Patch Management

Microsoft changes encryption, another D-Link bug, phishing dangers, and more

Roundup Plus, Baltimore's disastrous ransomware infection and worse IT practices

Security30 Sep 2019 | 14

Got a pre-A12 iPhone? Love jailbreaks? Happy Friday! 'Unpatchable tethered Boot ROM exploit' released

Coder claims iThings older than two years can be unlocked from Apple's clutches

OSes27 Sep 2019 | 40

Hot patches for ColdFusion: Adobe drops trio of fixes for three serious flaws

While you're at it, fix Java too

Security25 Sep 2019 | 4

This vBulletin vBug is vBad: Zero-day exploit lets miscreants hijack vulnerable web forums

Updated Hackers can inject system commands via version 5 of software, no patch available

Security24 Sep 2019 | 8

If you're using Harbor as your container registry, bear in mind it can be hijacked with has_admin_role = True

Video Patch now before miscreants sail off with your apps, data

Security19 Sep 2019 | 2

That Telegram feature that let you delete your private messages on recipients' phones? It didn't work properly

VIdeo Infosec bod bags reward for spotting image privacy bug

Security09 Sep 2019 | 18

Exim marks the spot… of remote code execution: Patch due out today for 'give me root' flaw in mail server

Install incoming update to avoid having your boxes hijacked

OSes06 Sep 2019 | 13

Too bad, so sad, exploit devs: Google patches possibly several million dollars' worth of security flaws in Android

Except one – a 'your phone is now my phone' bug reported months ago and still not fixed

Security05 Sep 2019 | 5

Fancy buying a compact and bijou cardboard box home in a San Francisco alley? This $2.5m Android bounty will get you nearly there

Bug seller Zerodium boosts payouts for 'droid, slashes iOS prices in half

Security04 Sep 2019 | 7

Enjoy the holiday weekend, America? Well-rested? Good. Supermicro server boards can be remotely hijacked

Virtual USB hub allows attackers to get into BMCs

Security03 Sep 2019 | 52

JACK OF ALL TIRADES: Twitter boss loses account to cunning foul-mouthed pranksters

Roundup Plus a Cisco bug, dentists bitten by malware, and France takes down a worm

Security31 Aug 2019 | 14

Google takes a little more responsibility for its Android world, will cough up bounties for mega-popular app bugs

Payouts extended to anything with more than 100m installs

Security29 Aug 2019 | 6

Can't bear to part with that well-worn copy of Windows 7? Microsoft might let you keep it updated an extra year

EA and ESA subscribers can get 12 free months of updates

OSes27 Aug 2019 | 133

Steam cleaned of zero-day security holes after Valve turned off by bug bounty snub outrage

Security bod may be invited back into vuln reward program, Half-Life 3 still ain't happening

Security22 Aug 2019 | 11

Disgruntled bug-hunter drops Steam zero-day to get back at Valve for refusing him a bounty

EoP bug now free for the world to see after bounty was rejected

Security22 Aug 2019 | 100

The Joy of Six... critical security patches: Cisco small biz switches open to hijacking via web UI

Plus UCS and other gear need updates

Security22 Aug 2019 | 3

Stuff like sophisticated government spyware is scary and all – but don't forget, a single .wmv file can pwn you via VLC

Keep your media player, like other apps, up to date: 13 security flaws fixed

Security21 Aug 2019 | 15

Kaspersky and Trend Micro get patch bonanza after ID flaw and password manager holes spotted

Quis custodiet ipsos custodes?

Software15 Aug 2019 | 2

Intel: Listen up, you NUC-leheads! Mini PCs and compute sticks just got a major security fix

Chipzilla patches firmware, drivers, SDKs

Security14 Aug 2019 | 4

Dear hackers: If you try to pwn a website for phishing, make sure it's not the personal domain of a senior Akamai security researcher

Exclusive Crooks fail to hijack infosec bloke's site to dress it up as a legit Euro bank login page

Security29 Jul 2019 | 62

Dodgy vids can hijack PCs via VLC security flaw, US, Germany warn. Software's makers not app-y with that claim

Updated 'Fake news!' dev team cries

Security23 Jul 2019 | 21

Huawei website ████ ██████ security flaws ██████ customer info and biz operations at risk: ███████ patched

Is this the Chinese giant's Winnie the Pooh moment?

Security09 Jul 2019 | 38

Cisco delivers Patch Tuesday warmup with bundle of 18 bug fixes

Unified Comms, Jabber among targets for clean-up

Security05 Jul 2019 | 4

July is here – and so are the latest Android security fixes. Plenty of critical updates for all

Patch, punch, it's the first of the month

Security01 Jul 2019 | 29

Millions of Windows Dell PCs need patching: Give-me-admin security gremlin found lurking in bundled support tool

Updated Can't spell SupportAssist without 'ass' and 'u' – other makers may be hit, too

Security20 Jun 2019 | 15

Digi-dosh exchange Coinbase: Someone tried to pwn our staff via this week's Firefox zero-day security hole

Patch released after crypto-currency biz sounded alarm

Security20 Jun 2019 | 5

This is grim, Vim and Neovim: Opening this crafty file in your editor may pwn your box. Patch now if not already

