Deployed publicly accessible MOVEit Transfer? Oh no. Mass exploitation underway
Time to MOVEit, MOVEit. We don't like to MOVEit, MOVEit
Patches01 Jun 2023 | 10
Patches
Barracuda Email Security Gateways bitten by data thieves
Act now: Sea-themed backdoor malware injected via .tar-based hole
Patches31 May 2023 | 8
Cisco squashes critical bugs in small biz switches
You'll want to patch these as proof-of-concept exploit code is out there already
Patches18 May 2023 |
Intel says Friday's mystery 'security update' microcode isn't really a security update
We're all for encouraging people to squash bugs but this is an odd way to do it
Patches15 May 2023 | 7
Why Microsoft just patched a patch that squashed an under-attack Outlook bug
Let's take a quick dive into Windows API
Patches12 May 2023 | 45
Two Microsoft Windows bugs under attack, one in Secure Boot with a manual fix
Patch Tuesday On the plus side, this month's update batch is a bit smaller than usual
Patches09 May 2023 | 20
WordPress plugin hole puts '2 million websites' at risk
XSS marks the spot
Patches08 May 2023 | 17
Apple pushes first-ever 'rapid' patch – and rapidly screws up
Maybe you're just installing it wrong?
Patches02 May 2023 | 43
Mirai botnet loves exploiting your unpatched TP-Link routers, CISA warns
Oracle and Apache holes also on Uncle Sam's list of big bad abused bugs
Patches02 May 2023 | 1
Apache Superset: A story of insecure default keys, thousands of vulnerable systems, few paying attention
Two out of three public-facing app instances open to hijacking
Patches25 Apr 2023 | 18
Military helicopter crash blamed on failure to apply software patch
A rather nice beach in Australia now briefly hosted an unusual feature
Patches18 Apr 2023 | 49
April Patch Tuesday: Ransomware gangs already exploiting this Windows bug
Plus Google, SAP, Adobe and Cisco emit fixes
Patches11 Apr 2023 | 9
Apple squashes iOS, macOS zero-day bugs already exploited by snoops
Keep calm and install patches before abuse becomes widespread
Patches10 Apr 2023 | 1
Apple patches all the iThings, including iOS 15 hole under attack right now
Issue identified in February but owners of older kit weren't warned
Patches28 Mar 2023 | 11
Google: Turn off Wi-Fi calling, VoLTE to protect your Android from Samsung hijack bugs
Four flaws open mobiles, cars to remote-control at baseband level with just a phone number
Patches17 Mar 2023 | 40
Microsoft: Patch this severe Outlook bug that Russian miscreants exploited
Patch Tuesday Plus: Fixes for SAP, Adobe. Android, Chrome
Patches14 Mar 2023 | 38
Microsoft squashes Windows bug exploited to inflict ransomware misery
Not-so-smart SmartScreen flagged up by Googlers
Patches14 Mar 2023 | 5
Antivirus apps are there to protect you – Cisco's ClamAV has a heckuva flaw
Switchzilla hardware and software need attention, unless you fancy arbitrary remote code execution
Patches17 Feb 2023 | 8
VMware, Windows 11 shafted by Windows Server 2022
Updated OS won't start on some systems with ESXi VMs, while Win11 updates may not make it to devices
Patches16 Feb 2023 | 18
Intel patches up SGX best it can after another load of security holes found
Plus bugs squashed in Server Platform Services and more
Patches15 Feb 2023 | 4
Popular
British Airways, Boots, BBC payroll data stolen in MOVEit supply-chain attack
Microsoft blames Russian Clop ransomware crew for theft of staff info
Microsoft battles through two 365 outages in one day
Updated Windows titan blames technical problems while hacktivists claim it woz them wot did it
Metaverse? Apple thinks $3,500 AR ski goggles are the betterverse
WWDC iGiant's turn to roll the dice on VR next year after Facebook, Microsoft, Google blow billions on the unloved tech
Healthcare org with over 100 clinics uses OpenAI's GPT-4 to write medical records
The doctor, and their steno-bot, will see you now. Then see another patient quickly because they don't have to stop and scrawl notes
Crypto catastrophe strikes some Atomic Wallet users, over $35M thought stolen
Victims nursing huge losses haven't the foggiest how heist happened, yet
The challenges Intel faces to compete with TSMC, Samsung
