Time to Patch – Page 6 – Computer Security Articles

‘Wormable’ Flaw Leads January 2022 Patch Tuesday

February 2, 2022 admin cve-2021-22947, cve-2021-36976, cve-2022-21846, cve-2022-21907, dustin childs, Exchange Server, http protocol stack, Latest Warnings, microsoft patch tuesday january 2022, national security agency, Rapid7, Satnam Narang, Tenable, The Coming Storm, Time to Patch, Trend Micro, Zero Day Initiative

Credit to Author: BrianKrebs| Date: Tue, 11 Jan 2022 22:18:55 +0000

Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. Six of the vulnerabilities were publicly detailed already, potentially giving attackers a head start in figuring out how to exploit them in unpatched systems. More concerning, Microsoft warns that one of the flaws fixed this month is “wormable,” meaning no human interaction would be required for an attack to spread from one vulnerable Windows box to another.

Independent Krebs

Microsoft Patch Tuesday, March 2020 Edition

March 17, 2020 admin animesh jain, application inspector, cve-2020-0688, cve-2020-0852, cve-2020-0872, Qualys, Recorded Future, Time to Patch

Credit to Author: BrianKrebs| Date: Tue, 10 Mar 2020 23:44:29 +0000

Microsoft Corp. today released updates to plug more than 100 security holes in its various Windows operating systems and associated software. If you (ab)use Windows, please take a moment to read this post, backup your system(s), and patch your PCs.

Independent Krebs

Zyxel 0day Affects its Firewall Products, Too

February 26, 2020 admin 0day, alex holden, Latest Warnings, Time to Patch, Zero-Day, zyxel

Credit to Author: BrianKrebs| Date: Wed, 26 Feb 2020 14:43:31 +0000

On Monday, networking hardware maker Zyxel released security updates to plug a critical security hole in its network attached storage (NAS) devices that is being actively exploited by crooks who specialize in deploying ransomware. Today, Zyxel acknowledged the same flaw is present in many of its firewall products.

Independent Krebs

Zyxel Fixes 0day in Network Storage Devices

February 24, 2020 admin 0day, 500mhz, alex holden, cert coordination center, cert-cc, cve-2020-9054, DHS, emotet, Hold Security, Latest Warnings, ransomware, The Coming Storm, Time to Patch, Zero-Day, zyxel communications corp.

Credit to Author: BrianKrebs| Date: Mon, 24 Feb 2020 17:13:11 +0000

Networking hardware vendor Zyxel today released an update to fix a critical flaw in many of its network attached storage (NAS) devices that can be used to remotely commandeer them. The patch comes 12 days after KrebsOnSecurity alerted the company that precise instructions for exploiting the vulnerability were being sold for $20,000 in the cybercrime underground. Based in Taiwan, Zyxel Communications Corp. (a.k.a “ZyXEL”) is a maker of networking devices, including Wi-Fi routers, NAS products and hardware firewalls. The company has roughly 1,500 employees and boasts some 100 million devices deployed worldwide. While in many respects the class of vulnerability addressed in this story is depressingly common among Internet of Things (IoT) devices, the flaw is notable because it has attracted the interest of groups specializing in deploying ransomware at scale.

Independent Krebs

Microsoft Patch Tuesday, February 2020 Edition

February 11, 2020 admin alan liska, cve-2019-1280, cve-2020-0618, cve-2020-0674, cve-2020-0688, Jimmy Graham, microsoft patch tuesday february 2020, Qualys, Recorded Future, Time to Patch

Credit to Author: BrianKrebs| Date: Tue, 11 Feb 2020 23:13:57 +0000

Microsoft today released updates to plug nearly 100 security holes in various versions of its Windows operating system and related software, including a zero-day vulnerability in Internet Explorer (IE) that is actively being exploited. Also, Adobe has issued a bevy of security updates for its various products, including Flash Player and Adobe Reader/Acrobat.

Independent Krebs

Apple Addresses iPhone 11 Location Privacy Concern

January 22, 2020 admin A Little Sunshine, apple, brandon butch, iphone 11, Time to Patch, ultra wideband

Credit to Author: BrianKrebs| Date: Wed, 22 Jan 2020 23:14:48 +0000

Apple is rolling out a new update to its iOS operating system that addresses the location privacy issue on iPhone 11 devices that was first detailed here last month.

Independent Krebs

Patch Tuesday, January 2020 Edition

January 14, 2020 admin cve-2020-0601, johns hopkins university, Kenneth White, matthew green, MongoDB, Qualys, Time to Patch, Windows 10

Credit to Author: BrianKrebs| Date: Wed, 15 Jan 2020 02:31:50 +0000

Microsoft today released updates to plug 50 security holes in various flavors of Windows and related software. The patch batch includes a fix for a flaw in Windows 10 and server equivalents of this operating system that prompted an unprecedented public warning from the U.S. National Security Agency. This month also marks the end of mainstream support for Windows 7, a still broadly-used operating system that will no longer be supplied with security updates.

Independent Krebs

Cryptic Rumblings Ahead of First 2020 Patch Tuesday

January 13, 2020 admin anne neuberger, cert coordination center, cert-cc, crypt32.dll, microsoft, microsoft cryptoapi, national security agency, NSA, patch tuesday january 2020, Time to Patch, will dormann, windows

Credit to Author: BrianKrebs| Date: Mon, 13 Jan 2020 22:17:47 +0000

Sources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from disclosing details of the flaw prior to Jan. 14, the first Patch Tuesday of 2020.