Get up-to-the-minute news and opinions, plus access to a wide assortment of IT security resources that will keep you current and informed.

Keep me logged in Forgot your password?

Please wait...

Please wait...

Microsoft hands out more Duqu fixes despite prior patch

May 08, 2012

Just when you thought all of the windows that control system recon trojan Duqu used to propagate had been roped off, the software giant releases a new set of fixes.
 

Major software flaws in iPhones, iPads fixed in update

May 07, 2012

A difficult-to-find vulnerability, disclosed in March at Google's inaugural hacker competition, was among the iOS fixes.
 

Flash flaw being used to deliver email based attacks

May 04, 2012

Adobe on Friday issued an emergency patch for a critical bug in its Flash Player software that is being used in targeted malware attacks.
 

Chinese firewall maker booted from Microsoft sharing program

May 03, 2012

The leak of details regarding a major Windows bug, which resulted in the removal of DPTech Technologies as a trusted Microsoft partner, calls into question how impervious a vulnerability sharing program can be.
 

Oracle lists workarounds following zero-day disclosure

May 01, 2012

Oracle on Monday urged customers to apply a number of technical measures so organizations can avoid falling victim to a zero-day vulnerability for which proof-of-concept code has been posted.
 

Researcher confused over handling of Oracle database bug

April 26, 2012

A security researcher who reported a vulnerability in the popular Oracle database product said Thursday that his discovery was never patched and remains wide open to attack.
 

Firefox and Opera unveil new security, privacy features

April 26, 2012

Firefox's update includes a new auto-update capability, while Opera's new release contains functionality to prevent the tracking of online users by websites.
 

Third Apple Java update rids infections and turns off Java

April 13, 2012

Apple has released a third update related to Flashback, but this time, the patch comes with a detection and removal capability for the prolific trojan, and disables Java by default.
 

Oracle to issue quarterly patches next week

April 13, 2012

Oracle next week will release 88 new security vulnerability fixes across hundreds of its products.
 

Apple says it is working to shut down Flashback infections

April 11, 2012

The company said it is creating software that will detect and remove Flashback, as well as coordinating with global ISPs to dismantle the botnet's infrastructure.
 

Microsoft patches 11 security issues, attacks underway

April 10, 2012

Administrators better hurry to patch at least one vulnerability, in Windows Common Controls, that is being used in limited but targeted exploits.
 

Microsoft to sew up 11 security vulnerabilities next week

April 05, 2012

Get ready IT administrators: Scheduled patches from Microsoft -- and Adobe -- are set to arrive on Tuesday.
 

Exploit for gaping Microsoft RDP hole may have gotten help

March 16, 2012

A proof-of-concept that has emerged and takes advantage of a very serious Windows vulnerability may have been the result of a leak, said the researcher who first discovered the bug.
 

Wormable Microsoft RDP flaw appears closer to exploit

March 15, 2012

The race appears to be on to develop a working exploit for a serious Windows vulnerability patched earlier this week by Microsoft.
 

Flaw in Microsoft tool that enables remote connect is patched

March 13, 2012

A severe vulnerability in the Remote Desktop Protocol, which was patched by Microsoft on Tuesday along with six other bugs, affects all versions of Windows and could result in a worm.
 

Microsoft to patch seven security issues with six bulletins

March 08, 2012

Microsoft next week plans to release six patches, including one for a "critical" vulnerability affecting all supported versions of the software giant's operating system.
 

Adobe patches Flash because of ongoing attacks

February 15, 2012

A cross-site scripting vulnerability being exploited in the wild has prompted Adobe to issue an update to its Flash Player, a move that may catch security pros off guard.
 

Internet Explorer patch heads Microsoft security update

February 14, 2012

Happy Valentine's Day, IT administrators. Microsoft has showered you with nine security patches to remedy 21 vulnerabilities.
 

Trojan appears that leverages patched Microsoft Office flaw

February 09, 2012

The exploit, which is being used in targeted attacks, arrives as an email that contains a Microsoft Word file and a separate DLL file, a rare combination considering DLL files are not typically sent over email.
 

Microsoft issues patch plans, includes Internet Explorer fix

February 09, 2012

Tuesday's monthly patch batch from Microsoft will be relatively light, with the software giant planning nine fixes -- four rated "critical" -- to address 21 vulnerabilities.
 

