January 2019 Patch Tuesday forecast: Partly cloudy followed by heavy fog around Java
2018 ended with a bit of excitement. Shortly after November Patch Tuesday we saw a pair of Flash Player zero-days (November 20 and December 5), which were followed by just …
Apache Struts 2.3.x vulnerable to two year old RCE flaw
The Apache Software Foundation is urging users that run Apache Struts 2.3.x to update the Commons FileUpload library to close a serious vulnerability that could be exploited …
0patch releases micropatch for Windows Task Scheduler zero-day
Earlier this week a security researcher that goes by “SandboxEscaper” published details and a PoC exploit for a zero-day local privilege escalation vulnerability …
Microsoft ADFS flaw allows attackers to bypass MFA safeguards
A vulnerability (CVE-2018-8340) in Microsoft Active Directory Federation Services (ADFS) allows a second authentication factor for one account to be used for all other …
Critical vulnerability in Oracle Database, patch without delay!
Oracle is urging users to patch their Oracle Database installations to plug a critical security issue that can result in complete compromise of the Oracle Database and shell …
VMware plugs RCE hole in remote management agent
VMware has fixed a critical remote code execution vulnerability in VMware AirWatch Agent for Android and Windows Mobile, and is urging users to upgrade to the newest versions …
What patches to prioritize following the April 2018 Patch Tuesday?
Patch Tuesday came and went and, as usual, Microsoft and Adobe have released patches/security updates for vulnerabilities affecting a wide variety of their products. …
Easily exploited flaw in Microsoft Malware Protection Engine allows total system compromise
A critical and extremely easily exploitable vulnerability in the Microsoft Malware Protection Engine (MMPE) has been patched through an out-of-band security update pushed out …
Researchers find critical flaws in SecurEnvoy SecurMail, patch now!
If you’re a user of SecurEnvoy SecurMail and you haven’t yet implemented the latest patch, do so now – or risk getting your encrypted emails read by …
Cisco fixes critical flaw in its Secure Access Control System
Cisco has pushed out fixes for security vulnerabilities in a wide variety of its products, including two critical flaws in its Secure Access Control System (ACS) and its Prime …
Vulnerability in ISC BIND leads to DoS, patch today!
The Internet Systems Consortium has released security updates for BIND, the most widely used Domain Name System (DNS) software on the Internet, and a patch for ISC DHCP, its …
Oracle addresses 237 vulnerabilities across multiple products
The January 2018 Oracle Critical Patch Update (CPU) fixes 237 new security vulnerabilities across hundreds of Oracle products, including the company’s widely used Oracle …
Featured news
Sponsored
Don't miss
- Ransomware in Q1 2024: Frequency, size of payments trending downwards, SMBs beware!
- LastPass users targeted by vishing attackers
- Protobom: Open-source software supply chain tool
- The key pillars of domain security
- Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204)