Microsoft closes multiple zero-days in Patch Tuesday
Microsoft has released its monthly series of security updates for its software. During this round of patches, more than one hundred vulnerabilities will be closed, five of which are labelled as zero-days.
Bleeping Computer has posted an overview of all the vulnerabilities on its website. Five of...
New vulnerabilities potentially expose millions of IoT devices
Millions of IoT (Internet of Things) devices have security vulnerabilities that could allow cybercriminals to knock devices offline or control them remotely. The problem with this is that it opens the door to gain wider access to bigger networks.
Nine major vulnerabilities are affecting four TCP...
SAP: attackers only need 72 hours to turn patch into exploit
SAP warns its users to be quick about installing security patches. The company claims that attackers are able to reverse-engineer the patches at lightning speed, with the result that unpatched systems are extra vulnerable.
This is the conclusion of a report drawn up by SAP together with security...
FBI: Fortinet FortiOS vulnerabilities are actively exploited
US agencies warn that advanced persistent threat groups are exploiting Fortinet FortiOS vulnerabilities to compromise government and commercial organizations that use it. Last week, the FBI and the US Cybersecurity Infrastructure Security Agency (CISA) warned in a PDF that cybercriminals are scanni...
German government agencies compromised by Exchange vulnerabilities
The state security authorities say 4 in 6 breaches represented a "possible compromise".
The recent wave of hacker attacks on Microsoft Exchange systems has now affected six German federal agencies, according to the German government's Office for Information Security. which goes by the German acr...
Over 100,000 WordPress websites exposed to takeovers
Details of severe vulnerabilities in a widely-used WordPress plugin reveal that more than 100,000 websites may have been exposed to site takeovers. The details were revealed by security researcher Chloe Chamberland at Wordfence.
The flaws were found in ‘Responsive Menu,’ a plugin that offers...
Apple patches actively exploited vulnerabilities in iOS 14.4 update
Apple has released the latest version of iOS and iPadOS. Version 14.4 brings some minor improvements and patches a number of security holes that may have already been actively exploited.
The remedied security holes are described on an Apple support page. Two vulnerabilities are in the WebKit eng...
‘Most software in government and education contains vulnerabilities’
Research shows that many government and educational institutions use applications in which vulnerabilities are known. Nevertheless, the institutions are doing enough to protect against the vulnerabilities.
This is the conclusion drawn by application testing company Veracode from its own research...
GitHub: open source security vulnerabilities take years to detect
Research also shows that once detected, bugs are fixed quickly.
GitHub this week released its 2020 State of the Octoverse report. In it, they highlighted the increased important of open source tools and their growing role in software development.
The organisation spent 2020 following over 56 ...
Drupal sites are vulnerable to a hacking trick popular in the 90s
The team that makes the Drupal CMS (Content Management System) has released security updates to fix a critical vulnerability, giving attackers full control over Drupal sites. Drupal is the fourth most-used CMS on the internet, trailing WordPress, Shopify, and Joomla.
The vulnerability was rated ...
Google provides patches for two Chrome Zero-Days under active exploit
Google has patched two zero-day vulnerabilities in the Chrome browser. This is the third time in two weeks that the company has had to fix a Chrome flaw under active exploit. A tweet on Monday from Ben Hawkes, the head of Google’s Project Zero’s vulnerability and exploit research section, confi...
One of the severe Windows bugs this year is being actively exploited
Windows had one of the worst vulnerabilities patched this year, but those who did not update, are at risk of exploitation by malicious hackers. Microsoft warned those lagging to update now.
CVE-2020-1472 is the name given to the vulnerability. It allows hackers to access the Active Directory. Th...