Analysis Fabs still need to be built, process tech needs to be proven – and Pat's gotta make it price competitive
Oh Snap... Desktop Ubuntu Core to arrive in 2024
Changes are happening in Fedora and openSUSE immutable distros, too
Apple WWDC: M2 Ultra chip lands in 'cheese grater' Mac Pro to displace Cupertino's last Intel holdout
Workstations boosted, MacBook Air embiggened, iOS embraces web apps, and all the rest of Cupertino's new stuff
Malwarebytes may not be allowed to label rival's app as 'potentially unwanted'
Legal prof warns: 'This case is like a wrecking ball for internet law'
Microsoft Windows edges closer to SMB security signing fully required by default
'This is certainly the biggest change we've made since the campaign to remove SMB1'
STORIES
Hyundai and Kia issue software upgrades to thwart killer TikTok car theft hack
Gone in 60 seconds using a USB-A plug and brute force instead of a key
Patches15 Feb 2023 | 55
Apple splats zero-day bug, other gremlins in macOS, iOS
WebKit flaw 'may have been exploited' – just like Tim Cook 'may have' made a million bucks this week
Patches15 Feb 2023 | 7
Microsoft sweeps up after breaking .NET with December security updates
XPS doc display issues fixed – until the next patch, at least
Patches01 Feb 2023 | 3
Microsoft to enterprises: Patch your Exchange servers
If you want to keep the miscreants out, put the updates in, Redmond says
Patches28 Jan 2023 | 14
Logfile management is no fun. Now it's a nightmare thanks to critical-rated VMware flaws
You know the drill: patch before criminals use these bugs in vRealize to sniff your systems
Patches25 Jan 2023 |
Russians say they can grab software from Intel again
And Windows updates from Microsoft, too
Patches14 Jan 2023 | 52
Microsoft fixes Windows database connections it broke in November
January Patch Tuesday update resolves issue caused by Patch Tuesday update late in '22
Patches11 Jan 2023 | 3
First Patch Tuesday of the year explodes with in-the-wild exploit fix
Patch Tuesday Plus: Intel, Adobe, SAP and Android bugs
Patches11 Jan 2023 | 20
Microsoft fixes Hyper-V VM problem caused by Patch Tuesday
The emergency OOB release should solve those frustrating failures
Patches21 Dec 2022 | 2
Patch Tuesday update is causing some Windows 10 systems to blue screen
Microsoft issues a workaround for problem while it works on a fix
Patches20 Dec 2022 | 51
Patch Tuesday updates spark errors when creating Hyper-V VMs
Something's broken, mom! Microsoft offers workaround while trying to think up a fix
Patches14 Dec 2022 | 10
Microsoft ain't the only one squashing exploited-in-the-wild bugs this month
Patch Tuesday Plus there's a PoC for this unpatched Cisco bug
Patches14 Dec 2022 | 11
Nvidia patches 29 GPU driver bugs that could lead to code execution, device takeover
Take a break from the gaming and fix these now
Patches01 Dec 2022 | 5
Windows Server domain controllers may stop, restart after recent updates
Microsoft outlines a workaround while pulling together a fix to LSASS memory leak
Patches28 Nov 2022 | 20
Microsoft's attempts to harden Kerberos authentication broke it on Windows Servers
Emergency out-of-band updates to the rescue
Patches21 Nov 2022 | 36
VMware warns of three critical holes in remote-control tool
Anyone can pretend to be your Windows IT support and take command of staff devices
Patches09 Nov 2022 |
Microsoft squashes six security bugs already exploited in the wild
Patch Tuesday Plus: Fixes from Intel, AMD, Citrix and more
Patches09 Nov 2022 | 5
OpenSSL downgrades horror bug after week of panic, hype
Relax, there's more chance of Babbage coming back to life to hack your system than this flaw being exploited
Patches01 Nov 2022 | 3
Unofficial fix emerges for Windows bug abused to infect home PCs with ransomware
Broken code signature? LGTM, says Microsoft OS
Patches01 Nov 2022 | 17
Cisco AnyConnect Windows client under active attack
Make sure you're patched – and update VMware Cloud Foundation, too, by the way
Patches26 Oct 2022 | 7
Microsoft realizes it hasn't updated list of banned dodgy Windows 10 drivers in years
Hope no one was relying on that to block threats, er, yeah?
