The biggies are two vulnerabilities in Internet Explorer and a single weakness in Remote Desktop Connection.
April 04, 2013
The software giant expects to distribute eight other fixes to correct vulnerabilities in Windows, Office, Server Software and Security Software.
The release patches 13 vulnerabilities, five of which are deemed "critical."
The security company is urging customers to upgrade to the latest version of the appliance, which is not susceptible to the vulnerabilities reported Wednesday by researchers at SEC Consult.
April 01, 2013
April's "threat of the month" are Universal Plug and Play (UPnP) vulnerabilities, which allow attackers to execute arbitrary code.
Prioritization is a key part of the patching strategy of any customer, says SC Magazine's Dan Kaplan.
Of the companies polled in a recent survey, eight in 10 indicated that they experienced web attacks in 2012.
Owing to outdated browsers, an attack aimed at older Java vulnerabilities can be just as successful for miscreants as targeting new vulnerabilities, according to new research.
March 18, 2013
Honeypots installed by researchers at security firm Trend Micro provided bait for 39 attacks on simulated ICS environments over the course of a month.
March 15, 2013
The security update patched 21 vulnerabilities and a Java Web Start bug that could allow apps to be launched automatically.
The new offering shows that, as cyber criminals become more sophisticated, they'll need more options to secure their infrastructure.
The vulnerability allows anyone with "casual physical access, such as a custodian sweeping your office at night or a security guard making his rounds" to plug in a USB device and become an administrator, according to Microsoft.
In this video shot at RSA Conference 2013 in San Francisco, Illena Armstrong, VP of editorial at SC Magazine, sits with Courtot to discuss some of the big problems facing CISOs today, as well as his thoughts on this year's big conference.
Researchers also found that the median number of vulnerabilities per application was 13 flaws.
They address flaws in Internet Explorer (IE), Windows, Office, Server Software and Silverlight.
March 07, 2013
Despite the best efforts by browser and operating system manufacturers to shore up their offerings, exploit hunters are still finding success at attacking the world's best-known platforms - especially when there is a large chunk of change on the line.
Researchers believe the stolen private key belonged to an unwitting Texas consulting company.
The company apparently was able to distribute a fix so quickly because it actually learned of this vulnerability on Feb. 1, but wasn't able to include a patch in the Feb. 19 update to Java.
The move follows two instances in the past few weeks when Adobe unexpectedly issued a Flash Player update to close vulnerabilities under active attack.
Just a few weeks after Oracle rushed a patch for the commonly exploited Java software, it is experiencing yet another meltdown.
Adobe this week released an update to its Flash Player to close three vulnerabilities, two of which are under active attack.
The consumer protection agency said vulnerabilities and the "insecure implementation" of diagnostic software propelled action against the American division of the mobile device maker for a number of security shortfalls.
Adobe on Wednesday made available a security update to its Reader and Acrobat software to close two vulnerabilities that are under active attack.
The passcode flaw affects iOS 6.1, allowing pranksters to bypass its security feature.
Exploits that are taking advantage of the vulnerabilities are able to evade Adobe's sandbox technology, which was implemented with the release of Reader and Acrobat X.
Adobe may be dealing with another zero-day vulnerability, this time appearing in the latest version of its PDF software, Reader.
One security bulletin fixes 13 flaws that could allow an attack to remotely execute code in several versions of IE.
The software company has updated its ubiquitous Flash software because of two pressing zero-day vulnerabilities.
The software giant expects to release a dozen patches on Tuesday, but all eyes are on two bulletins that address security flaws in Internet Explorer.
February 01, 2013
PayPal's Andy Steingruebl knows security is not an insular task. By looking outside of its own walls, the company has taken the fight to the enemy, and helped everyone else in the process.
