patch Archives - Help Net Security

patch

Easily bypassed patch makes zero-click Outlook flaw exploitable again (CVE-2023-29324)

May 10, 2023

Among the vulnerabilities fixed by Microsoft on May 2023 Patch Tuesday is CVE-2023-29324, a bug in the Windows MSHTML platform that Microsoft rates as “important.” …

Easily exploitable flaw in Oracle Opera could spell trouble for hotel chains (CVE-2023-21932)

May 2, 2023

A recently patched vulnerability (CVE-2023-21932) in Oracle Opera, a property management system widely used in large hotel and resort chains, is more critical than Oracle says …

Veeam Backup & Replication admins, get patching! (CVE-2023-27532)

March 10, 2023

Veeam Software has patched CVE-2023-27532, a high-severity security hole in its widely-used Veeam Backup & Replication solution, and is urging customer to implement the …

Admins, patch your Cisco enterprise security solutions! (CVE-2023-20032)

February 17, 2023

Cisco has released security updates for several of its enterprise security and networking products, fixing (among other things): A critical vulnerability (CVE-2023-20032) in …

Pre-auth RCE in Oracle Fusion Middleware exploited in the wild (CVE-2021-35587)

November 29, 2022

A pre-authentication RCE flaw (CVE-2021-35587) in Oracle Access Manager (OAM) that has been fixed in January 2022 is being exploited by attackers in the wild, the …

Microsoft fixes many zero-days under attack

November 8, 2022

November 2022 Patch Tuesday is here, with fixes for many vulnerabilities actively exploited in the wild, including CVE-2022-41091, a Windows Mark of the Web bypass flaw, and …

The state of coordinated vulnerability disclosure policies in EU

April 19, 2022

The European Union Agency for Cybersecurity (ENISA) publishes a map of national coordinated vulnerability disclosure (CVD) policies in the EU Member States and makes …

Veeam fixes critical RCEs in backup solution (CVE-2022-26500, CVE-2022-26501)

March 15, 2022

Veeam Software has patched two critical vulnerabilities (CVE-2022-26500, CVE-2022-26501) affecting its popular Veeam Backup & Replication solution, which could be …

February 2022 Patch Tuesday forecast: A rough start for 2022

February 4, 2022

January 2022 Patch Tuesday was a rough one for Microsoft — and us. In the week following Patch Tuesday, Microsoft was forced to pull and subsequently re-issue several updates …

Patching takes 2.5 times longer when endpoints are remote

November 30, 2021

Action1 released a report based on the feedback from 491 IT professionals worldwide. The study explores how organizations patch and manage their remote and office-based …

46% of all on-prem databases are vulnerable to attack, breaches expected to grow

September 15, 2021

46% of all on-prem databases globally are vulnerable to attack, according to a research by Imperva. A five-year longitudinal study comprising nearly 27,000 scanned databases …

Why XSS is still an XXL issue in 2021

June 15, 2021

Cross-site scripting (XSS) attacks take advantage of coding flaws in the way websites or web applications generate input from users. Despite their longstanding reputation as a …

patch

Easily bypassed patch makes zero-click Outlook flaw exploitable again (CVE-2023-29324)

Easily exploitable flaw in Oracle Opera could spell trouble for hotel chains (CVE-2023-21932)

Veeam Backup & Replication admins, get patching! (CVE-2023-27532)

Admins, patch your Cisco enterprise security solutions! (CVE-2023-20032)

Pre-auth RCE in Oracle Fusion Middleware exploited in the wild (CVE-2021-35587)

Microsoft fixes many zero-days under attack

The state of coordinated vulnerability disclosure policies in EU

Veeam fixes critical RCEs in backup solution (CVE-2022-26500, CVE-2022-26501)

February 2022 Patch Tuesday forecast: A rough start for 2022

Patching takes 2.5 times longer when endpoints are remote

46% of all on-prem databases are vulnerable to attack, breaches expected to grow

Why XSS is still an XXL issue in 2021

Don't miss

Google triples reward for Chrome full chain exploits

MOVEit Transfer zero-day attacks: The latest info

Qakbot: The trojan that just won’t go away

How defense contractors can move from cybersecurity to cyber resilience

Introducing the book: Cybersecurity First Principles