Adobe patches Reader bugs, releases new JavaScript feature

January 10, 2012

Adobe joined Microsoft with software updates on Tuesday for Reader and Acrobat. In addition, the PDF software company released a new capability that allows JavaScript to run based on document trust.
 

Microsoft issues seven security patches, BEAST fix included

January 10, 2012

While Tuesday's security update only contains one fix for a "critical" issue, it addresses a number of issues that could lead to malware infestations.
 

Microsoft preps seven security patches

January 05, 2012

The security update, which plans to address eight vulnerabilities, will include one "critical" fix.
 

Microsoft delivers rare out-of-band patch for ASP.NET issue

December 29, 2011

Some Microsoft engineers likely spent the holidays prepping a patch for a dangerous denial-of-service vulnerability affecting the .NET Framework.
 

Mozilla fixes crash issue after new Firefox version issued

December 22, 2011

One day after releasing version 9 of its Firefox web browser, Mozilla on Wednesday issued Firefox 9.0.1 to address an issue that caused Windows, Mac and Linux users' browsers to crash.
 

"Critical" Microsoft security bugs at lowest level since 2005

December 14, 2011

Microsoft officials credit more robust software security design with a diminished number of bugs garnering the tech giant's most severe rating.
 

Oracle updates Java, Adobe patches ColdFusion

December 13, 2011

An update from Oracle clears up, among other vulnerabilities, an issue that caused Java 6 Update 29 to break SSL connectivity. Meanwhile, Adobe offered a fix for its ColdFusion development platform.
 

Three "critical" patches to be in Microsoft security update

December 08, 2011

Microsoft on Tuesday is scheduled to release 14 patches to fix 20 vulnerabilities across its product line.
 

Firefox updates for security, user add-on control

November 09, 2011

Mozilla joined Microsoft and Adobe with security software updates on Tuesday.
 

Australian gov't wins U.S. security award from SANS

Darren Pauli, editor, SC Magazine, Australia/New Zealand October 27, 2011

An Australian government agency that instituted patching, whitelisting and account control as the foundation of its targeted attack defense took home a U.S. award from the SANS Institute.
 

HTC working with carriers to push Android bug fix

October 26, 2011

Users of HTC-made Android devices are receiving software security updates to correct a vulnerability that could be exploited by a third-party to steal personal information.
 

Apple releases OS X, iOS, Safari updates

October 13, 2011

Apple on Wednesday issued much-anticipated updates for its Mac OS X and iOS mobile operating system, adding support for its new iCloud service, and fixing a bevy of security flaws.
 

HTC confirms hole in its Android phones

October 04, 2011

HTC plans to release a patch after a "short" testing period, the company said Tuesday.
 

Oracle patches "Apache Killer" flaw in HTTP Server

September 16, 2011

A vulnerability could allow attackers to crash Oracle HTTP Server products based on Apache 2.0 or 2.2.
 

Microsoft, Adobe release scheduled security patches

September 13, 2011

Microsoft released five important bulletins addressing 15 flaws, along with an update revoking six more DigiNotar certificates, while Adobe issued critical updates for Reader and Acrobat.
 

Microsoft, Adobe announce forthcoming patches

September 08, 2011

Microsoft is readying five "important" security bulletins for Windows and Office, while Adobe plans to release critical updates for Reader and Acrobat.
 

Microsoft prepping 13 patches for 22 flaws

August 04, 2011

The software giant's monthly security update will include fixes for bugs in all versions of Internet Explorer.
 

Massive Safari update fixes dozens of security flaws

July 22, 2011

Along with the release of its latest platform, OS X Lion, Apple this week issued a new version of its Safari web browser, closing dozens of security flaws.
 

Report says firms must rethink patching strategy

July 15, 2011

Organizations should consider risk when fixing vulnerabilities, especially considering most bugs are present in third-party applications.
 

Microsoft issues four patches for 22 flaws

July 12, 2011

A vulnerability addressed Tuesday by Microsoft is present in the Bluetooth stack and places mobile users at risk to compromise.
 

Microsoft to plug 22 holes with four patches

July 07, 2011

Microsoft expects to release four patches next week to address 22 vulnerabilities in Windows and Office, the company said Thursday.
 

Apple updates Snow Leopard, preps for Lion

June 24, 2011

Apple on Thursday released an update to Mac OS X Snow Leopard (10.6), closing multiple vulnerabilities that could allow an attacker to run malicious code on an affected system.
 

