CISA pulls the fire alarm on Juniper Networks bugs
Hate to ruin your Friday
Patches15 Jul 2022 | 3
Vulnerability
Thousands of websites run buggy WordPress plugin that allows complete takeover
All versions are susceptible, there's no patch, so now's a good time to remove this add-on
Security15 Jul 2022 | 32
Windows Network File System flaw results in arbitrary code execution as SYSTEM
Follina was all very exciting, but did you patch CVE-2022-30136?
Security15 Jul 2022 | 9
Homeland Security warns: Expect Log4j risks for 'a decade or longer'
Great, another thing that's gone endemic
Patches14 Jul 2022 | 12
Lenovo issues firmware updates after UEFI vulnerabilities disclosed
Déjà vu all over again for laptop maker as researchers poke holes in its code
Security14 Jul 2022 | 6
Microsoft's July Patch Tuesday fixes actively exploited bug
Patch Tuesday No, Windows Autopatch didn't kill the monthly patchapalooza
Patches12 Jul 2022 | 8
BROADER TOPICS
NARROWER TOPICS
Amazon squashes years-old authentication bugs in AWS Kubernetes service
Three vulnerabilities in one line of code
Security12 Jul 2022 | 1
What to do about inherent security flaws in critical infrastructure?
Industrial systems' security got 99 problems and CVEs are one. Or more
Research03 Jul 2022 | 46
FabricScape: Microsoft warns of vuln in Service Fabric
Not trying to spin this as a Linux security hole, surely?
Devops29 Jun 2022 | 12
Halfords suffers a puncture in the customer details department
I like driving in my car, hope my data's not gone far
Security23 Jun 2022 | 58
Cisco warns of security holes in its security appliances
Bugs potentially useful for rogue insiders, admin account hijackers
Patches22 Jun 2022 | 11
For a few days earlier this year, rogue GitHub apps could have hijacked countless repos
A bit of a near-hit for the software engineering world
Devops21 Jun 2022 | 5
How refactoring code in Safari's WebKit resurrected 'zombie' security bug
Fixed in 2013, reinstated in 2016, exploited in the wild this year
Research21 Jun 2022 | 14
CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure
Updated Nearly 60 holes found affecting 'more than 30,000' machines worldwide
Research21 Jun 2022 | 23
DeadBolt ransomware takes another shot at QNAP storage
Keep boxes updated and protected to avoid a NAS-ty shock
Cyber-crime18 Jun 2022 | 16
If you're using older, vulnerable Cisco small biz routers, throw them out
Severe security flaw won't be fixed – as patches released this week for other bugs
Networks16 Jun 2022 | 27
Azure issues not adequately fixed for months, complain bug hunters
Updated Redmond kicks off Patch Tuesday with a months-old flaw fix
Security14 Jun 2022 | 6
Symantec: More malware operators moving in to exploit Follina
Meanwhile Microsoft still hasn't patched the fatal flaw
Security09 Jun 2022 | 11
Now Windows Follina zero-day exploited to infect PCs with Qbot
Data-stealing malware also paired with Black Basta ransomware gang
Research09 Jun 2022 | 4
To cut off all nearby phones with these Chinese chips, this is the bug to exploit
Android patches incoming for NAS-ty memory overwrite flaw
Research03 Jun 2022 | 28
Zero-day vuln in Microsoft Office: 'Follina' will work even when macros are disabled
Updated Researchers comb through code execution flaw found in malicious document
Security30 May 2022 | 25
That critical vulnerability might not be the first you should patch
Startup Rezilion suggests enterprises should change prioritization strategies
Security30 May 2022 | 5
Talos names eight deadly sins in widely used industrial software
Entire swaths of gear relies on vulnerability-laden Open Automation Software (OAS)
Patches27 May 2022 | 6
In record year for vulnerabilities, Microsoft actually had fewer
Occasional gaping hole and overprivileged users still blight the Beast of Redmond
Security25 May 2022 | 10
Patch now: Zoom chat messages can infect PCs, Macs, phones with malware
Google Project Zero blows lid off bug involving that old chestnut: XML parsing
Patches24 May 2022 | 4
US won’t prosecute ‘good faith’ security researchers under CFAA
Well, that clears things up? Maybe not
Security20 May 2022 | 37
Meet Wizard Spider, the multimillion-dollar gang behind Conti, Ryuk malware
Analysis Russia-linked crime-as-a-service crew is rich, professional – and investing in R&D
Research18 May 2022 | 3
Monero-mining botnet targets Windows, Linux web servers
Sysrv-K malware infects unpatched tin, Microsoft warns
Cyber-crime18 May 2022 | 10
Iran-linked Cobalt Mirage extracts money, info from US orgs – report
Khamenei, can you just not? Not right now, fam
Research13 May 2022 | 3
Anatomy of a campaign to inject JavaScript into compromised WordPress sites
Reverse-engineered code redirects visitors to dodgy corners of the internet
Research13 May 2022 | 8
If you've got Intel inside, you probably need to get these security patches inside, too
So. Many. BIOS. Bugs
Patches12 May 2022 | 9
Colonial Pipeline faces nearly $1m fine one year after ransomware attack
In Brief Plus: Unpatched DNS bug puts IoT devices at risk, SolarWinds hackers set up new digs, and a CEO faces hard time for massive mining fraud
Security09 May 2022 | 8
F5, Cisco admins: Stop what you're doing and check if you need to install these patches
Updated BIG-IP iControl authentication bypass, NFV VM escape, and more
Patches06 May 2022 | 6
Microsoft fixes cross-account vulns in Azure Database for PostgreSQL service
Presented by the Wiz team that found the Cosmos DB flaw
Databases28 Apr 2022 | 2
Microsoft points at Linux and shouts: Look, look! Privilege-escalation flaws here, too!
