Tag: update
-
Palo Alto Networks customers grapple with another actively exploited zero-day
by
in SecurityNewsThe security vendor warned of an unconfirmed vulnerability in PAN-OS earlier this month. A CVE;entry and patch came 10 days later. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/palo-alto-networks-pan-os-firewall-zero-day/733336/
-
Apple Security Update: Addressing Critical Vulnerabilities in Apple Software
by
in SecurityNewsApple recently rolled out a security update that addresses critical vulnerabilities in multiple Apple devices. Released on November 19, the Apple security update impacts various platforms, including iOS, iPadOS, macOS, visionOS, and Safari, and is aimed at protecting users from increasingly sophisticated cyber threats. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/apple-security-update-nov-2024/
-
Oracle Linux 9 Update 5 brings security updates, OpenJDK 17, .NET 9.0
by
in SecurityNewsOracle Linux offers a secure, streamlined platform for deploying and managing applications across on-premises, cloud, and edge environments. Designed for demanding workloads, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/20/oracle-linux-9-update-5/
-
Apple Issues Emergency Security Update for Actively Exploited Vulnerabilities
by
in SecurityNewsApple has urged customers to download the security updates, which address vulnerabilities relating to the JavaScriptCore and WebKit frameworks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/apple-security-update/
-
Apple addressed two actively exploited zero-day vulnerabilities
by
in SecurityNewsApple released security updates for iOS, iPadOS, macOS, visionOS, and Safari browser to address two actively exploited zero-day flaws. Apple released security updates for two zero-day vulnerabilities, tracked as CVE-2024-44309 and CVE-2024-44308, in iOS, iPadOS, macOS, visionOS, and Safari web browser, which are actively exploited in the wild. The vulnerability CVE-2024-44309 is a cookie management issue…
-
Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308)
by
in SecurityNewsApple has released emergency security updates for macOS Sequoia that fix two zero-day vulnerabilities (CVE-2024-44309, CVE-2024-44308) that >>may have been actively … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/20/cve-2024-44309-cve-2024-44308/
-
HashiCorp Vault scalability updates target big enterprises
by
in SecurityNewsHashiCorp Vault 1.18 updates make it more suited to large companies, which the vendor is courting with a lighter cloud migration push than with Terraf… First seen on techtarget.com Jump to article: www.techtarget.com/searchitoperations/news/366614052/HashiCorp-Vault-scalability-updates-target-big-enterprises
-
Trend Micro Deep Security Vulnerable to Command Injection Attacks
by
in SecurityNewsTrend Micro has released a critical update addressing a remote code execution (RCE) vulnerability (CVE-2024-51503) in its Trend Micro Deep Security 20 Agent. This vulnerability, identified as a manual scan command injection flaw, allows attackers to execute arbitrary code on affected machines, potentially leading to privilege escalation across the domain. This vulnerability affects the manual…
-
Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities
by
in SecurityNewsApple has released security updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser to address two zero-day flaws that have come under active exploitation in the wild.The flaws are listed below -CVE-2024-44308 – A vulnerability in JavaScriptCore that could lead to arbitrary code execution when processing malicious web contentCVE-2024-44309 – A cookie management…
-
Apple says Mac users targeted in zero-day cyberattacks
by
in SecurityNewsApple said the security update for Macs, iPhones, and iPads is “recommended for all users.” First seen on techcrunch.com Jump to article: techcrunch.com/2024/11/19/apple-says-mac-users-targeted-in-zero-day-cyberattacks/
-
Apple fixes two zero-days used in attacks on Intel-based Macs
by
in SecurityNewsApple released emergency security updates to fix two zero-day vulnerabilities that were exploited in attacks on Intel-based Mac systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apple-fixes-two-zero-days-used-in-attacks-on-intel-based-macs/
-
Apple Confirms Zero-Day Attacks Hitting macOS Systems
by
in SecurityNewsApple rushes out out major macOS and iOS security updates to cover a pair of vulnerabilities already being exploited in the wild. The post Apple Confirms Zero-Day Attacks Hitting macOS Systems appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/apple-confirms-zero-day-attacks-hitting-intel-based-macs/
-
MSSP Market Update: CISA Director Expected to Depart
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/mssp-market-update-cisa-director-expected-to-depart
-
Apple Confirms Zero-Day Attacks Hitting Intel-based Macs
by
in SecurityNewsApple rushes out out major macOS and iOS security updates to cover a pair of vulnerabilities already being exploited in the wild. The post Apple Confirms Zero-Day Attacks Hitting Intel-based Macs appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/apple-confirms-zero-day-attacks-hitting-intel-based-macs/
-
Microsoft plans to boot security vendors out of the Windows kernel
by
