Patch | SC Media

Patch

Flaw in Alaris medical devices exposes infusion pumps to possible sabotage

Medical tech company Becton, Dickinson and Company (BD) has advised users of its Alaris Gateway Workstation – a smart connectivity and integration solution for infusion pump devices – to update their firmware, following the discovery of a highly critical remote code execution vulnerability. CyberMDX researcher Elad Luz found that multiple versions of the workstation –…

Vim and Neovim developers fix RCE flaw caused by failed sandbox check

Text editor programs Vim and Neovim both received security updates late last month after was was found to contain a remote code execution vulnerability. Designated CVE-2019-12735, the flaw was discovered by security researcher Armin Razmjou and assigned an 8.6 HIGH CVSS base score. According to an analysis of the vulnerability that was published last week,…

Microsoft patches 22 critical flaws, four zero days on June Patch Tuesday

Microsoft’s June Patch Tuesday release covered 88 CVE, including 22 rated as critical and four that covered previously announced zero-day vulnerabilities. The zero-day issues, all are elevation of privilege issues, were tagged as top priority patches of the month by several cybersecurity executives, although the good news is none of the zero days, or other…

Patch Tuesday

Adobe Patch Tuesday: Critical issues across Flash Player, ColdFusion and Campaign

Adobe June’s Patch Tuesday included patches for critical-rated arbitrary code execution flaws in Flash Player, ColdFusion and Campaign. The Flash Player vulnerability, CVE-2019-7845, affects Windows, macOS, Linux and Chrome OS and if exploited could lead to arbitrary code execution in the context of the current user.  The issue can be fixed by updating to the latest version…

Cisco updates include fixes for ‘high’ rated RCE, DoS flaws

Cisco released security updates to address vulnerabilities in multiple Cisco products including flaws that could allow a remote attacker could exploit to take control of an affected system. The updates included fixes for a remote code execution (RCE) flaw, a series denial of service (DoS) vulnerability, information disclosure vulnerability and several cross-site scripting (XSS) vulnerabilities,…

emailenvelopeicons_1216035

500,000 email servers running vulnerable Exim software

Qualys researchers went public with a remote command execution vulnerability (CVE-2019-10149) in the Exim mail server versions 4.87 to 4.91 possibly affecting more than half of all email servers now in use. The vulnerability allows a local, or in some cases, a remote attacker to execv as root, with no memory corruption or return-oriented programming…

NSA urges admins to patch BlueKeep vulnerability

The National Security Agency (NSA) has added its weight to Microsoft’s by heavily recommending that Windows administrators update their systems to protect against the CVE-2019-0708 “BlueKeep” vulnerability. Microsoft issued a patch for CVE-2019-0708 in May, but it’s estimated there are almost one million devices that have not been issued the update and remain vulnerable. The…

applePatch

Apple patches AirPort Base Station Firmware

Apple released several patches to addressed several vulnerabilities in its 7.9.1 update concerning its AirPort Base Station Firmware. The update is available for AirPort Extreme and AirPort Time Capsule base stations with 802.11ac. The vulnerabilities that could allow a remote attacker to leak memory, cause a denial of service, cause arbitrary code execution, not delete…

Despite patch, nearly 1M devices still vulnerable to ‘BlueKeep’ RCE flaw

Almost 1 million internet-connected devices remain vulnerable to the critical “BlueKeep” remote code execution bug that was recently found in Microsoft’s Remote Desktop Services, despite security fixes that were issued as part of May’s Patch Tuesday earlier this month. Officially designated CVE-2019-0708, the BlueKeep vulnerability could potentially allow unauthenticated attackers to install programs, view or…

Next post in Vulnerabilities