security update

SaltStack Salt vulnerabilities actively exploited by attackers, patch ASAP!
Two vulnerabilities in SaltStack Salt, an open-source remote task and configuration management framework, are being actively exploited by attackers, CISA warns. About …

Adobe fixes critical flaws in Magento, Adobe Illustrator and Bridge
Adobe has pushed out security updates fixing critical flaws in Magento Commerce, Open Source Enterprise and Community editions, Adobe Illustrator 2020 for Windows, and Adobe …

Attackers exploiting a zero-day in Sophos firewalls, have yours been hit?
Sophos has released an emergency hotfix for an actively exploited zero-day SQL injection vulnerability in its XG Firewalls, and has rolled it out to all units with the …

Update MS Office, Paint 3D to plug RCE vulnerabilities
A week after the April 2020 Patch Tuesday, Microsoft has released out-of-band security updates for its Office suite, to fix a handful of vulnerabilities that attackers could …

Using Cisco IP phones? Fix these critical vulnerabilities
Cisco has released another batch of fixes for a number of its products. Among the vulnerabilities fixed are critical flaws affecting a variety of Cisco IP phones and Cisco UCS …

April 2020 Patch Tuesday: Microsoft fixes three actively exploited vulnerabilities
For the April 2020 Patch Tuesday, Adobe plugs 5 flaws and Microsoft 113, three of which are currently being exploited by attackers. Adobe’s updates On this Patch …

VMware plugs critical flaw in vCenter Server, patch ASAP!
VMware has fixed a critical vulnerability (CVE-2020-3952) affecting vCenter Server, which can be exploited to extract highly sensitive information that could be used to …

Two critical Firefox vulnerabilities exploited by attackers, patch now!
Mozilla has released critical security updates for Firefox and Firefox ESR on Friday, patching two vulnerabilities that are being actively exploited by attackers.

Millions of routers running OpenWRT vulnerable to attack
A vulnerability (CVE-2020-7982) discovered in the package manager of the OpenWRT open source operating system could allow attackers to compromise the embedded and networking …

Apple delivers March 2020 security updates for iDevices and software
If you haven’t yet opted for automatic Apple security updates, it’s time to update your iDevices and software again. The lightweight Apple security updates The …

Cisco fixes root privilege, command injection vulnerabilities in Cisco SD-WAN solution
Cisco has fixed five security vulnerabilities in its Software-Defined WAN (SD-WAN) Solution, two of which could allow an authenticated, local attacker to either gain root …

A week after Patch Tuesday, Adobe drops security fixes for six offerings
Adobe failed to release security updates on March 2020 Patch Tuesday, but has pushed them out this Tuesday, for Acrobat and Reader, Photoshop, ColdFusion, Experience Manager, …