Archive for the ‘Security patching’ Category

How to hack an unpatched Exchange server with rogue PowerShell code

ust under two months ago, some worrying bug news broke: a pair of zero-day vulnerabilities were announced in Microsoft Exchange. As we advised at the time, these vulnerabilities, officially designated CVE-2022-41040 and CVE-2022-41082: [were] two zero-days that [could] be chained together, with the first bug used remotely to open enough of a hole to trigger the second bug, which […]

Leave a Comment

Move over Patch Tuesday – it’s Ada Lovelace Day!

The second Tuesday of every month is Microsoft’s regular day for security updates, still known by almost everyone by its unofficial nickname of “Patch Tuesday”. But the second Tuesday in October is also Ada Lovelace Day, celebrating Ada, Countess of Lovelace. Ada was a true pioneer not only of computing, but also of computer science, and gave […]

Leave a Comment

Critical Samba bug could let anyone become Domain Admin – patch now!

Leave a Comment

Apple security updates are out – and not a Log4Shell mention in sight

Amongst all the brouhaha about Log4Shell, it’s easy to forget all the other updates that surround us. Not only is it Patch Tuesday (keep your eye on our sister site news.sophos.com for the latest on that score later in the day)… …but it’s also time to check your Apple devices, because Apple just pushed out a slew of […]

Leave a Comment

Fortinet FortiWeb OS Command Injection allows takeover servers remotely

Fortinet addresses a command injection vulnerability that can allow attackers to take complete control of servers running vulnerable FortiWeb WAF installs. An authenticated attacker could execute arbitrary commands as the root user on the underlying system via the SAML server configuration page. Experts pointed out that the flaw could be chained with an authentication bypass flaw that […]

Leave a Comment

April 2021 Patch Tuesday forecast: Security best practices

Those of us in the security industry saw the need to identify and share incident and vulnerability information, but unfortunately ‘security through obscurity’ was often the approach taken – operations over protection. Fast forward to today, and whether you agree or disagree with the state of software security, we at least have the forums and […]

Leave a Comment

Patch now to stop hackers blindly crashing your Windows computers

There were 56 newly-reported vulnerabilities fixed in this month’s patches from Microsoft, with four of them offering attackers the chance of finding remote code execution (RCE) exploits. Remote code execution is where otherwise innocent-looking data that’s sent in from outside your network can trigger a bug and take over your computer. Bugs that make it possible for booby-trapped chunks […]

Leave a Comment

Google Says Upgrade To Windows 10 After Critical Flaws Found In Chrome And Windows 7

Hot on the heels of disclosing a critical zero-day vulnerability in Chrome that was being exploited in the wild by attackers, Google has now uncovered another critical zero-day that is being used alongside it to take over Windows machines. Source: Google Says Upgrade To Windows 10 After Critical Flaws Found In Chrome And Windows 7

Leave a Comment

Did you hear the one about Cisco routers using strcpy insecurely for login authentication? Makes you go AAAAA-AAAAAAArrg *segfault*

RV110W, RV130W, RV215W need patching to close remote hijacking bug Source: Did you hear the one about Cisco routers using strcpy insecurely for login authentication? Makes you go AAAAA-AAAAAAArrg *segfault* Enter your email address: Delivered by FeedBurner

Leave a Comment

Windows 7 and Server 2008 Updates to Require SHA-2 Support Starting July

Microsoft announced on its support website that future Windows 7 and Windows Server 2008 updates will require SHA-2 code signing support to be installed starting with July 16, 2019. Source: Windows 7 and Server 2008 Updates to Require SHA-2 Support Starting July

Leave a Comment

Businesses can safely delay patching most vulnerabilities

Patching vulnerabilities is often seen as a key element of keeping systems secure. But a new report suggests businesses could be ‘smarter’ in their patching regimes and prioritize the i… Source: Businesses can safely delay patching most vulnerabilities 🔒 securing the business 🔒 DISC InfoSec  

Leave a Comment