security update
Cisco Webex vulnerabilities may enable attackers to covertly join meetings
Cisco has fixed three bugs in its Cisco Webex video conferencing offering that may allow attackers to: Join Webex meetings without appearing in the participant list …
November 2020 Patch Tuesday: Microsoft fixes actively exploited Windows Kernel flaw
On this November 2020 Patch Tuesday: Microsoft has plugged 112 security holes, including an actively exploited one Adobe has delivered security updates for Adobe Reader Mobile …
Google fixes two actively exploited Chrome zero-days (CVE-2020-16009, CVE-2020-16010)
For the third time in two weeks, Google has patched Chrome zero-day vulnerabilities that are being actively exploited in the wild: CVE-2020-16009 is present in the desktop …
Magento, Visual Studio Code users: You need to patch!
Microsoft and Adobe released out-of-band security updates for Visual Studio Code, the Windows Codecs Library, and Magento. All the updates fix vulnerabilities that could be …
Critical flaw in SonicWall’s firewalls patched, update quickly! (CVE-2020-5135)
Earlier this week SonicWall patched 11 vulnerabilities affecting its Network Security Appliance (NSA). Among those is CVE-2020-5135, a critical stack-based buffer overflow …
October 2020 Patch Tuesday: Microsoft fixes potentially wormable Windows TCP/IP RCE flaw
On this October 2020 Patch Tuesday: Microsoft has plugged 87 security holes, including critical ones in the Windows TCP/IP stack and Microsoft Outlook and Microsoft 365 Apps …
October 2020 Patch Tuesday forecast: Trick or treat?
It’s October and that means Halloween will be here at the end of the month. It won’t be much fun if we only get to ‘dress up’ and look at each other via video conference. But …
HP Device Manager vulnerabilities may allow full system takeover
Three vulnerabilities affecting HP Device Manager, an application for remote management of HP Thin Client devices, could be chained together to achieve unauthenticated remote …
Use an NVIDIA GPU? Check whether you need security updates
NVIDIA has released security updates for the NVIDIA GPU Display Driver and the NVIDIA Virtual GPU Manager that fix a variety of serious vulnerabilities. The driver security …
CISA orders federal agencies to implement Zerologon fix by Monday
If you had any doubts about the criticality of the Zerologon vulnerability (CVE-2020-1472) affecting Windows Server, here is a confirmation: the US Cybersecurity and …
Are your domain controllers safe from Zerologon attacks?
CVE-2020-1472, a privilege elevation vulnerability in the Netlogon Remote Protocol (MS-NRPC) for which Microsoft released a patch in August, has just become a huge liability …
September 2020 Patch Tuesday: Microsoft fixes over 110 CVEs again
On this September 2020 Patch Tuesday: Microsoft has plugged 129 security holes, including a critical RCE flaw that could be triggered by sending a specially crafted email to …