security update Archives - Help Net Security

security update

Dnsmasq vulnerabilities open networking devices, Linux distros to DNS cache poisoning

January 19, 2021

Seven vulnerabilities affecting Dnsmasq, a caching DNS and DHCP server used in a variety of networking devices and Linux distributions, could be leveraged to mount DNS cache …

January 2021 Patch Tuesday: Microsoft plugs Defender zero-day RCE

January 12, 2021

On this January 2021 Patch Tuesday: Microsoft has plugged 83 CVEs, including a Microsoft Defender zero-day Adobe has delivered security updates for a variety of products SAP …

Cisco re-patches wormable Jabber RCE flaw

December 14, 2020

In September 2020, Cisco patched four Jabber vulnerabilities (including one wormable RCE flaw), but as it turns out, three of four have not been sufficiently mitigated. The …

A light December 2020 Patch Tuesday for a no-stress end of the year

December 8, 2020

On this December 2020 Patch Tuesday: Microsoft has plugged 58 CVEs Adobe has delivered security updates for Lightroom, Experience Manager, and Prelude, and has announced that …

Out-of-band Drupal security updates fix bugs with known exploits

November 27, 2020

Drupal has released out-of-band security updates to fix two critical code execution flaws (CVE-2020-28948, CVE-2020-28949) in Drupal core, as “there are known exploits …

cPanel 2FA bypass vulnerability can be exploited through brute force

November 25, 2020

A two-factor authentication (2FA) bypass vulnerability affecting the popular cPanel & WHM software suite may allow attackers to access secured accounts, Digital Defense …

Drupal-based sites open to attack via double extension files (CVE-2020-13671)

November 23, 2020

Admins of sites running on Drupal are urged to plug a critical security hole (CVE-2020-13671) that may be exploited by attackers to take over vulnerable sites. They have also …

VMware patches serious vulnerabilities in ESXi hypervisor, SD-WAN Orchestrator

November 20, 2020

VMware has patched critical vulnerabilities affecting its ESXi enterprise-class hypervisor and has released a security update for its SD-WAN Orchestrator, plugging a handful …

Cisco Webex vulnerabilities may enable attackers to covertly join meetings

November 19, 2020

Cisco has fixed three bugs in its Cisco Webex video conferencing offering that may allow attackers to: Join Webex meetings without appearing in the participant list …

November 2020 Patch Tuesday: Microsoft fixes actively exploited Windows Kernel flaw

November 10, 2020

On this November 2020 Patch Tuesday: Microsoft has plugged 112 security holes, including an actively exploited one Adobe has delivered security updates for Adobe Reader Mobile …

Google fixes two actively exploited Chrome zero-days (CVE-2020-16009, CVE-2020-16010)

November 4, 2020

For the third time in two weeks, Google has patched Chrome zero-day vulnerabilities that are being actively exploited in the wild: CVE-2020-16009 is present in the desktop …

Magento, Visual Studio Code users: You need to patch!

October 19, 2020

Microsoft and Adobe released out-of-band security updates for Visual Studio Code, the Windows Codecs Library, and Magento. All the updates fix vulnerabilities that could be …