Exploits begin for patched Internet Explorer bug

June 17, 2011

Attackers are now actively exploiting one of the 11 Internet Explorer (IE) vulnerabilities patched Tuesday by Microsoft, a Symantec researcher said Friday
 

Gmail users targeted by Adobe Flash exploit

June 06, 2011

Hackers are actively exploiting a cross-site scripting vulnerability in Adobe's Flash Player, the company revealed Sunday.
 

Oracle to patch Java SE next week

June 03, 2011

Oracle on Tuesday is planning to release patches to fix 17 vulnerabilities in its Java SE (Standard Edition) platform.
 

Microsoft distributes Windows, PowerPoint patches

May 10, 2011

Microsoft on Tuesday delivered two patches to address three vulnerabilities, but because of default settings, built-in protections and unaffected newer versions, experts don't anticipate widespread attacks ensuing.
 

Users asked to update to latest Skype for Mac

May 09, 2011

Skype already has fixed a major vulnerability in its Mac client, but many users only began installing the update Monday.
 

Apple delivers updates related to Comodo, Pwn2Own

April 15, 2011

Apple released a number of security updates for Mac OS X, Safari and iOS.
 

Microsoft distributes 17 patches for 64 flaws

April 12, 2011

The software giant ranks fixes for Internet Explorer, SMB as the month's most pressing.
 

Microsoft, Google warn of limited MHTML exploits

March 14, 2011

Cybercriminals are launching "limited, targeted attacks" against an unpatched scripting vulnerability that affects all supported versions of Windows, Microsoft has warned.
 

Microsoft closes four vulnerabilities, including DLL issues

March 08, 2011

Microsoft on Tuesday issued three patches to close four vulnerabilities that try to use a new remote attack vector to spread malware.
 

Microsoft fixes coming for Office, Windows flaws

March 03, 2011

Three fixes from Microsoft await security administrators next week, the software giant announced Thursday.
 

Two known flaws highlight Microsoft patch batch

February 08, 2011

Microsoft on Tuesday released 12 patches to correct 22 vulnerabilities, including two zero-day bugs, as part of its February security update.
 

Oracle releases 66 fixes in its quarterly patch cycle

January 19, 2011

Oracle released 66 security patches for 43 Oracle security vulnerabilities and 23 for Sun software.
 

Microsoft kicks off 2011 with light patch load

January 11, 2011

Tuesday's security update is comprised of two fixes for three vulnerabilities, but it does not address two publicly known flaws.
 

Fixes for two Windows flaws coming from Microsoft

January 06, 2011

Microsoft is letting administrators ease their way into the New Year, with plans to issue only two patches next week.
 

Microsoft security update includes IE, Stuxnet repairs

December 14, 2010

IT administrators on Tuesday received their holiday greetings from Microsoft: a whopper of a security update, comprised of 17 patches to fix 40 vulnerabilities.
 

Microsoft to address IE, Stuxnet flaws, 38 others

December 09, 2010

Two publicly known issues are expected to be addressed Tuesday when Microsoft releases 17 patches to correct 40 product vulnerabilities.
 

Latest Mac OS X update locks out some PGP users

November 12, 2010

A massive security update from Apple this week fixed more than 130 security flaws in its Mac OS X operating system, but it left some PGP users unable to reboot their computers.
 

Patch management should be core to operations

November 11, 2010

With the number of vulnerabilities rising, solid patch management is essential, a panel said Thursday at SC World Congress in New York.
 

Automated patches necessary for true endpoint security

November 10, 2010

Attackers are no longer going after the obvious software targets because there are too many ripe options available in the form of third-party applications, a panelist said at SC World Congress.
 

Targeted, smarter attacks dominate 2010 threat landscape

November 10, 2010

According to an SC World Congress speaker, cybercriminals have over the past year grown more innovative and relied heavily on opportunistic, targeted and blended attacks.
 

Quiet Microsoft update fixes 11 flaws with three patches

November 09, 2010

Microsoft on Tuesday released three patches to close 11 vulnerabilities, only one of which drew a "critical" rating.
 

Office, Unified Access Gateway to see fixes from Microsoft

November 04, 2010

Microsoft is prepping three patches for next week's monthly security update.
 

