patch Archives - Help Net Security

patch

46% of all on-prem databases are vulnerable to attack, breaches expected to grow

September 15, 2021

46% of all on-prem databases globally are vulnerable to attack, according to a research by Imperva. A five-year longitudinal study comprising nearly 27,000 scanned databases …

Why XSS is still an XXL issue in 2021

June 15, 2021

Cross-site scripting (XSS) attacks take advantage of coding flaws in the way websites or web applications generate input from users. Despite their longstanding reputation as a …

Why is patch management so difficult to master?

May 26, 2021

This question has plagued IT and security departments for years. Each month these teams struggle to keep up with the number of patches issued by the myriad of vendors in their …

When exploit code precedes a patch, attackers gain a massive head start

May 14, 2021

Cybersecurity researchers that publicize exploit code used in cyberattacks are giving a clear and unequivocal advantage to attackers, new research conducted by Kenna Security …

SolarWinds breach severity perception increasing over time

April 1, 2021

(ISC)² has published the results of an online survey of 303 cybersecurity professionals from around the globe in which respondents compared their perception of the severity of …

Security starts with architecture

March 4, 2021

The battle against hackers and threats is an arms race against highly motivated opponents, and with the number of attacks and threats continually growing, it’s …

57% of vulnerabilities in 2020 were classified as critical or high severity

February 17, 2021

NIST logged more than 18,000 vulnerabilities in 2020, over 10,000 of which were critical or high severity – an all-time high. Redscan’s analysis looks beyond severity scores, …

Apple fixes three actively exploited iOS zero-days

January 27, 2021

Apple has release a new batch of security updates and has fixed three iOS zero-days that “may have been actively exploited” by attackers. The three zero-days Two …

Cisco re-patches wormable Jabber RCE flaw

December 14, 2020

In September 2020, Cisco patched four Jabber vulnerabilities (including one wormable RCE flaw), but as it turns out, three of four have not been sufficiently mitigated. The …

December 2020 Patch Tuesday forecast: Always consider the risk

December 4, 2020

The final Patch Tuesday of the year is upon us and what a year it has been. Forcing many changes this year, the pandemic has impacted the way we conduct both security and IT …

The effectiveness of vulnerability disclosure and exploit development

November 19, 2020

New research into what happens after a new software vulnerability is discovered provides an unprecedented window into the outcomes and effectiveness of responsible …

Critical flaw gives attackers control of vulnerable SAP business applications

July 14, 2020

SAP has issued patches to fix a critical vulnerability (CVE-2020-6287) that can lead to total compromise of vulnerable SAP installations by a remote, unauthenticated attacker. …

patch

46% of all on-prem databases are vulnerable to attack, breaches expected to grow

Why XSS is still an XXL issue in 2021

Why is patch management so difficult to master?

When exploit code precedes a patch, attackers gain a massive head start

SolarWinds breach severity perception increasing over time

Security starts with architecture

57% of vulnerabilities in 2020 were classified as critical or high severity

Apple fixes three actively exploited iOS zero-days

Cisco re-patches wormable Jabber RCE flaw

December 2020 Patch Tuesday forecast: Always consider the risk

The effectiveness of vulnerability disclosure and exploit development

Critical flaw gives attackers control of vulnerable SAP business applications

Don't miss

Released: MITRE ATT&CK v10

New infosec products of the week: October 22, 2021

CDR: The secret cybersecurity ingredient used by defense and intelligence agencies

Embracing secure hybrid work with four foundational IT controls

Fraud never sleeps: Why biometrics is essential for effective fraud prevention