Patches News, Articles and Updates
Comodo default configuration installs a VNC server using an insecure default password.
Adobe on Tuesday released a security update for Shockwave Player that addresses a critical memory corruption vulnerability.
Adobe's Flash Player and AIR updates fix 35 bugs, the majority of which could lead to code execution.
The March 31 release of Firefox 37 introduced the opportunistic encryption feature to the browser, by April 3 it had been disabled.
The use-after-free vulnerability was being exploited in drive-by-download attacks, Adobe warned.
One bulletin is deemed critical and addresses 37 vulnerabilities in Internet Explorer that enable remote code execution.
The sole critical patch this month will address remote code execution issues in Internet Explorer.
Mozilla enabled public key pinning support in Firefox 32 primarily as a way to defend against man-in-the-middle attacks.
The MS14-045 update caused some users' systems to crash, and in response, Microsoft pulled the update.
The vulnerability comes into play when Instagram users search for Facebook friends to "follow."
On Tuesday, Adobe released fixes for seven critical bugs in its Flash Player plug-in.
The tech giant's monthly security update includes two critical patches for IE and Windows.
Two critical fixes from the tech giant will plug RCE bugs impacting Windows and IE users.
In total, Firefox 31 brings 11 patches for several flaws affecting the web browser.
An RCE vulnerability existing in several Cisco Wireless Residential Gateway products can be exploited to serve up fraudulent advertisements and deliver malware.
Oracle, the maker of the popular Java plug-in, recently confirmed the details.
The most critical flaws were in Java and Oracle Database Server.
Adobe's patches address three vulnerabilities, including a critical bug in Flash Player that could be exploited to steal sensitive information.
In its monthly Patch Tuesday update, Microsoft plugged a slew of critical bugs in Internet Explorer that could allow remote code execution.
Remote code execution (RCE) flaws in Windows and IE will receive top priority this month.
Apple addressed various vulnerabilities in Mavericks, Safari, iOS and Apple TV, several of which can enable arbitrary code execution.
The serious buffer overflow vulnerability affects Android 4.3, or devices running Jelly Bean.
A vulnerability exists that allows anyone with legitimate account credentials to bypass two-factor authentication on some of PayPal's mobile applications.
A patch was issued for CVE-2012-0158 in April 2012, but Trend Micro found that it is the most commonly exploited vulnerability related to targeted attacks in the second half of 2013.
Microsoft issued an update to its Malware Protection Engine in order to fix a vulnerability that could enable a denial-of-service.
A cumulative security update for Internet Explorer, addressing 59 bugs, was pegged as the top priority patch in the bunch.
Adobe is urging users running Windows and Macintosh operating systems to download the critical Flash Player update.
The critical patches will remediate remote code execute (RCE) bugs in Windows, IE, Office and Microsoft Lync.
Seven vulnerabilities were addressed in a Thursday OpenSSL update, but experts do not believe that any are as threatening as the Heartbleed bug.
SC Magazine Articles
- Some U.S. Bancorp workers' W-2 info exposed in ADP data breach
- Spearphishing attack nets $495K from investment firm
- Updated: Gmail, Yahoo email credentials among millions found on the dark web
- Report: Ransomware feeds off poor endpoint security
- Organizations need formal vendor risk management programs, study
- State Dept. criticized for poor records management, Clinton broke rules, IG report says
- APWG report: Phishing surges by 250 percent in Q1 2016
- Apple rehires crypto legend Jon Callas
- China's quantum communications satellite to improve data security, thwart hackers
- 34% of Brits willing to sacrifice their online safety for weight loss