security update Archives - Help Net Security

security update

VMware issues critical fixes, CISA orders federal agencies to act immediately (CVE-2022-22972)

May 19, 2022

VMware has released patches for a privately reported critical vulnerability (CVE-2022-22972) in VMware’s Workspace ONE Access, VMware Identity Manager (vIDM), vRealize …

Critical flaw in Zyxel firewalls grants access to corporate networks (CVE-2022-30525)

May 13, 2022

A critical vulnerability (CVE-2022-30525) affecting several models of Zyxel firewalls has been publicly revealed, along with a Metasploit module that exploits it. Discovered …

Microsoft patches Windows LSA spoofing zero-day under active attack (CVE-2022-26925)

May 10, 2022

May 2022 Patch Tuesday is here, and Microsoft has marked it by releasing fixes for 74 CVE-numbered vulnerabilities, including one zero-day under active attack (CVE-2022-26925) …

May 2022 Patch Tuesday forecast: Look beyond just application and OS updates

May 6, 2022

April Patch Tuesday provided an extensive set of operating system and application updates after a few quiet months. Microsoft addressed 97 vulnerabilities in Windows 10, and …

Critical F5 BIG-IP flaw allows device takeover, patch ASAP! (CVE-2022-1388)

May 5, 2022

F5 Networks‘ BIG-IP multi-purpose networking devices/modules are vulnerable to unauthenticated remote code execution attacks via CVE-2022-1388. “This vulnerability may …

Critical vulnerabilities open Synology, QNAP NAS devices to attack

April 29, 2022

Users of Synology and QNAP network-attached storage (NAS) devices are advised to be on the lookout for patches for several critical vulnerabilities affecting Netatalk, an …

Microsoft fixes actively exploited zero-day reported by the NSA (CVE-2022-24521)

April 12, 2022

On this April 2022 Patch Tuesday, Microsoft has released patches for 128 CVE-numbered vulnerabilities, including one zero-day exploited in the wild (CVE-2022-24521) and …

April 2022 Patch Tuesday forecast: Spring is in the air (and vulnerable)

April 8, 2022

March Patch Tuesday releases followed in the footsteps of February with low numbers of CVEs reported and resolved, and all updates rated as important except one critical …

Attackers are exploiting recently patched RCE in Sophos Firewall (CVE-2022-1040)

March 29, 2022

A critical vulnerability (CVE-2022-1040) in Sophos Firewall in being exploited in the wild to target “a small set of specific organizations primarily in the South Asia …

Mozilla fixes Firefox zero-days exploited in the wild (CVE-2022-26485, CVE-2022-26486)

March 7, 2022

Mozilla has released an out-of-band security update for Firefox, Firefox Focus, and Thunderbird, fixing two critical vulnerabilities (CVE-2022-26485, CVE-2022-26486) exploited …

Apple fixes actively exploited iOS, macOS zero-day (CVE-2022-22620)

February 11, 2022

Another month, another zero-day (CVE-2022-22620) exploited in the wild that has been fixed by Apple. About CVE-2022-22620 CVE-2022-22620 is a use after free issue in WebKit, …

February 2022 Patch Tuesday forecast: A rough start for 2022

February 4, 2022

January 2022 Patch Tuesday was a rough one for Microsoft — and us. In the week following Patch Tuesday, Microsoft was forced to pull and subsequently re-issue several updates …

security update

VMware issues critical fixes, CISA orders federal agencies to act immediately (CVE-2022-22972)

Critical flaw in Zyxel firewalls grants access to corporate networks (CVE-2022-30525)

Microsoft patches Windows LSA spoofing zero-day under active attack (CVE-2022-26925)

May 2022 Patch Tuesday forecast: Look beyond just application and OS updates

Critical F5 BIG-IP flaw allows device takeover, patch ASAP! (CVE-2022-1388)

Critical vulnerabilities open Synology, QNAP NAS devices to attack

Microsoft fixes actively exploited zero-day reported by the NSA (CVE-2022-24521)

April 2022 Patch Tuesday forecast: Spring is in the air (and vulnerable)

Attackers are exploiting recently patched RCE in Sophos Firewall (CVE-2022-1040)

Mozilla fixes Firefox zero-days exploited in the wild (CVE-2022-26485, CVE-2022-26486)

Apple fixes actively exploited iOS, macOS zero-day (CVE-2022-22620)

February 2022 Patch Tuesday forecast: A rough start for 2022

Don't miss

RansomHouse: Bug bounty hunters gone rogue?

Taking the right approach to data extortion

What does prioritizing cybersecurity at the leadership level entail?

How confident are CISOs about their security posture?

You should be able to trust organizations that handle your personal data