in SecurityNewsMicrosoft has announced the Windows Resiliency Initiative, aimed at avoiding a repeat of the prolonged worldwide IT outage caused by a buggy CrowdStrike update that took down … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/19/windows-kernel-security-vendors/
-
Unraveling Raspberry Robin’s Layers: Analyzing Obfuscation Techniques and Core Mechanisms
by
in SecurityNewsIntroductionDiscovered in 2021, Raspberry Robin (also known as Roshtyak) is a malicious downloader that has circulated in the wild for several years, primarily spreading through infected USB devices. Although USB devices are a common and unremarkable tactic for spreading malware, Raspberry Robin stands out due to its unique binary-obfuscation techniques, extensive use of anti-analysis methods,…
-
New Windows 11 recovery tool to let admins remotely fix unbootable devices
by
in SecurityNewsMicrosoft is working on a new Windows “Quick Machine Recovery” feature that will allow IT administrators to use Windows Update “targeted fixes” to remotely fix systems rendered unbootable. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-quick-machine-recovery-lets-admins-remotely-fix-unbootable-devices/
-
Palo Alto Networks Patches Critical Firewall Vulnerability
by
in SecurityNewsPalo Alto advised users to patch urgently as the vulnerability is critical and actively exploited in the wild First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/palo-alto-patches-critical/
-
Microsoft beefs up Windows security with new recovery and patching features
by
in SecurityNewsIn the aftermath of the devastating CrowdStrike outage this July, Microsoft vowed to do better even though it insisted that the event was an aberration. Evidently unwilling to take chances (or risk further hits to its credibility), the company on Tuesday, during Microsoft Ignite 2024, shared how it’s making changes to Windows to prevent similar…
-
Windows 11: Security-Updates für das sicherste Betriebssystem der Welt
by
in SecurityNewsInfolge des CrowdStrike-Debakels baut Microsoft die Sicherheitsfunktionen von Windows deutlich aus. Auch Drittentwickler werden streng an die Leine genommen. First seen on heise.de Jump to article: www.heise.de/news/Windows-11-Security-Updates-fuer-das-sicherste-Betriebssystem-der-Welt-10057468.html
-
Oracle patches exploited Agile PLM vulnerability (CVE-2024-21287)
by
in SecurityNewsOracle has released a security patch for CVE-2024-21287, a remotely exploitable vulnerability in the Oracle Agile PLM Framework that is, according to Tenable researchers, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/19/cve-2024-21287/
-
AlmaLinux 9.5 released: Security updates, new packages, and more!
by
in SecurityNewsAlmaLinux is a free, open-source, enterprise-grade Linux distribution. Governed and owned by the community, it offers a production-ready platform with binary compatibility to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/19/almalinux-9-5-teal-serval-released/
-
Microsoft SharePoint RCE flaw exploits in the wild you’ve had 3 months to patch
by
in SecurityNewsFirst seen on theregister.com Jump to article: www.theregister.com/2024/10/23/microsoft_sharepoint_rce_exploited/
-
PAN-OS Firewall Vulnerability Under Active Exploitation IoCs and Patch Released
by
in SecurityNewsPalo Alto Networks has released new indicators of compromise (IoCs) a day after the network security vendor confirmed that a zero-day vulnerability impacting its PAN-OS firewall management interface has been actively exploited in the wild.To that end, the company said it observed malicious activity originating from below IP addresses and targeting PAN-OS management web interface…
-
Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble
by
in SecurityNewsIf you didn’t fix this a month ago, your to-do list probably needs a reshuffle First seen on theregister.com Jump to article: www.theregister.com/2024/11/18/vmware_vcenter_rce_exploited/
-
Palo Alto Networks patches two firewall zero-days used in attacks
by
in SecurityNewsPalo Alto Networks has finally released security updates for an actively exploited zero-day vulnerability in its Next-Generation Firewalls (NGFW). First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/palo-alto-networks-patches-two-firewall-zero-days-used-in-attacks/
-
MSSP Market Update: MSSP 250 Research the State of the Market 2024
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/mssp-market-update-mssp-250-research-the-state-of-the-mssp-market-2024
-
Security Update: Bitsight to Expand its Threat Intelligence with Cybersixgill Deal
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/security-update-bitsight-to-expand-its-threat-intelligence-with-cybersixgill-deal
-
Facebook Malvertising Campaign Spreads Malware via Fake Bitwarden
by
in SecurityNewsA Facebook malvertising campaign disguised as Bitwarden updates spreads malware, targeting business accounts. Users are tricked into installing… First seen on hackread.com Jump to article: hackread.com/facebook-malvertising-malware-via-fake-bitwarden/
-
Palo Alto Networks Patches Critical Zero-Day Firewall Bug
by
in SecurityNewsThe security vendor’s Expedition firewall appliance’s PAN-OS interface tool has racked up four critical security vulnerabilities under active attack in November, leading tit to advise customers to update immediately or and take them off the Internet. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/palo-alto-networks-patches-critical-zero-day-bug-firewalls