Patches26 Oct 2022 | 13
CISA warns of security holes in industrial Advantech, Hitachi kit
When we concede that everything has bugs, we wish it wasn't quite everything
Patches20 Oct 2022 | 2
It’s Patch Tuesday and still no fix for ProxyNotShell Microsoft Exchange holes
Patch Tuesday And for bonus points, there's a Windows flaw under active exploit
Patches11 Oct 2022 | 21
Fortinet warns of critical flaw in its security appliance OSes, admin panels
Naturally, they're already under attack – so you know what to do next
Patches11 Oct 2022 | 15
Make your neighbor think their house is haunted by blinking their Ikea smart bulbs
Radio comms vulnerabilities detailed
Patches08 Oct 2022 | 54
Atlassian, Microsoft bugs on CISA’s must-patch list after exploitation spree
Some days, security just feels like a total illusion. OK, most days...
Patches04 Oct 2022 | 7
Sophos fixes critical firewall hole exploited by miscreants
Code-injection bug in your network security... mmm, yum yum
Patches28 Sep 2022 | 9
Alert: 15-year-old Python tarfile flaw lurks in 'over 350,000' code projects
Oh cool, a 5,500-day security hole
Patches22 Sep 2022 | 53
WordPress-powered sites backdoored after FishPig suffers supply chain attack
And two other security snafus in this web publishing world
Patches15 Sep 2022 | 18
Microsoft fixes Windows security hole likely widely exploited by miscreants
Patch Tuesday Plus: Nasty no-auth RCE in TCP/IP stack, Adobe flaws, and many more updates
Patches13 Sep 2022 | 14
Google urges open source community to fuzz test code
We'll even get our checkbook out, web giant says
Patches08 Sep 2022 | 10
Go programming language arrives at security warnings that are useful
Low-noise tool hopes to highlight vulnerabilities imported into projects
Patches06 Sep 2022 | 6
Critical hole in Atlassian Bitbucket allows any miscreant to hijack servers
Grab and deploy this backend update if you offer even repo read access
Patches29 Aug 2022 | 6
80,000 internet-connected cameras still vulnerable after critical patch offered
Just more IoT conscripts for the botnet armies
Patches24 Aug 2022 | 15
If you haven't patched Zimbra holes by now, assume you're toast
Here's how to detect an intrusion via vulnerable email systems
Patches23 Aug 2022 |
Google, Apple squash exploitable browser bugs
Chrome flaw has public exploit, WebKit hole actively abused along with kernel escalation
Patches17 Aug 2022 | 8
Warning! Critical flaws found in US Emergency Alert System
DEF CON may be about to blow lid off security hole
Patches05 Aug 2022 | 14
VMware patches critical 'make me admin' auth bypass bug, plus nine other flaws
Meanwhile, a security update for rsync
Patches03 Aug 2022 | 1
Atlassian reveals critical flaws in almost everything it makes and touches
Fixes issued, warns it 'has not exhaustively enumerated all potential consequences'
Patches21 Jul 2022 | 13
CISA pulls the fire alarm on Juniper Networks bugs
Hate to ruin your Friday
Patches15 Jul 2022 | 3
Homeland Security warns: Expect Log4j risks for 'a decade or longer'
Great, another thing that's gone endemic
Patches14 Jul 2022 | 12
X.org servers update closes 2 security holes, adds neat component tweaks
Arbitrary code execution flaws in the X Keyboard Extension were bad news
Patches13 Jul 2022 | 7
Microsoft's July Patch Tuesday fixes actively exploited bug
Patch Tuesday No, Windows Autopatch didn't kill the monthly patchapalooza
Patches12 Jul 2022 | 8
Take the day off: Windows Autopatch is live and can even fix cloudy PCs