Welcome to Vim Sh*tty 2000

OSes12 Jun 2019 | 60

It's that time again: Android kicks off June's patch parade with fixes for five hijack holes

Updates are on the way… if you have a Google device, at least

Security05 Jun 2019 | 17

Git your patches here! GitHub offers to brew automatic pull requests loaded with vuln fixes

Your repo's dependencies need updating to close a hole? We're way ahead of you, pal

Security30 May 2019 | 8

Two weeks after Microsoft warned of Windows RDP worms, a million internet-facing boxes still vulnerable

If you haven't patched CVE-2019-0708 aka BlueKeep, then, well, now would be a good time

OSes28 May 2019 | 51

Oracle splats 300 vulns in MySQL, Database, Fusion, etc, pours fresh brew of Java SE terms

Multiple pre-auth remote code exec holes need pasting over, enterprise IT giant warns

Databases16 Apr 2019 | 22

Juniper slips out update after hardcoded credentials left in switches

Telemetry Interface blamed for exposed gRPC passwords

Security11 Apr 2019 | 8

As you wrap up this month's patch installs, don't forget these Intel fixes

Chipzilla kicks out firmware patches plus a side channel Spoiler alert

Security11 Apr 2019 | 6

A patchy Apache a-patchin: HTTP server gets fix for worrying root access hole

Rogue 'worker' processes can sneak in with elevated privileges at startup

Security03 Apr 2019 | 10

Don't be an April Fool: Update your Android mobes, gizmos to – hopefully – pick up critical security fixes

Meanwhile, another Edge, IE zero-day emitted online

Security02 Apr 2019 | 31

Cisco emits 25 security bug fixes for IOS, takes second crack at patching WAN router SNAFUs

Updated Oh no, these patches kinda blow, go go Switchzilla!

Networks27 Mar 2019 | 2

Thought you were done patching this week? Not if you're using an Intel-powered PC or server

Here comes Chipzilla with a big bunch of security fixes for graphics drivers, server and workstation firmware, and more

Security14 Mar 2019 | 14

Tech security at Equifax was so diabolical, senators want to pass US laws making its incompetence illegal

Now Homeland Security committee sticks the boot in

Security08 Mar 2019 | 60

No RESTful the wicked: If your website runs Drupal, you need to check for security updates – unless you enjoy being hacked

PUT, PATCH, POST, PWNED!

Security20 Feb 2019 | 4

At least Sony offered a t-shirt, says macOS flaw finder: Bug bounties now for Macs if you want this 0-day, Apple

Vid Cupertino's tight-wads called out by fella who found password, private key leak

OSes07 Feb 2019 | 41

I won't bother hunting and reporting more Sony zero-days, because all I'd get is a lousy t-shirt

Analysis It's 2019. Should billion-dollar corps do better than offer swag for vulns?

Security05 Feb 2019 | 61

Thought Patch Tuesday was a load? You gotta check out this Oracle mega-advisory, then

And you'll definitely want to check out the libssh flaw

Databases16 Oct 2018 | 13

Hunt for Red Bugtober: US military's weapon systems riddled with security holes – auditors

Death from a-bug. Dr Strange-bug. Top Bug. We could do this all day...

Security15 Oct 2018 | 18

WebSphere and loathing in New York: IBM yanks buggy application server security fix from admins

Patched server, or working server. Pick one...

Security11 Oct 2018 | 7

Microsoft silently fixes security holes in Windows 10 – dumps Win 7, 8 out in the cold

Versions in use by millions lag behind latest OS, leaving systems vulnerable to attack

Security06 Oct 2017 | 229

Feelin' safe and snug on Linux while the Windows world burns? Stop that

I shoulda patched what now?

OSes06 Jul 2017 | 123

Enterprise patching... is patchy, survey finds

How difficult can it possibly be? Very, apparently

Security05 Jun 2017 | 26

Microsoft patched more Malware Protection Engine bugs last week

Redmond's out-of-band advisory landed after the bugs were fixed

Security29 May 2017 | 15

Ransomware hits Australian hospitals after botched patch

WannaCry? Minister says data is safe, so save your tears for now

Security25 May 2017 | 13

Wannacry: Everything you still need to know because there were so many unanswered Qs

Vid How it first spread, Win XP wasn't actually hit, and more

Security20 May 2017 | 111

Do we need Windows patch legislation?

Poll Should vendors be obliged to maintain ageing, unsafe PCs?

Security16 May 2017 | 257

Why Microsoft's Windows game plan makes us WannaCry

Analysis Oh, 'collective responsibility' – that old chestnut

Security16 May 2017 | 186

While Microsoft griped about NSA exploit stockpiles, it stockpiled patches: Friday's WinXP fix was built in February

Exclusive And it took three months to release despite Eternalblue leak

Security16 May 2017 | 154

It's 2017 – and your Mac, iPad, iPhone can all be pwned by an e-book

Seven Apple updates, because it's not like you had anything else to patch today

OSes16 May 2017 | 33

Ransomware scum have already unleashed kill-switch-free WannaCry‬pt‪ variant

Researchers warn over new Uiwix strain

Security15 May 2017 | 128

Microsoft to spooks: WannaCrypt was inevitable, quit hoarding

Monday wrap: “kill switch” holding for now; new versions emerging; patch what you can

Security14 May 2017 | 176