Patch | SC Media

Patch

Cisco fixes critical Aironet Access Points flaw, addresses 29 more bugs

Cisco today released 28 security advisories, in the process addressing a total of 30 vulnerabilities, including a critical unauthorized access bug found in the company’s Cisco Aironet Access Points (APs) software. Officially designated CVE-2019-15260, the flaw potentially can be exploited to view sensitive information, interfere with configuration options and disable the AP, in order to create…

VMware advisory warns users to patch critical issue in product

VMware patches critical bug in Harbor Container Registry for PCF

VMware yesterday issued a security advisory acknowledging a critical “broken access control” vulnerability found in VMware Cloud Foundation and Harbor Container Registry for Pivotal Cloud Foundry (PCF). According to the advisory, malicious actors with administrative access to a project could potentially exploit the flaw in order to “create a robot account inside of an adjacent…

Oracle addresses vulnerabilities with 154 security fixes

Oracle patches 218 security vulnerabilities

Oracle issued more than 200 security patches across a wide swath of its product line with Fusion Middleware, Java SE and MySQL receiving the majority of the fixes. Overall 218 fixes were issued in the October update. This is the fourth security update issued by Oracle in 2019 with the next scheduled for January 2020.…

WordPress patches 6 bugs

WordPress rolled out version 5.2.4 patching six vulnerabilities as a short-term fix prior to the release of version 5.3. WordPress version 5.2.3 and earlier are affected by these bugs. The problems covered included an issue where stored XSS could be added via the Customizer, a method of viewing unauthenticated posts, a way to create a…

BitPaymer ransomware attackers exploit Apple flaw to bypass detection

Apple has patched a vulnerability in iCloud for Windows and iTunes for Windows that malicious actors had been exploiting to evade antivirus and endpoint detection and response systems as they attempted to infect machines with ransomware. Specifically, the zero-day flaw was discovered in Bonjour – a mechanism for delivering future updates and also for helping…

applePatch

Apple update takes a bite of iCloud, iTunes and macOS bugs

Apple yesterday released a series of software updates that repaired vulnerabilities in iCloud for Windows 7.14 and 10.7, iTunes 12.10.1 for Windows and macOS Catalina 10.15. The two iCloud updates fixed eight flaws in total, including an arbitrary code execution flaw in UI Foundation and five more in the WebKit browser engine, as well as two universal cross-site…

Cisco’s latest round of updates address bugs in security products

Cisco Systems on Wednesday issued a series of security updates, in the process disclosing 29 vulnerabilities, including 16 high-impact ones. Among the most serious issues are a series of bugs found in various security-related products, including Cisco Adaptive Security Appliance Software, Firepower Threat Defense Software, Firepower Management Center and FXOS Software. Certain of these vulnerabilities allow for…

Microsoft revises and re-releases patch for exploited Internet Explorer bug

Microsoft Corp. yesterday re-released a security update for CVE-2019-1367, a critical remote execution bug in Internet Explorer that has been actively exploited. The new release expands upon the previous emergency out-of-band update, which took place Sept. 23. According to reports, the company’s earlier effort to distribute a patch was only available on a limited basis…

Multiple zero-day vulnerabilities found medical IoT devices: CISA

The Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory warning of vulnerabilities in several medical IoT devices that could lead to remote code execution. Advisory ICSA-19-274-01, which has a CVSS rating or 9.8, covers the following pieces of equipment: OSE by ENEA, INTEGRITY RTOS by Green Hills Software, ITRON, Zebos by IP Infusion, and…

Next post in Vulnerabilities