But first, there's a whole lot of AD and Intune prep to be done
Patches12 Jul 2022 | 13
Google updates Chrome to squash actively exploited WebRTC Zero Day
How sad – this looks like a fine excuse to avoid video conferences for a while
Patches05 Jul 2022 | 11
OpenSSL 3.0.5 awaits release to fix potential worse-than-Heartbleed flaw
Updated Though severity up for debate, and limited chips affected, broken tests hold back previous patch from distribution
Patches27 Jun 2022 | 10
Cisco warns of security holes in its security appliances
Bugs potentially useful for rogue insiders, admin account hijackers
Patches22 Jun 2022 | 11
Microsoft fixes under-attack Windows zero-day Follina
Patch Tuesday Plus: Intel, AMD react to Hertzbleed data-leaking holes in CPUs
Patches15 Jun 2022 | 4
Atlassian: Unpatched years-old flaw under attack right now to hijack Confluence
Updated One option: Take the thing offline until Friday patch applied
Patches03 Jun 2022 | 20
CIOs largely believe their software supply chain is vulnerable
Internal bureaucracy and barriers hold up roll out of defenses, report finds
Patches31 May 2022 | 3
Ransomware attack sends US county back to 1977
In brief Also: Uni details its malware-catching AI, signs of China poking the Russian cyber-bear, and more
Patches29 May 2022 | 8
Talos names eight deadly sins in widely used industrial software
Entire swaths of gear relies on vulnerability-laden Open Automation Software (OAS)
Patches27 May 2022 | 6
Patch now: Zoom chat messages can infect PCs, Macs, phones with malware
Google Project Zero blows lid off bug involving that old chestnut: XML parsing
Patches24 May 2022 | 4
Screencastify fixes bug that would have let rogue websites spy on webcams
Updated School-friendly Chrome extension still not fully protected, privacy guru warns
Patches24 May 2022 | 3
If you've got Intel inside, you probably need to get these security patches inside, too
So. Many. BIOS. Bugs
Patches12 May 2022 | 9
Microsoft closes Windows LSA hole under active attack
Plus many more flaws. And Adobe, Android, SAP join the bug-squashing frenzy
Patches11 May 2022 | 8
F5, Cisco admins: Stop what you're doing and check if you need to install these patches
Updated BIG-IP iControl authentication bypass, NFV VM escape, and more
Patches06 May 2022 | 6
Critical vulnerabilities found in 'millions of Aruba and Avaya switches'
Airports, hospitals, hotels, and more need to deploy patches for hijack bugs
Patches03 May 2022 | 31
Microsoft points at Linux and shouts: Look, look! Privilege-escalation flaws here, too!
Will Redmond start code-naming Windows make-me-admin bugs?
Patches27 Apr 2022 | 111
AWS's Log4j patches blew holes in its own security
Remote code exec is so 2014. Have this container escape and privilege escalation, instead
Patches20 Apr 2022 | 10
Apache says Struts 2 security bug wasn't fully fixed in 2020
But this time the patch should do the trick
Patches13 Apr 2022 | 3
Git for Windows issues update to fix running-someone-else’s-code vuln
Running a multi-user Windows environment and Git? Time to patch
Patches13 Apr 2022 | 2
Microsoft's huge Patch Tuesday includes fix for bug under attack
April bundle addresses 100-plus vulnerabilities including 10 critical RCEs
Patches13 Apr 2022 | 15
Critical bug allows attacker to remotely control medical robot
CVSS 9.8 flaws are not what you want in a hospital robot
Patches12 Apr 2022 | 12
Biting the hand that feeds IT
