Patch Management

Patch Management

DHS reduces deadline for agencies to fix vulnerabilities in their systems

The Department of Homeland Security’s U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday issued a directive that now gives federal agencies a 15-day deadline to remediate critical-level vulnerabilities that are detected on their internet-accessible systems by CISA’s Cyber Hygiene scanning service. Binding Operational Directive 19-02 supersedes BOD 15-01, which when enacted in 2015 gave…

Cisco patches 29 vulnerabilities including one being actively exploited in Sea Turtle campaign

Cisco latest round of security updates addresses 29 vulnerabilities in multiple Cisco products that could allow a remote attacker to take control of an affected system and one of which is being actively exploited in Sea Turtle campaign. Admins in charge of Cisco ASR 9000 Series Aggregation Services Routers have been instructed to urgently address…

Drupal software update patches highly critical RCE bug

The developers of Drupal this week issued a security advisory urging users to update their software following the discovery of a highly critical remote code execution vulnerability in their open-source content management framework. “Some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases,” the…

Flaw in runC could allow malicious containers to infect host environment

A vulnerability discovered in the runC container management tool has exposed multiple privileged container systems to a potential exploit through which attackers could allow malware to escape a container and compromise an entire host system. Designated CVE-2019-5736, the flaw allows attackers to use a malicious container to overwrite the host runC binary during the execution…

Attackers scanning unpatched Cisco small business routers after exploit code published

Cisco Systems last week issued security advisories for two dozen vulnerabilities, including two high-severity flaws in its Small Business RV320 and RV325 dual gigabit WAN VPN routers, which attackers are reportedly already trying to exploit with published proof-of-concept code. Device owners are advised to immediately download Cisco’s patches for the two exploited flaws, both of…

Fixed Fortnite flaws could have enabled account takeovers

A series of vulnerabilities in the hugely popular online survival game Fortnite could have allowed malicious actors to take over players’ accounts, prompting developer Epic Games to fix the issues before a major incident transpired, according to researchers who discovered the program. Had the flaws been exploited, attackers could have victimized gamers by viewing their…

Researchers develop proof-of-concept malware for attacking Building Automation Systems

Researchers have developed proof-of-concept malware capable of compromising Building Automation Systems after discovering two critical bugs in a BAS programmable logic controller (PLC). Created by experts at ForeScout, the malware exploits both vulnerabilities in combination with several older flaws that were previously known to the public, according to a ForeScout white paper released today in…

Microsoft updates brick Windows 7 devices

Microsoft Corp. this Tuesday released two software updates that reportedly rendered some Windows 7-based machines useless by mistake. The problem springs from the implementation of Microsoft’s Jan. 8, 2019, security-only update KB4480960 or Monthly Rollup update KB4480970, in combination with older update KB971033, whose previous iteration dates back to April 2018. The two more recent updates introduced…

Adobe tackles two critical bugs in Acrobat and Reader update

Adobe Systems today released an unscheduled security update for Acrobat and Reader for both the Windows and MacOS operating systems, fixing two critical vulnerabilities in the process. The San Jose, Calif.-based software company identified the issues as a use-after-free bug that can result in arbitrary code execution (CVE-2018-16011) and a security bypass flaw that can lead…

Cisco patches privilege escalation flaw in Adaptive Securty Appliance software

Cisco Systems this week issued an update for its Adaptive Security Appliance (ASA) software, fixing a high-severity vulnerability that could allow authenticated attackers with low-level access to remotely escalate their privileges on Cisco devices with web management access enabled. Designated CVE-2018-15465, the flaw is the result of an improper validation process while using the web management interface.…

Next post in Security News