security update

Easily exploitable Apache Struts vulnerability opens businesses to attack
A critical vulnerability in Apache Struts, a popular open source framework for developing web applications, opens any server running an app built using it to remote attackers. …

Patients with St. Jude pacemakers called in for firmware update
Patients using one of several types of implantable radio frequency-enabled pacemakers manufactured by St. Jude Medical will have to visit their healthcare provider to receive …

Advantech fixes serious vulns in WebAccess HMI/SCADA software
Advantech has plugged nine security holes in WebAccess and has urged users to upgrade the software as soon as possible. Advantech WebAccess is a web browser-based software …

Microsoft fixes 25 critical issues in August Patch Tuesday
The Microsoft August 2017 Patch Tuesday update has landed and contains patches for 48 vulnerabilities, 25 of which are for critical issues. 27 of the vulnerabilities can be …

Siemens CT scanners open to remote compromise via publicly available exploits
Siemens has finally provided patches for a number of Microsoft Windows SMBv1 vulnerabilities that affect some of the medical devices sold under the Siemens Healthineers brand. …

Apple patches critical Broadpwn vulnerability in its various OSes
Apple has released security updates for iOS, macOS (Sierra, El Capitan, and Yosemite), Safari, iCloud, iTunes, watchOS and tvOS. As per usual, the same fixed Webkit flaws …

Why Kodi boxes can pose a serious malware threat
When new streaming devices, such as the Amazon Firestick and Apple TV, were first introduced, many were intrigued by the ease by which they could watch “over the …

Azure AD Connect vulnerability allows attackers to reset admin passwords
A vulnerability in Azure AD Connect could be exploited by attackers to reset passwords and gain unauthorized access to on-premises AD privileged user accounts, Microsoft …

Google researcher uncovers another RCE in Microsoft Malware Protection Engine
Google Project Zero researcher Tavis Ormandy has unearthed yet another critical remote code execution vulnerability affecting the Microsoft Malware Protection Engine, which …

8 RCE, DoS holes in Microsoft Malware Protection Engine plugged
After the discovery and the fixing of a “crazy bad” remote code execution flaw in the Microsoft Malware Protection Engine earlier this month, now comes another …

Vulnerability opens FreeRADIUS servers to unauthenticated attackers
A vulnerability in the free, open source FreeRADIUS server could be exploited by remote attackers to bypass authentication via PEAP or TTLS. There is currently no indication …

Critical Samba code execution hole plugged, patch ASAP!
The developers of Samba have plugged a critical remote code execution flaw that could allow a malicious client to upload a shared library to a writable share, and then cause …
Featured news
Resources
Don't miss
- Why app modernization can leave you less secure
- How AI agents reshape industrial automation and risk management
- How well do you know your remote IT worker?
- LlamaFirewall: Open-source framework to detect and mitigate AI centric security risks
- NIST proposes new metric to gauge exploited vulnerabilities