Patch News, Articles and Updates

Acronis True Image develops patch, after utility software fails to update securely

The disk back-up utility software Acronis True Image is susceptible to arbitrary code execution attacks because it does not perform update operations securely, according to a new vulnerability advisory published on Monday.

Stack Clash exploits spotted in Linux, OpenBSD, NetBSD, FreeBSD and Solaris

Researchers spotted a Stack Clash vulnerability in several operating systems which can be used to corrupt memory and execute arbitrary code.

Samsung left millions at risk by not renewing domain, patches Magician

Samsung Magician recently patched a flaw which could allow an attacker to execute arbitrary code but a separate flaw may have left millions at risk all because of an renewed domain.

Security updates announced for Mozilla Thunderbird, Google Chrome, ISC's BIND

The US-CERT on Thursday announced security updates to Mozilla Thunderbird, Google Chrome and the Internet Systems Consortium's BIND Domain Name System software.

Wimax routers found to contain backdoors allowing authentication bypass

Old Wimax routers have been found to contain backdoors and could enable hackers to bypass authentication researchers have now disclosed, aiding use for DDoS attacks.

Another Twitter account takeover flaw spotted

Once again an independent researcher found a way to take control of Twitter accounts to tweet and upload media.

Google Chrome patches 30 vulnerabilities

Google Chrome released a Stable Channel Update for Windows, Mac, and Linux.

Outdated Flash exposing enterprises to unnecessary risk, report

Researchers spotted a large number of enterprises exposing themselves to unnecessary risk by running outdated software and systems.

Twitter flaw would have let users post tweets to any account

A researcher going by the moniker Kedrisch spotted a Twitter vulnerability which would've allowed a user to post tweets from any user's account.

WannaCry patches mistakenly knock Aussie hospitals offline

In a case of no good deed goes unpunished, five Australian hospitals accidently locked out staff access to the computer systems after installing patches designed to protect them from WannaCry ransomware.

Joomla 3.7.1 patches critical SQL injection flaw

Securi researchers spotted a critical SQL injection vulnerability in Joomla! 3.7.0 which could easily be exploited.

Apple releases iOS 10.3.2 patches, macOS updates

Apple released a host of security patches including iOS 10.3.2 patches which patches nearly nearly two dozen security fixes.

40 Asus routers affected by five vulnerabilities

Researchers at Nightwatch Cybersecurity spotted nearly 40 Asus RT routers with five vulnerabilities.

Yahoo! bug bounty hits $2 million payout mark

Yahoo's three-year-old bug bounty program has paid out more than $2 million to bug hunters with the most recent important find taking place in April when a vulnerability in Flickr was revealed.

Cisco patches Vault 7 vulnerability

Cisco patched a critical vulnerability, one that was disclosed in the Vault 7 hacking tools leak, that left dozens of the company's switches open to being compromised.

Microsoft Patch Tuesday: 57 vulnerabilities addressed

Microsoft followed up its out of band patch announcement on May 8 for its Microsoft Malware Protection Engine with its usual Patch Tuesday offering, which this month contained 57 vulnerabilities, including zero-day issues.

Adobe Patch Tuesday: Flash Player receives updates for seven critical flaws

Adobe addressed seven critical flaws for Flash Player along with a single issue with Adobe Experience Manager that is rated as an important issue to be resolved.

Intel posts security bulletins, Cisco examines PowerISO flaw

Intel issued a critical firmware update that impacts several of its product families and Cisco Talos dug into a pair of vulnerabilities impacting Power Software Power ISO disk managing software.

Intel AMT chip bug suspected backdoor, but likely coding error

Some researchers accused the vulnerability of being a backdoor, others are less skeptical.

Joomla! patches XSS vulnerabilities

Joomla! recently patched two cross-site scripting vulnerabilities that if left unrepaired could give a malicious actor higher permissions possibly allowing the targeted site to be taken over.

Rep. Lieu calls for SS7 vulnerability to be patched

A U.S. congressman is again calling for the FCC and telecom industry to fix a security flaw in the Signalling System No. 7 (SS7) that is allowing hackers to bypass two-factor authentication and wipe out bank accounts.

Google issues May Android security bulletin

Google has released its May security updates for Android including a laundry list of critically rated issues along with updates for its Nexus and Pixel smartphones.

UPDATE: Intel warns of longstanding critical vulnerability in firmware

Intel issued an advisory on Monday warning of a critical escalation of privilege vulnerability in its firmware that can enable attackers to seize control of its products' manageability features.

IrfanView plug-in updated to fix arbitrary code execution flaw

The jpeg2000 (JP2) plug-in for the Windows-based image viewing and editing application IrfanView has been updated to address a vulnerability that can lead to arbitrary code execution, Cisco's Talos division has reported.

Microsoft bug linked to spy campaigns, bank thefts reportedly took 6 months to fix

A zero-day bug in Microsoft Office and WordPad that hackers exploited to spy on targeted users, implant malware, and steal banking credentials took nine months to fix, according to news reports.

Hot & Cold: Adobe apples hotfixes to ColdFusion to help prevent XSS exploit

Adobe Systems on Tuesday issued a series of hotfixes that addresses an input validation flaw in multiple versions of its ColdFusion web application development platform.

Researcher pwns Charles Darwin to demonstrate Microsoft Edge exploit

Even Charles Darwin couldn't protect his Twitter account from being hijacked after a researcher stole his cookies and passwords by exploiting a reported universal cross-site scripting vulnerability in the Microsoft Edge browser.