Patch/Configuration Management news, articles & updates| SC Media

Patch/Configuration Management

What’s really changed three years after Equifax breach?

Are organizations better off today than they were three years ago when a devastating breach at Equifax exposed sensitive customer data and poor security practices in equal measure? The consensus among experts is that companies still have a ways to go. “Unfortunately, not much has changed,” said Greg Foss, senior threat researcher from VMware Carbon…

Adobe releases update to patch critical flaws that could leave networks, data vulnerable

Adobe Tuesday released critical security updates for Adobe InDesign, Framemaker and Experience Manager, addressing multiple vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user, the company warned.   “While only a few are marked critical, even less critical vulnerabilities are targeted and exploited to gain access to a system, which…

Microsoft fixes 129 flaws, 23 critical, in massive Patch Tuesday

In a Patch Tuesday to rival June’s security update,  Microsoft fixed 129 new software vulnerabilities, including 23 critical flaws, impacting multiple platforms, including the Windows Graphic Device Interfaces (GDI), Microsoft SharePoint and Microsoft Exchange Server. Justin Knapp, Automox product marketing manager, attributed the patch laundry list to a remote workforce not going back to offices en masse…

Lesson learned: Failure to patch led to password leak of 900 VPN enterprise servers

Applying a security update to a CVE released more than a year ago could have prevented a hacker from publishing plaintext usernames and passwords, as well as IP addresses, for more than 900 Pulse Secure VPN enterprise servers. “The lesson here? Patch, patch, patch,” said Laurence Pitt, global security strategy director at Juniper Networks. “The…

Linux

‘Boothole’ threatens billions of Linux, Windows devices

A newly discovered serious vulnerability – dubbed “BootHole” – with a CVSS rating of 8.2 could unleash attacks that could gain total control of billions of Linux and Windows devices. Security firm Eclypsium researchers released details today about how the flaw can take over nearly any device’s boot process. The majority of laptops, desktops, servers,…

Microsoft issues two out-of-band patches for RCE flaws, one critical

In a pair of out-of-band updates, Microsoft patched RCE vulnerabilities, one rated critical, the other important. Microsoft said the two vulnerabilities, CVE-2020-1425 (critical) and CVE-2020-1457 (important), fixed prior to the company’s monthly Patch Tuesday updates, are not likely to be exploited. “To successfully exploit this vulnerability, an attacker would need to deliver a specially crafted image…

Triangle of network security management requires formalized process, Rodrigue says

Why do we care about cyber hygiene? For starters, security pros want to ensure operating effectiveness of basic controls and put in a system of checks and balances between processes. Companies also want to offer a foundation for more advanced technical security mechanisms, their effectiveness becomes limited otherwise. They also want to detect blind spots…

Adobe Patch Tuesday tackles Reader, Acrobat flaws

Adobe’s eight Patch Tuesday updates addressed a multitude of flaws – including 76 in Acrobat and Acrobat Reader that were rated important as well as several in Creative Cloud and Experience Manager rated critical. Successful exploitation of the Acrobat and Acrobat Reader vulnerabilities “could lead to arbitrary code execution in the context of the current…

Adobe’s July Patch Tuesday includes Bridge CC, Experience Manager, Dreamweaver fixes

Adobe’s July 2019 Patch Tuesday included updates for its Adobe Bridge CC , Adobe Experience Manager and Adobe Dreamweaver products. The updates for Experience Manager patched three vulnerabilities, while Bridge and Dreamweaver updates each have one, none of which are labeled as “critical,” and the highest rated vulnerability for each software is rated “important,” according…

Next post in Patch Management