February 2022 Patch Tuesday forecast: A rough start for 2022
January 2022 Patch Tuesday was a rough one for Microsoft — and us. In the week following Patch Tuesday, Microsoft was forced to pull and subsequently re-issue several updates …
security update
Cisco plugs critical holes in small business routers
Cisco has patched 14 vulnerabilities affecting some of its Small Business RV Series routers, the worst of which may allow attackers to achieve unauthenticated remote code …
Samba bug may allow code execution as root on Linux machines, NAS devices (CVE-2021-44142)
A critical vulnerability (CVE-2021-44142) in Samba, a widely used open source implementation of the Server Message Block (SMB) networking protocol, could allow attackers to …
PolKit vulnerability can give attackers root on many Linux distros (CVE-2021-4034)
A memory corruption vulnerability (CVE-2021-4034) in PolKit, a component used in major Linux distributions and some Unix-like operating systems, can be easily exploited by …
Microsoft fixes wormable RCE in Windows Server and Windows (CVE-2022-21907)
The first Patch Tuesday of 2022 is upon us, and Microsoft has delivered patches for 96 CVE-numbered vulnerabilities, including a wormable RCE flaw in Windows Server …
The Log4j saga: New vulnerabilities and attack vectors discovered
The Apache Log4j saga continues, as several new vulnerabilities have been discovered in the popular library since Log4Shell (CVE-2021-44228) was fixed by releasing Log4j …
It’s time to patch your SonicWall SMA 100 series appliances again!
SonicWall has fixed a handful of vulnerabilities affecting its SMA 100 series appliances and is urging organizations to implement the patches as soon as possible. Although …
Critical RCE in Palo Alto Networks (PAN) firewalls revealed, patch ASAP! (CVE-2021-3064)
The existence of a critical RCE vulnerability (CVE-2021-3064) affecting certain versions of Palo Alto Networks (PAN) firewalls using the GlobalProtect Portal VPN has been …
Microsoft patches actively exploited Exchange, Excel zero-days (CVE-2021-42321, CVE-2021-42292)
It’s a light November 2021 Patch Tuesday from Microsoft: 55 fixed CVEs, of which two are zero-days under active exploitation: CVE-2021-42321, a Microsoft Exchange RCE, …
Avoiding the costly ESU cycle: Lessons learned from Windows 7 end-of-life
In June 2021, Microsoft announced the end-of-life date for Windows 10: 14 October 2025. From that point on, there will be no new updates or security fixes for the Home or Pro …
Apple fixes security feature bypass in macOS (CVE-2021-30892)
Apple has delivered a barrage of security updates for most of its devices this week, and among the vulnerabilities fixed are CVE-2021-30892, a System Integrity Protection …
Apple fixes iOS zero-day exploited in the wild (CVE-2021-30883)
With the newest iOS and iPad updates, Apple has fixed another vulnerability (CVE-2021-30883) that is being actively exploited by attackers. About CVE-2021-30883 CVE-2021-30883 …