Patch News, Articles and Updates

APT28 joins BlackOasis in exploiting latest Adobe Flash vulnerability

APT28 is now also being named as one of the cyber gangs attempting to take advantage of Adobe Flash vulnerability CVE-2017-11292.

Cisco remedies critical unauthorized access bug in Cloud Services Platform

Cisco on Wednesday issued a security update to repair a critical unauthorized access vulnerability in its Cloud Services Platform (CSP) 2100.

Oracle patches 252 bugs, as researchers note increase in E-Business Suite and PeopleSoft flaws

Oracle Corporation released its quarterly Critical Patch Update on Tuesday, issuing fixes for 252 vulnerabilities, including extremely severe bugs found in the company's Hospitality Applications, Siebel CRM solution, and PeopleSoft HR software.

Mozilla patches three critical issues in Thunderbird and Firefox

Mozilla issued a security update stating that the newly released Thunderbird 52.4 , Firefox 56 and Firefox ESR 52.4 patch 10 vulnerabilities, two rated critical, five high and three moderate found in earlier iterations of the software.

Adobe Patch Tuesday: Nothing

In what Adobe believes may be a first, the company did not issue any security updates for its product line this month.

Google patches 7 flaws in Dnsmasq

Google reported it has discovered and issued patches fo seven vulnerabilities in the DNS software package Dnsmasq, several of which could lead to remote code execution or leave the device open to a denial of service attack if exploited.

Following Equifax breach, FBI issues flash alert for Apache Struts flaws

The FBI issued a flash alert warning people to patch the Apache Struts vulnerabilities warning that it enabled an unnamed corporate breach.

Critical zero-days found in three popular WordPress plugins

Critical zero-day vulnerabilities in three popular Wordpress plug-ins could allow attackers to completely take over a vulnerable site.

Equifax twice missed finding Apache Struts vulnerability allowing breach to happen

Former Equifax CEO and Chairman Richard Smith sat before a house committee today where he was taken to task for his actions during the period when his company exposed the personal information of 145.5 million people.

4G vulnerabilities put mobile users and even Smart Cities at risk, study

Despite keeping us connected and even providing a bump in security over its predecessor, 4G networks are still plagued with weaknesses.

Cisco patches remote code execution flaws in IOS and IOS XE

Cisco released a series of updates to address vulnerabilities affecting its IOS and IOS XE products one of which could have allowed remote code execution in both products.

Apple's iOS 11 release prevents backdoor exploit on Wi-Fi chips

Apple's release of iOS 11 patched an out-of-bounds write vulnerability in Wi-Fi chips that, if exploited, could have allowed attackers within range to execute arbitrary code on the firmware.

Cleartext passwords, and worse found among top 21 financial trading apps

IOActive Senior Security Consultant Alejandro Hernández analyzed 21 of the most used and well-known mobile trading apps.

Apple exterminates bugs in iCloud for Windows, macOS High Sierra, macOS Server

Apple on Monday issued security updates for its iCloud for Windows, macOS High Sierra operating system, and macOS Server products, fixing 67 vulnerabilities.

Oracle patches 7 Apache Struts 2 vulnerabilities

Oracle issued seven security updates to handle vulnerabilities found in Apache Struts 2.

Cisco mends high-severity bugs across three product lines

Cisco Systems on Wednesday issued updates for three separate product lines, in each case rectifying a high-severity vulnerability that could allow remote attackers to either elevate privileges or trigger a denial-of-service condition.

Newest Joomla! release eliminates information disclosure flaws

The Joomla! Project this week released version 3.8 of its content management system, which fixes two information disclosure vulnerabilities.

Bluetooth ache: Protocol's security not sufficiently researched, experts claim after 'BlueBorne' disclosure

The recently disclosed collection of "BlueBorne" vulnerabilities that were found to affect at least 5.3 billion Bluetooth-enabled devices has revealed several inconvenient truths about the short-range communications protocol, experts say.

Microsoft Patch Tuesday: 21 critical updates listed, one zero day fixed

Microsoft's September Patch Tuesday security updates patch a zero-day flaw found in the wild and used to target Russian language speakers and details the BlueBorne vulnerability that could impact five billion Bluetooth devices.

Adobe Patch Tuesday: Flash Player with two critical updates

Adobe issued a light load of Patch Tuesday security updates today releasing only eight, with five being critical with two of these affecting Flash Player.

Samsung announces bug bounty for devices and services

Samsung is joining the ranks of Apple and other competitors and looking to boost the security of their platforms with the launch of its own bug bounty program.

Microsoft won't patch Edge bypass vulnerability

Microsoft will not patch a security bypass vulnerability in Edge which could allow the disclosure of confidential information.

Attackers actively exploiting Apache Struts remote code execution bug

Almost immediately following the disclosure of a critical Apache Struts bug last Tuesday, exploit code for the vulnerability was published online and attackers reportedly began exploiting the flaw.

Google releases Stable Channel Update for Chrome

Google released a Stable Channel Update for Chrome desktop which included 22 security patches including six high rated bugs.

Abbott Laboratories securing vulnerable pacemakers with firmware and software updates

Healthcare product manufacturer Abbott Laboratories is updating the firmware and software in its line of implantable pacemakers to shore up a security vulnerability that could lead to unauthorized access.