Tag: update
-
Free Blue Screens of Death for Windows 11 24H2 users
by
in SecurityNewsMicrosoft rewards those who patch early with bricks hurled through its operating system First seen on theregister.com Jump to article: www.theregister.com/2025/04/16/microsofts_latest_windows_updates/
-
MITRE support expires for ‘pillar of cybersecurity industry,’ CVE program
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/mitre-support-expires-for-pillar-of-cybersecurity-industry-cve-program
-
Apple fixes two zero-days exploited in targeted iPhone attacks
by
in SecurityNewsApple released emergency security updates to patch two zero-day vulnerabilities that were used in an “extremely sophisticated attack” against specific targets’ iPhones. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apple-fixes-two-zero-days-exploited-in-targeted-iphone-attacks/
-
Interlock Ransomware Uses Multi-Stage Attack Through Legitimate Websites to Deliver Malicious Browser Updates
by
in SecurityNewsThe Interlock ransomware intrusion set has escalated its operations across North America and Europe with sophisticated techniques. Not falling under the typical Ransomware-as-a-Service (RaaS) category, Interlock operates independently, focusing primarily on Big Game Hunting and double extortion campaigns. This group’s activities have been closely monitored by cybersecurity firms such as Sekoia Threat Detection & Research…
-
Patch Now: NVDIA Flaws Expose AI Models, Critical Infrastructure
by
in SecurityNewsA fix for a critical flaw in a tool allowing organizations to run GPU-accelerated containers released last year did not fully mitigate the issue, spurring the need to patch a secondary flaw to protect organizations that rely on NVIDIA processors for AI workloads. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/buggy-nvdia-patch-exposes-ai-models-critical-infrastructure
-
Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak – P2
by
in SecurityNewsThis is Part 2 of our two-part technical analysis on Mustang Panda’s new tools. For details on ToneShell and StarProxy, go to Part 1.IntroductionIn addition to the new ToneShell variants and StarProxy, Zscaler ThreatLabz discovered two new keyloggers used by Mustang Panda that we have named PAKLOG and CorKLOG as well as an EDR evasion…
-
CVE program averts swift end after CISA executes 11-month contract extension
by
in SecurityNews
Tags: china, cisa, computer, cve, cyber, cybersecurity, data, defense, detection, endpoint, flaw, framework, government, infrastructure, intelligence, linkedin, mitre, nist, nvd, russia, service, software, technology, threat, update, vulnerability, vulnerability-managementImportant update April 16, 2025: Since this story was first published, CISA signed a contract extension that averts a shutdown of the MITRE CVE program.A CISA spokesperson sent CSO a statement saying, “The CVE Program is invaluable to cyber community and a priority of CISA. Last night, CISA executed the option period on the contract to ensure…
-
Sicherheits-Desaster: Trump stoppt mit DOGE die MITRE-Finanzierung; CVE-Datenbank eingestellt? Update: Es geht doch weiter
by
in SecurityNewsEine schlechte Nachricht für die Cybersicherheit. Die US-Administration unter Präsident Donald Trump hat über deren DOGE-Programm wohl die Finanzierung von MITRE gestoppt, so dass die von dieser Organisation gepflegte CVE-Datenbank, die über Sicherheitslücken informiert, eingestellt werden muss. Nachtrag: Es hat … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/04/16/sicherheits-desaster-trump-stoppt-mit-doge-die-mitre-finanzierung/
-
Oracle April 2025 Critical Patch Update Addresses 171 CVEs
by
in SecurityNewsOracle addresses 171 CVEs in its second quarterly update of 2025 with 378 patches, including 40 critical updates. Background On April 15, Oracle released its Critical Patch Update (CPU) for April 2025, the second quarterly update of the year. This CPU contains fixes for 171 unique CVEs in 378 security updates across 32 Oracle product…
-
Microsoft warns of blue screen crashes caused by April updates
by
in SecurityNewsMicrosoft warned customers this week that their systems might crash with a blue screen error caused by a secure kernel fatal error after installing Windows updates released since March. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-blue-screen-crashes-caused-by-april-updates/
-
American Sigh
by
in SecurityNewsA long, long time ago I can still remember How those CVEs would make me smile And I knew if I had my chance To patch a vuln or take a stance Maybe we’d be secure for a while But April ides made me shiver With each leaked memo and press release delivered Bad news……
-
Tails 6.14.2 Released with Critical Fixes for Linux Kernel Vulnerabilities
by
in SecurityNewsThe Tails Project has urgently releasedTails 6.14.2, addressing critical security vulnerabilities in the Linux kernel and the Perl programming language. This emergency release is vital for users who rely on Tails’ security and privacy features, following the discovery of multiple flaws that could compromise system safety. Critical Security Vulnerabilities Addressed The most significant updates in…
-
Oracle Issues Patch for 378 Vulnerabilities in Major Security Rollout
by
in SecurityNewsOracle Corporation has released a sweeping Critical Patch Update (CPU) for April 2025, addressing a staggering 378 security vulnerabilities across a wide array of its product families. The rollout underscores Oracle’s continued commitment to proactive cybersecurity and comes amid ongoing reports of malicious exploits targeting unpatched systems worldwide. This massive update, delivered under Oracle’s regular…
-
Hacker bleiben auch nach Patches im System Weiteres Update erforderlich
by