Mozilla releases Firefox 3.6.11 to address 12 flaws

October 20, 2010

Mozilla on Tuesday released an updated version of its Firefox web browser to shore up a dozen vulnerabilities.
 

Oracle issues massive quarterly update with Java fixes

October 13, 2010

Oracle on Tuesday released a massive quarterly security update with fixes for a number of enterprise products, as well as a separate batch of security fixes for Java.
 

IE, Office, Windows get patches in latest Microsoft update

October 12, 2010

Microsoft on Tuesday shipped 16 patches for a record-setting 49 vulnerabilities affecting Windows, Internet Explorer, Office and the .NET Framework.
 

Oracle fixes add to massive patch load expected Tuesday

October 08, 2010

Microsoft called, and Oracle raised. On the heels of Redmond announcing a planned record-breaking security update, the database giant has countered with plans of a monster patch delivery itself.
 

New Reader, Acrobat from Adobe fixed for 23 flaws

October 05, 2010

Adobe on Tuesday released updated versions of its flagship Reader and Acrobat products to close a whopping 23 vulnerabilities, including two publicly known issues.
 

Microsoft to issue ASP.net patch out of cycle on Tuesday

September 27, 2010

Microsoft on Tuesday will make available a patch for a zero-day vulnerability affecting ASP.net.
 

Apple patches zero-day QuickTime flaw with 7.6.8 release

September 15, 2010

Apple on Wednesday released a new version of QuickTime to plug two vulnerabilities, including a zero-day flaw that is being actively exploited simply by tricking a victim into visiting a web page.
 

Microsoft fixes another Stuxnet-related bug, 10 others

September 14, 2010

Microsoft devoted yet another patch this month to close off the possible spread of the insidious Stuxnet worm, which was built to target industrial control systems, specifically products manufactured by SCADA manufacturer Siemens.
 

Microsoft to issue nine patches, four for "critical" bugs

September 09, 2010

Microsoft is planning to release nine patches on Tuesday to plug 13 holes as part of the software giant's monthly security update.
 

IBM admits erring in statistics on vendor patching

August 31, 2010

The IBM X-Force research team has revised a part of its recently released trends and risk report that analyzed how well popular software vendors did in patching vulnerabilities disclosed in the first half of the year.
 

Apple releases OS X update, fixes 13 flaws

August 25, 2010

Apple on Tuesday issued an update to Mac OS X to fix 13 flaws, including one that is similar to the "jailbreak" vulnerability already patched in its mobile OS.
 

Adobe ships Flash Player update, ColdFusion hotfix

August 11, 2010

Adobe on Tuesday issued fixes for "critical" flaws in its Flash Player. Next week, it plans to release an out-of-band update for Reader and Acrobat.
 

Microsoft lists 4 of its record 14 patches as high priority

August 10, 2010

Microsoft's record-breaking month of patches includes fixes for 34 flaws across the software giant's product line.
 

Microsoft readies record 14 fixes, eight critical

August 05, 2010

Microsoft on Thursday announced that next week it plans to deliver a record 14 patches to resolve 34 vulnerabilities across its product line.
 

ZDI bug bounty program imposes fix deadline for vendors

August 03, 2010

In an effort to take back some of the control from vendors, the leading third-party bug bounty program plans to give providers six months to fix reported vulnerabilities -- or face limited public disclosure.
 

Critical flaws discovered in widely used embedded OS

August 03, 2010

Two critical vulnerabilities have been discovered in an embedded operating system used in 500 million devices.
 

Microsoft repairs shortcut flaw leading to SCADA malware

August 02, 2010

Microsoft on Monday released an emergency fix for a Windows vulnerability that is being exploited to launch attacks against industrial control systems.
 

Safari update fixes auto-fill flaw ahead of Black Hat talk

July 28, 2010

Apple on Wednesday issued updates for its Safari 4 and 5 web browser to fix 15 vulnerabilities, some of which could lead to arbitrary code execution or information disclosure. Safari 5.0.1 and 4.1.1 fix an issue with the browser's auto-fill feature, which is used to automatically fill out web forms using information in a user's computer or address book. The flaw could allow a maliciously crafted website to trigger auto-fill without user interaction, potentially leading to information disclosure. The patch comes one day before Jeremiah Grossman, founder and CTO of WhiteHat Security, is set to present about the vulnerability at the Black Hat conference in Las Vegas. The Safari updates also fix several flaws in WebKit, an open-source application framework. - AM
 

Microsoft announces "coordinated" plan for bug reporting

July 22, 2010

Microsoft on Thursday unveiled a new initiative that attempts to reframe the debate around vulnerability disclosure.
 