Will Redmond start code-naming Windows make-me-admin bugs?
Patches27 Apr 2022 | 111
Who is exploiting VMware right now? Probably Iran's Rocket Kitten, to name one
We hope you've patched that 9.8/10 severity bug
Research26 Apr 2022 | 5
Homeland Security bug bounty program uncovers 122 holes in its systems
Thinking of another word for this US govt department's name
CSO25 Apr 2022 | 4
Flaw could have granted criminals control over Ever Surf crypto wallets
Check Point uncovers web vulnerability that could have led to cryptocurrency theft
Security25 Apr 2022 | 1
Now Mandiant says 2021 was a record year for exploited zero-day security bugs
Now that's a race condition
Research23 Apr 2022 | 4
Hive ransomware affiliate zeros in on Exchange servers
Threat actor exploited known vulnerabilities in the Microsoft software to compromise multiple systems
Cyber-crime22 Apr 2022 | 4
ESET uncovers vulnerabilities in Lenovo laptops
Updated Firmware updates incoming in response to UEFI threats
Security19 Apr 2022 | 18
Google issues third emergency fix for Chrome this year
The latest patch is aimed at a type confusion vulnerability that is actively being exploited
Security15 Apr 2022 | 17
Apache says Struts 2 security bug wasn't fully fixed in 2020
But this time the patch should do the trick
Patches13 Apr 2022 | 3
AWS fixes local file vuln on internal credential access for Relational Database Service
Lightspin threat researchers discovered the bug, which AWS fixed
Security12 Apr 2022 |
Critical bug allows attacker to remotely control medical robot
CVSS 9.8 flaws are not what you want in a hospital robot
Patches12 Apr 2022 | 12
Attackers exploit Spring4Shell flaw to let loose the Mirai botnet
Trend Micro says vulnerable systems in Singapore have been compromised
Security11 Apr 2022 | 3
Google Play pulls sneaky data-harvesting apps with 46m+ downloads
In brief Plus: Fox News learns to use database passwords, Autodesk patches high-severity bugs, and CISA says retire old D-Link routers
Security11 Apr 2022 | 13
Fintech platform flaw could have allowed bank transfers, exposed data
Fintech provider flaw could have hit dozens of U.S. banks, says Salt Security
Security07 Apr 2022 | 9
Patch now: RCE Spring4shell hits Java Spring framework
You didn't have any plans for the weekend anyway, did you?
Security31 Mar 2022 | 8
Zlib crash-an-app bug finally squashed, 17 years later
Patch actually released this time
Security30 Mar 2022 | 23
Detailed: Critical hijacking bugs that took months to patch in Microsoft Azure Defender for IoT
SQL injection, race condition, bad cryptographic check pave way for infrastructure network takeovers
Security30 Mar 2022 | 4
Sophos fixes critical hijack flaw in firewall offering
Authentication bypass followed by remote-code execution at the network boundary
Security28 Mar 2022 |
Google Chrome, Microsoft Edge patched in race against exploitation
Another bug squashed in JavaScript engine
Security28 Mar 2022 | 5
F-Secure spins out new enterprise security business: WithSecure
CEO tells The Reg of new branding ahead of Finnish vendor's corporate split
Security24 Mar 2022 | 5
VMware fixes command injection, file upload flaws in Carbon Black security tool
Miscreants can exploit these to make a bad situation much worse
Security23 Mar 2022 |
Biden says Russia exploring revenge cyberattacks
Several hundred US orgs given classified briefings as critical infrastructure felt to be at risk
Security22 Mar 2022 | 68
Western Digital tells EdgeRover users to patch app again
Critical vulnerability may have allowed an attacker to escalate local privileges
Security21 Mar 2022 | 3
Russia-linked attackers breach NGO by exploiting MFA, PrintNightmare vuln
Patch flaws and enforce authentication policies, CISA and FBI warn
Security16 Mar 2022 | 3
Kubernetes container runtime CRI-O has make-me-root flaw
Cr8escape priv-escalation bug opens the door to cluster takeovers
Devops15 Mar 2022 | 1
Singapore uncovers four critical vulnerabilities in Riverbed software
Details emerge of the now-patched flaws
Security11 Mar 2022 | 1
Millions of APC Smart-UPS devices vulnerable to TLStorm
Critical vulns spotted in popular Schneider kit
Security09 Mar 2022 | 34
US govt: Here are another 15 security bugs under attack right now
Best plug HiveNightmare if you haven't already, unless you like new admins
Security11 Feb 2022 | 10
Biting the hand that feeds IT