in SecurityNewsHacker haben eine Möglichkeit gefunden, auch nach der Installation von Sicherheitsupdates in den Systemen von FortiGate-Geräten zu verbleiben. Diesen Zugriff soll ein neues Update nun beenden. First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/fortinet-hacker-bleiben-auch-nach-patches-im-system—weiteres-update-erforderlich
-
KB5002623 behebt Patchday-Fehler – Notfall-Update für Microsoft Office behebt kritischen Fehler
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/microsoft-office-2016-update-kb5002623-behebt-absturzprobleme-a-9084d0054e8510dae99ea82a1f954257/
-
MITRE CVE Program Funding Set To Expire
by
in SecurityNews
Tags: cve, cvss, cybersecurity, data, github, identity, intelligence, mitre, monitoring, nist, technology, update, vulnerability, vulnerability-managementMITRE’s CVE program has been an important pillar in cybersecurity for over two decades. The lack of certainty surrounding the future of the CVE program creates great uncertainty about how newly discovered vulnerabilities will be cataloged. Background On April 15, reports circulated that the contract for funding the Common Vulnerabilities and Exposures (CVE) program along…
-
The most dangerous time for enterprise security? One month after an acquisition
by
in SecurityNewsFear of upgrading or purchasing any new security tech. Managers are hesitant to invest because they don’t know what the new parent company will decide, and they don’t want to waste money.Talented security people leave, along with the best people in every business unit. They are worried about being laid off, so they take whatever…
-
Introducing Wyo Support ADAMnetworks LTP
by
in SecurityNews
Tags: attack, best-practice, business, compliance, cyber, cybersecurity, data, email, endpoint, finance, GDPR, government, guide, healthcare, infrastructure, insurance, law, linkedin, PCI, phishing, radius, ransomware, regulation, service, skills, strategy, technology, threat, tool, training, update, zero-trustADAMnetworks is excited to announce Wyo Support to the family of Licensed Technology Partners. “After working with the various systems and technologies, there are few that compare with the protection that ADAMnetworks provides. It reduces the attack surface from the broad side of a barn down to the size of a keyhole. No other technology…
-
For security, Android phones will now auto-reboot after three days
by
in SecurityNewsThe update comes months after Apple pushed its own “inactivity reboot” feature. First seen on techcrunch.com Jump to article: techcrunch.com/2025/04/15/for-security-android-phones-will-now-auto-reboot-after-three-days/
-
Incomplete NVIDIA patch threatens containerized environments
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/incomplete-nvidia-patch-threatens-containerized-environments
-
Faulty Nvidia Bug Patch Puts AI Containers at Risk
by
in SecurityNewsTrend Micro Finds Security Gap in Nvidia Container Toolkit. Users of software developed by AI powerhouse Nvidia for running containerized software on its GPU chips could still be vulnerable to hacks even if they applied a September 2024 patch, warns cybersecurity firm Trend Micro. The core issue lies in symbolic link handling. First seen on…
-
Landmark Admin data breach impact now reaches 1.6 million people
by
in SecurityNewsLandmark Admin has issued an update to its investigation of a cyberattack it suffered in May 2024, increasing the number of impacted individuals to 1.6 million. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/landmark-admin-data-breach-impact-now-reaches-16-million-people/
-
Incomplete patching leaves Nvidia, Docker exposed to DOS attacks
by
in SecurityNewsMitigations include restricting Docker access: CVE-2024-0132 first received a fix in September 2024, which did not fully patch the flaw and left a patch bypass issue tracked as CVE-2025-23359. Nvidia fixed the bypass in February which Trend Micro believes to be lacking.The problem is that the fix, issued with the version 1.17.4 update, includes an…
-
App Connect Enterprise – IBM repariert Patch und schließt kritische Sicherheitslücke
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/ibm-behebt-sicherheitsluecke-app-connect-enterprise-a-4bd7359bb9127b8334e195ef30298268/
-
Incomplete Patch Leaves NVIDIA and Docker Users at Risk
by
in SecurityNewsNVIIA’s incomplete security patch, combined with a Docker vulnerability, creates a serious threat for organizations using containerized environments. This article explains the risks and mitigation strategies. First seen on hackread.com Jump to article: hackread.com/incomplete-patch-leaves-nvidia-docker-users-at-risk/
-
RCE Exploit Uncovered in Ivanti VPN After Silent Patch Oversight
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/rce-exploit-uncovered-in-ivanti-vpn-after-silent-patch-oversight
-
Fortinet Finds Attackers Maintain Access Post-Patch via SSL-VPN Symlink Exploit
First seen on scworld.com Jump to article: www.scworld.com/brief/fortinet-finds-attackers-maintain-access-post-patch-via-ssl-vpn-symlink-exploit
-
Trend Micro Flags Incomplete Nvidia Patch That Leaves AI Containers Exposed
by
in SecurityNewsTrend Micro researchers flagging problems with Nvidia’s patch for a critical, code execution vulnerability in the Nvidia Container Toolkit. The post Trend Micro Flags Incomplete Nvidia Patch That Leaves AI Containers Exposed appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/trend-micro-flags-incomplete-nvidia-patch-that-leaves-ai-containers-exposed/
-
Attackers Maintaining Access to Fully Patched Fortinet Gear
by
in SecurityNewsSymbolic Links Planted by Attackers Survived Patching, Provide Read-Only Access. Attackers have been using a new type of post-exploitation technique to maintain remote access to hacked Fortinet FortiGuard devices – even if they had the latest patches – by dropping symbolic links in the device’s filesystem designed to survive the patching process, the vendor has…