microsoft

November 04, 2010

Microsoft is prepping three patches for next week's monthly security update.
 

Mozilla releases Firefox 3.6.11 to address 12 flaws

October 20, 2010

Mozilla on Tuesday released an updated version of its Firefox web browser to shore up a dozen vulnerabilities.
 

Oracle issues massive quarterly update with Java fixes

October 13, 2010

Oracle on Tuesday released a massive quarterly security update with fixes for a number of enterprise products, as well as a separate batch of security fixes for Java.
 

IE, Office, Windows get patches in latest Microsoft update

October 12, 2010

Microsoft on Tuesday shipped 16 patches for a record-setting 49 vulnerabilities affecting Windows, Internet Explorer, Office and the .NET Framework.
 

Oracle fixes add to massive patch load expected Tuesday

October 08, 2010

Microsoft called, and Oracle raised. On the heels of Redmond announcing a planned record-breaking security update, the database giant has countered with plans of a monster patch delivery itself.
 

New Reader, Acrobat from Adobe fixed for 23 flaws

October 05, 2010

Adobe on Tuesday released updated versions of its flagship Reader and Acrobat products to close a whopping 23 vulnerabilities, including two publicly known issues.
 

Microsoft to issue ASP.net patch out of cycle on Tuesday

September 27, 2010

Microsoft on Tuesday will make available a patch for a zero-day vulnerability affecting ASP.net.
 

Apple patches zero-day QuickTime flaw with 7.6.8 release

September 15, 2010

Apple on Wednesday released a new version of QuickTime to plug two vulnerabilities, including a zero-day flaw that is being actively exploited simply by tricking a victim into visiting a web page.
 

Microsoft fixes another Stuxnet-related bug, 10 others

September 14, 2010

Microsoft devoted yet another patch this month to close off the possible spread of the insidious Stuxnet worm, which was built to target industrial control systems, specifically products manufactured by SCADA manufacturer Siemens.
 

Microsoft to issue nine patches, four for "critical" bugs

September 09, 2010

Microsoft is planning to release nine patches on Tuesday to plug 13 holes as part of the software giant's monthly security update.
 

IBM admits erring in statistics on vendor patching

August 31, 2010

The IBM X-Force research team has revised a part of its recently released trends and risk report that analyzed how well popular software vendors did in patching vulnerabilities disclosed in the first half of the year.
 

Apple releases OS X update, fixes 13 flaws

August 25, 2010

Apple on Tuesday issued an update to Mac OS X to fix 13 flaws, including one that is similar to the "jailbreak" vulnerability already patched in its mobile OS.
 

Adobe ships Flash Player update, ColdFusion hotfix

August 11, 2010

Adobe on Tuesday issued fixes for "critical" flaws in its Flash Player. Next week, it plans to release an out-of-band update for Reader and Acrobat.
 

Microsoft lists 4 of its record 14 patches as high priority

August 10, 2010

Microsoft's record-breaking month of patches includes fixes for 34 flaws across the software giant's product line.
 

Microsoft readies record 14 fixes, eight critical

August 05, 2010

Microsoft on Thursday announced that next week it plans to deliver a record 14 patches to resolve 34 vulnerabilities across its product line.
 

ZDI bug bounty program imposes fix deadline for vendors

August 03, 2010

In an effort to take back some of the control from vendors, the leading third-party bug bounty program plans to give providers six months to fix reported vulnerabilities -- or face limited public disclosure.
 

Critical flaws discovered in widely used embedded OS

August 03, 2010

Two critical vulnerabilities have been discovered in an embedded operating system used in 500 million devices.
 

Microsoft repairs shortcut flaw leading to SCADA malware

August 02, 2010

Microsoft on Monday released an emergency fix for a Windows vulnerability that is being exploited to launch attacks against industrial control systems.
 

