‘Microsoft conceals critical vulnerabilities’
Several security companies are dissatisfied with Microsoft's patch policy. The tech giant allegedly undermines and conceals serious vulnerabilities.
Most criticism comes from Orca Security and Tenable, two security researchers. Orca Security informed Microsoft of two serious Azure Synapse Analyt... Read more
Netgear resolves inferior Orbi firmware update
Netgear has finally fixed deficient Orbi firmware in its latest update, which intercepts user access to the device's admin console.
On April 27th, Netgear, a networking hardware company, launched a firmware update 18.104.22.168 for the Orbi various models of mesh Wi-Fi systems, including RBR750, RBS75... Read more
Apple patches older macOS version with much delay
The latest Apple news is a tricky affair involving security lapses with profound implications. In a write-up by Vice and a post from Google’s Threat Analysis Group, we know there's a privilege escalation bug in macOS Catalina used by a well-funded, likely state-backed hacker group to target visit... Read more
HP installs vulnerable printer drivers on PCs for 16 years
SentinelOne recently uncovered a vulnerability in HP and Samsung printers. This is a so-called escalation of privilege vulnerability that originated in a poorly designed and not properly maintained printer driver. CVE-2021-3438, as the vulnerability is officially called, has received a CVSS score o... Read more
Critical vulnerabilities patched in Dell driver software, update now
There have been critical security problems in Dell's driver software for the past 12 years. These vulnerabilities have now been found and fixed with a patch.
Although the problems have been in the software for a very long time, they were only recently discovered by SentinelLabs' researcher Kasi... Read more
QNAP patches critical vulnerabilities that enabled ransomware attacks
QNAP has released multiple updates against vulnerabilities that were actively being exploited. The company recommends users install the updates immediately to protect against the Qlocker and eCh0raix ransomware.
Recently, a large number of QNAP NAS devices have fallen victim to the Qlocker and e... Read more
Project Zero gives users 30 days to install patches
Google Project Zero has added a 30-day period to the 90-day period in which it releases details of zero-days. The initiative still gives companies 90 days to release patches, but users will then have 30 days to install them.
In a blog post, Project Zero says that the initiative is adjusting its ... Read more
OpenSSL patches high-severity take-down vulnerability
The most widely used software library for encrypting website and email encryption, OpenSSL, has patched several high-severity flaws that make it easy for hackers to completely shut down a lot of servers at the same time.
OpenSSL offers users tested cryptographic functions that implement Transpor... Read more
’92 percent of Exchange servers have been patched’
Microsoft estimates that 92 percent of vulnerable Exchange servers have now received a patch. This suggests that the vast majority of IT administrators are taking the problems seriously.
The data comes from a tweet by Microsoft Security Response. In this tweet, the company says that 92 percent o... Read more
Over 100,000 WordPress websites exposed to takeovers
Details of severe vulnerabilities in a widely-used WordPress plugin reveal that more than 100,000 websites may have been exposed to site takeovers. The details were revealed by security researcher Chloe Chamberland at Wordfence.
The flaws were found in ‘Responsive Menu,’ a plugin that offers... Read more