Patch Management

Patch Management

Exploit for critical Windows flaw allows access to admin rights

A Windows vulnerability recently patched by Microsoft, registering a CVSS score of 10, could allow attackers instant access to Active Directory. The vulnerability (CVE-2020-1472) subverts Netlogon cryptography, providing a gateway to an enterprise’s internal network for an intruder to gain Domain Admin status with one click, according to a Secura blog post. “This flaw allows…

What’s really changed three years after Equifax breach?

Are organizations better off today than they were three years ago when a devastating breach at Equifax exposed sensitive customer data and poor security practices in equal measure? The consensus among experts is that companies still have a ways to go. “Unfortunately, not much has changed,” said Greg Foss, senior threat researcher from VMware Carbon…

Adobe releases update to patch critical flaws that could leave networks, data vulnerable

Adobe Tuesday released critical security updates for Adobe InDesign, Framemaker and Experience Manager, addressing multiple vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user, the company warned.   “While only a few are marked critical, even less critical vulnerabilities are targeted and exploited to gain access to a system, which…

Microsoft fixes 129 flaws, 23 critical, in massive Patch Tuesday

In a Patch Tuesday to rival June’s security update,  Microsoft fixed 129 new software vulnerabilities, including 23 critical flaws, impacting multiple platforms, including the Windows Graphic Device Interfaces (GDI), Microsoft SharePoint and Microsoft Exchange Server. Justin Knapp, Automox product marketing manager, attributed the patch laundry list to a remote workforce not going back to offices en masse…

Lesson learned: Failure to patch led to password leak of 900 VPN enterprise servers

Applying a security update to a CVE released more than a year ago could have prevented a hacker from publishing plaintext usernames and passwords, as well as IP addresses, for more than 900 Pulse Secure VPN enterprise servers. “The lesson here? Patch, patch, patch,” said Laurence Pitt, global security strategy director at Juniper Networks. “The…

Linux

‘Boothole’ threatens billions of Linux, Windows devices

A newly discovered serious vulnerability – dubbed “BootHole” – with a CVSS rating of 8.2 could unleash attacks that could gain total control of billions of Linux and Windows devices. Security firm Eclypsium researchers released details today about how the flaw can take over nearly any device’s boot process. The majority of laptops, desktops, servers,…

Hackers could exploit iDRAC flaw to control EMC PowerEdge servers

Dell issued a patch for a path traversal vulnerability found in the Integrated Dell Remote Access Controller (iDRAC) that could allow criminals to obtain full control of server operations. The vulnerability scored a CVSS rating of 7.1. iDRAC was designed for secure local and remote server management to help IT administrators deploy, update and monitor…

Critical SAP flaw puts 40,000 users at risk

More than 40,000 SAP users of an estimated 2,500 internet facing systems should move quickly to patch a Remotely Exploitable Code On NetWeaver (RECON) vulnerability that scored a 10 out of 10 on the bug-severity CVSS scale and which could give an attacker full enterprise control. Noting that “this is the second major Java-based 0-day in…

Citrix, Juniper and VMware patch array of vulnerabilities

Citrix, Juniper and VMware issued a bevy of patches this week. For starters, the Citrix Security Bulletin CTX276688 addressed vulnerabilities in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP appliance. According to CISA, a remote attacker could exploit some of these vulnerabilities to take control…

Next post in Security News