Google: Plug critical holes within 60 days across industry

July 21, 2010

Fresh off the controversy of one of its researchers publicly dropping a Microsoft zero-day vulnerability, Google now is hoping to lead the development of industry-accepted standards for vulnerability disclosure.
 

Oracle's quarterly update resolves 59 vulnerabilities

July 14, 2010

Oracle's quarterly security update released Tuesday includes fixes for the popular Database Server and Solaris operating system products.
 

Microsoft fixes Ormandy zero-day, four other bugs

July 13, 2010

Microsoft on Tuesday pushed out four patches to address five vulnerabilities in Microsoft Windows and Office. It also marks the last security update for Windows 2000 and XP Service Pack 2.
 

Software flaws, delayed patching reign so far this year

July 12, 2010

2010 is on pace to become a record-setting year for software vulnerabilities, and third-party applications that are not properly patched are a major blame, according to a new Secunia report.
 

Microsoft to fix Windows Help Center flaw, four others

July 08, 2010

Microsoft on Tuesday expects to close two zero-day vulnerabilities, including the widely covered Windows Help and Support Center flaw, which now is being widely exploited.
 

Adobe "Launch" flaw may not be fixed after all

July 02, 2010

A security researcher on Thursday said that he has discovered a way to bypass Adobe's Reader and Acrobat fix for a highly publicized flaw that takes advantage of a native PDF feature.
 

New versions of Reader, Acrobat close publicized flaws

June 29, 2010

Adobe's release Tuesday of updates to Reader and Acrobat include fixes for a dangerous zero-day vulnerability and protection against exploiting the PDF specification's "/Launch" functionality.
 

Mac update plugs 28 flaws, does not include Flash 10.1

June 16, 2010

Apple has pushed out a Mac OS X update, its fourth of the year, to close more than two dozen vulnerabilities.
 

Microsoft issues 10 patches as part of June update

June 08, 2010

Microsoft on Tuesday pushed out 10 patches to address a whopping 34 vulnerabilities as part of its June security update.
 

Adobe readies Flash fix for Thursday

June 08, 2010

Less than a week after it announced a zero-day vulnerability in Flash Player, Adobe plans to release a fix.
 

SharePoint, IE part of Microsoft patch plans

June 03, 2010

After a quiet May update, Microsoft is planning 10 patches next week, including fixes for zero-day issues in SharePoint and Internet Explorer.
 

Microsoft pushes fixes for two bugs in light Patch Tuesday

May 11, 2010

Microsoft distributed two patches on Tuesday for issues in Windows and Office, but customers must wait until at least next month for a SharePoint security fix.
 

Microsoft plans two patches, no SharePoint fix

May 06, 2010

Microsoft is planning a light patch load for next week, the software giant announced Thursday. Due to timing, the company was unable to produce a fix for a recently disclosed SharePoint vulnerability.
 

Two severe bugs silently fixed in recent Microsoft update

May 06, 2010

A recent Microsoft security patch silently fixed two severe vulnerabilities that were not disclosed, leading to criticism that the software giant downplayed the severity of the patch.
 

Microsoft revokes recent security bulletin for critical flaw

April 23, 2010

Microsoft may issue an out-of-band patch next week after revoking a security update issued on April 13 that did not fix a critical vulnerability.
 

Oracle issues critical patch update for 47 flaws

April 14, 2010

Oracle on Tuesday issued a critical patch update to correct 47 vulnerabilities across several of its portfolios, including the newly acquired Sun product line.
 

Microsoft patches 25 flaws with 11 patches, five critical

April 13, 2010

Microsoft on Tuesday released 11 patches to address 25 vulnerabilities, including two zero-day vulnerabilities. But the company rated three other fixes as top priorities for security administrators.
 
Popular Topics
4G-war Advanced Persistent Threat Adware AMTSO Anonymous Botnets Cyber Attacks Cyber Crime Data Breach Data Breaches Encryption Hackers Hacktivism Health Care IT Security Java Malware Mobile Devices Phishing Risk Management Social Security Numbers Stolen Information Survey Trojans Vulnerabilities & Flaws