Safari update fixes auto-fill flaw ahead of Black Hat talk

July 28, 2010

Apple on Wednesday issued updates for its Safari 4 and 5 web browser to fix 15 vulnerabilities, some of which could lead to arbitrary code execution or information disclosure. Safari 5.0.1 and 4.1.1 fix an issue with the browser's auto-fill feature, which is used to automatically fill out web forms using information in a user's computer or address book. The flaw could allow a maliciously crafted website to trigger auto-fill without user interaction, potentially leading to information disclosure. The patch comes one day before Jeremiah Grossman, founder and CTO of WhiteHat Security, is set to present about the vulnerability at the Black Hat conference in Las Vegas. The Safari updates also fix several flaws in WebKit, an open-source application framework. - AM
 

Microsoft announces "coordinated" plan for bug reporting

July 22, 2010

Microsoft on Thursday unveiled a new initiative that attempts to reframe the debate around vulnerability disclosure.
 

Google: Plug critical holes within 60 days across industry

July 21, 2010

Fresh off the controversy of one of its researchers publicly dropping a Microsoft zero-day vulnerability, Google now is hoping to lead the development of industry-accepted standards for vulnerability disclosure.
 

Oracle's quarterly update resolves 59 vulnerabilities

July 14, 2010

Oracle's quarterly security update released Tuesday includes fixes for the popular Database Server and Solaris operating system products.
 

Microsoft fixes Ormandy zero-day, four other bugs

July 13, 2010

Microsoft on Tuesday pushed out four patches to address five vulnerabilities in Microsoft Windows and Office. It also marks the last security update for Windows 2000 and XP Service Pack 2.
 

Software flaws, delayed patching reign so far this year

July 12, 2010

2010 is on pace to become a record-setting year for software vulnerabilities, and third-party applications that are not properly patched are a major blame, according to a new Secunia report.
 

Microsoft to fix Windows Help Center flaw, four others

July 08, 2010

Microsoft on Tuesday expects to close two zero-day vulnerabilities, including the widely covered Windows Help and Support Center flaw, which now is being widely exploited.
 

Adobe "Launch" flaw may not be fixed after all

July 02, 2010

A security researcher on Thursday said that he has discovered a way to bypass Adobe's Reader and Acrobat fix for a highly publicized flaw that takes advantage of a native PDF feature.
 

New versions of Reader, Acrobat close publicized flaws

June 29, 2010

Adobe's release Tuesday of updates to Reader and Acrobat include fixes for a dangerous zero-day vulnerability and protection against exploiting the PDF specification's "/Launch" functionality.
 

Mac update plugs 28 flaws, does not include Flash 10.1

June 16, 2010

Apple has pushed out a Mac OS X update, its fourth of the year, to close more than two dozen vulnerabilities.
 

Microsoft issues 10 patches as part of June update

June 08, 2010

Microsoft on Tuesday pushed out 10 patches to address a whopping 34 vulnerabilities as part of its June security update.
 

Adobe readies Flash fix for Thursday

June 08, 2010

Less than a week after it announced a zero-day vulnerability in Flash Player, Adobe plans to release a fix.
 

SharePoint, IE part of Microsoft patch plans

June 03, 2010

After a quiet May update, Microsoft is planning 10 patches next week, including fixes for zero-day issues in SharePoint and Internet Explorer.
 

Microsoft pushes fixes for two bugs in light Patch Tuesday

May 11, 2010

Microsoft distributed two patches on Tuesday for issues in Windows and Office, but customers must wait until at least next month for a SharePoint security fix.
 

Microsoft plans two patches, no SharePoint fix

May 06, 2010

Microsoft is planning a light patch load for next week, the software giant announced Thursday. Due to timing, the company was unable to produce a fix for a recently disclosed SharePoint vulnerability.
 

Two severe bugs silently fixed in recent Microsoft update

May 06, 2010

A recent Microsoft security patch silently fixed two severe vulnerabilities that were not disclosed, leading to criticism that the software giant downplayed the severity of the patch.
 

Microsoft revokes recent security bulletin for critical flaw

April 23, 2010

Microsoft may issue an out-of-band patch next week after revoking a security update issued on April 13 that did not fix a critical vulnerability.
 

Oracle issues critical patch update for 47 flaws

April 14, 2010

Oracle on Tuesday issued a critical patch update to correct 47 vulnerabilities across several of its portfolios, including the newly acquired Sun product line.
 

Microsoft patches 25 flaws with 11 patches, five critical

April 13, 2010

Microsoft on Tuesday released 11 patches to address 25 vulnerabilities, including two zero-day vulnerabilities. But the company rated three other fixes as top priorities for security administrators.
 

