Patch News, Articles and Updates

Flaws in web-based radiological solution could allow attackers to see right through database

A web-based reporting tool that tracks radiation doses delivered by X-ray machines and related devices contains vulnerabilities that could impact patient confidentiality, system integrity, or system availability, Dutch tech company Philips reported.

Top 10 Security Challenges for 2017

The first half of 2017 has not exactly been a ride in the park for cybersecurity professionals.

Patched bug in software configuration management tools can lead to malicious command execution

A vulnerability discovered in a series of revision control tools for software developers, including GitLab, Mercurial, and Apache Subversion, can be exploited to launch malicious command executions, according to the researcher who discovered it.

Mozilla Firefox patches 29 vulnerabilities

Mozilla Foundation released 29 CVE patches to Firefox 55 including five crucial vulnerabilities.

Microsoft Patch Tuesday addresses nearly 50 flaws

Microsoft had a busy month patching flaws with nearly 50 security issues fixed, many of which have a severity rating of critical" or "important."

Adobe Patch Tuesday addressees Flash bypass and code execution flaws

Adobe's Patch Tuesday this month covered 81 vulnerabilities including both a critical and important patch affecting Flash.

ICS-CERT alert issued for multiple Siemens medical vulnerabilities

The alert warns users of four vulnerabilities in the Siemens CT, PET, and SPECT scanners and workflow systems based on Windows 7.

Google patches BroadPwn bug in Chrome OS

Google has released a security update for its Chrome operating system in order to address the critical BroadPwn security bug that can be exploited to remotely control devices.

Hackers will weaponize AI, survey says

Of 100 infosecurity professionals surveyed, 34 percent fingered Russia as the biggest threat to cybersecurity in the U.S., followed closely by organized crime at 33 percent, according to a Cylance blog post.

Researchers hack Tesla firmware again, this time in Model X

Keen Security Lab researchers spotted another set of critical vulnerabilities in a Tesla, this time on the Model X.

Microsoft patches memory corruption and information disclosure vulnerabilities

Microsoft patched a memory corruption vulnerability and an information disclosure vulnerability in Microsoft Office Outlook.

Killing video game characters enables remote code execution in Valve games

Video game developer Valve Corporation recently created a patch to fix a buffer overflow vulnerability in its Source SDK library that can allow for remote code execution on client and server devices.

Devil's Ivy bug patched after found in toolkit potentially used by millions of IoT devices

Researchers investigating a vulnerability in security cameras from Axis Communications ended up uncovering a far more wide-ranging threat when they discovered the flaw actually lies within a toolkit used by myriad IoT product developers.

Oracle patches 308 bugs, including high-risk arbitrary download flaw in E-Business Suite

Oracle has issued a critical patch update for July 2017, fixing 308 vulnerabilities across its product line.

Cisco patches critical remote code execution flaw in WebEx browser extensions

Cisco on Monday released software updates to fix a critical remote code execution vulnerability in its WebEx browser extensions for both the Google Chrome and Mozilla Firefox browsers.

Thousands of hosts still vulnerable to EternalBlue after WannaCry attacks

Researchers found just two weeks after the EternalBlue exploit was used in the WannaCry ransomware attack that 60,000 hosts are still vulnerable.

Uber patches authentication bypass flaw

Uber recently patched an authentication bypass vulnerability on its custom single sign-on solution.

SAP addresses high-priority POS server flaw on Patch Tuesday

SAP on Tuesday released a dozen security notes after developing patches for a series of vulnerabilities, including a high-priority flaw in its Point of Sale Retail Xpress Server that could expose the server to attackers.

Microsoft Patch Tuesday, 19 critical vulnerabilities addressed

Microsoft's July Patch Tuesday news covered 55 flaws with 19 being rated critical with all the latter issues leading to remote code execution if left unpatched.

Patch Tuesday: Adobe addresses three Flash Player vulnerabilities

Adobe issued a light Patch Tuesday bulletin today covering three vulnerabilities in Flash Player and three in Adobe Connect for Windows.

Google patches 138 vulnerabilities in Android, Nexus, Pixel

Google this week released its July 2017 security bulletin for the Android operating system and Nexus and Pixel devices, making patching available for all 138 vulnerabilities.

Cisco fixes seven bugs, including three critical vulnerabilities

Cisco on Thursday released security updates to fix multiple vulnerabilities - three critical in severity - in its Elastic Services Controller, Ultra Services Framework and Staging Server, and StarOS CLI products.

Microsoft issues patch for Azure AD Connect fixing critical flaw

Microsoft has issued an update for Azure Active Directory (AD) Connect fixing a flaw that could lead to an elevation of privilege.

After the WannaCry ransomware campaign, why aren't people patching?

A massive ransomware campaign attacked countless endpoints for the second time in just over a month, exploiting a vulnerability that had been patched months earlier. SC asks, why does this keep happening?

NotPetya: Researchers find 'kill switch', then clash over naming

Researchers claim to have found a 'killswitch' for NotPetya, but there seems to be disagreement over what to call it.

NotPetya: Snowden takes shots at NSA, Shadowbrokers lick lips

Both Edward Snowden and the Shadowbrokers have used the NotPetya attacks, to provide their unique perspective on the situation.

Microsoft Windows Defender flaw found and fixed

Microsoft has issued an advisory and patched a remote code execution vulnerability in its Microsoft Malware Protection Engine after the flaw was spotted by a Google Project Zero bug hunter.

Cisco fixes multiple product bugs to prevent malicious code execution, DoS conditions

Cisco has patched vulnerabilities in its Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM), Virtualized Packet Core - Distributed Instance (VPC-DI), and WebEx Network Recording Player products.

Acronis True Image develops patch, after utility software fails to update securely

The disk back-up utility software Acronis True Image is susceptible to arbitrary code execution attacks because it does not perform update operations securely, according to a new vulnerability advisory published on Monday.