Adobe pushes updates to repair 15 Reader bugs

April 13, 2010

Adobe on Tuesday released updates to its Reader and Acrobat software, and for the first time, the new versions automatically can be installed via a new feature.
 

Microsoft to patch 25 flaws, including VBScript and SMB

April 09, 2010

Microsoft's Patch Tuesday plans include 11 fixes for 25 vulnerabilities, two of which address publicly known issues.
 

Adobe to unveil updater tool with quarterly release

April 09, 2010

Adobe plans to officially roll out its new automatic updater feature when it releases new versions of Reader and Acrobat on Tuesday.
 

Microsoft pushes emergency browser fix for 10 bugs

March 30, 2010

Microsoft on Tuesday released an out-of-cycle fix for an actively exploited vulnerability, plus nine other Internet Explorer flaws.
 

Microsoft to deliver Internet Explorer fix two weeks early

March 29, 2010

Microsoft plans on Tuesday to release an emergency patch for a zero-day vulnerability affecting Internet Explorer versions 6 and 7, the software giant announced Monday.
 

GAO report says IRS still has security holes to close

March 22, 2010

The Internal Revenue Service is making strides toward improving its information security posture, but significant shortfalls remain, according to a new report from the U.S. Government Accountability Office (GAO).
 

India, Mexico, Brazil have most Mariposa bots

March 10, 2010

The Mariposa botnet infected PCs from almost every country around the world, making it one of the largest networks of compromised computers ever seen.
 

Microsoft offers two fixes, but reveals a zero-day bug

March 09, 2010

Microsoft fixed eight vulnerabilities with two patches on Tuesday, but it also disclosed a new, zero-day Internet Explorer flaw that is being leveraged in active attacks.
 

RSA Conference: Panel debates expectations of responsible disclosure of vulnerabilities

March 05, 2010

Vendors, end-users and security researchers debated the merits of "responsible disclosure" in a panel discussion this week at the RSA Conference in San Francisco.
 

Microsoft readies two patches for Windows, Office flaws

March 05, 2010

After a major patch batch in February, administrators can only expect two fixes, rated "important," in next week's monthly security update from Microsoft.
 

Rootkit to blame for Windows fix resulting in blue screen

February 18, 2010

Microsoft has concluded that PCs displaying the "blue screen of death" when trying to install a February patch contain a rootkit.
 

Adobe patches Flash Player, plans out-of-band Reader fix

February 12, 2010

Adobe has released an update for its Flash Player, while also announcing plans to upgrade Reader and Acrobat next week.
 

SMB, DirectShow top the list of Microsoft patches

February 09, 2010

After a restful January, Microsoft pushed out 13 patches to rectify 26 vulnerabilities, mostly affecting issues in Windows.
 

Microsoft to deliver 13 security patches for 26 bugs

February 05, 2010

After a relatively quiet January, administrators next week will have to deal with an unusually large security update from Microsoft, with 26 vulnerabilities in line for fixing.
 

Microsoft responds to Black Hat talk with IE bug advisory

February 03, 2010

An Internet Explorer vulnerability revealed at this week's Black Hat conference in Washington, D.C. prompted Microsoft to issue an advisory on the issue.
 

Apple resolves five iPhone bugs with update

February 02, 2010

Apple on Tuesday pushed out an iPhone and iPod Touch security update.
 

Microsoft patches Internet Explorer hole used in spying

January 21, 2010

A "critical" Internet Explorer vulnerability, used as part of a mix of malware designed to steal sensitive intellectual property from major U.S. companies, was fixed on Thursday.
 

Microsoft confirms low-risk zero-day in Windows kernel

January 21, 2010

Microsoft is dealing with another zero-day vulnerability, albeit a less risky one than the notorious Internet Explorer flaw being leveraged in data-theft attacks on major companies.
 
Powered by Disqus
Popular Topics
Analyst Reports & Industry Surveys Android Anonymous Breaches & Exposures Canada Data Breaches DNS Education Finance Government Hackers Hacktivism Health Care Lawbreakers & Cybercrime Lawsuit Legislation LulzSec Malware Mobile Applications Mobile Devices Patch Management PCI Compliance SC Awards 2012 Trojans Vulnerabilities & Flaws