Displaying items by tag: Satnam Narang

Security professionals have warned that an authentication bypass flaw in VMware products needs to be patched as soon as possible to prevent its being exploited.

Published in Security

Microsoft has issued patches for 73 CVEs, including two zero-day flaws one of which has been exploited in the wild, as part of its monthly Patch Tuesday release.

Published in Security

Security firm F5 has disclosed a critical vulnerability in its BIG-IP product, a family of hardware and software solutions that are used for application delivery and centralised device management.

Published in Security

Fresh questions have arisedn about one of the remotely exploitable flaws in Microsoft's products which was revealed during the company's monthly Patch Tuesday announcement.

Published in Security

Google has issued a patch for a vulnerability in its Chrome browser that is being actively exploited in the wild.

Published in Security

American cloud computing and virtualisation technology company VMware has published an advisory detailing a remotely exploitable vulnerability in Spring Cloud, a framework for implementing business logic via functions.

Published in Security

A new ransomware-as-a-service family, which has been christened LokiLocker, has been identified by Blackberry Threat Intelligence. As usual, it only affects Windows systems.

Published in Security

Microsoft has released 97 CVEs on its first patch Tuesday of 2022, including four zero-days that have been publicly disclosed but not yet exploited in the wild; one of these is wormable.

Published in Security

The Log4j vulnerability appears to have been overhyped by the infosec industry, with nothing like the scale of attacks expected materialising.

Published in Security

Microsoft has rolled out patches for 67 vulnerabilities in its products in its monthly Patch Tuesday, including a fix for a zero-day that is being exploited in the wild.

Published in Security

A senior security professional says the vulnerability in the Log4j Java-based logging library is comparable to both the Heartbleed and Shellshock flaws that have come to light over the last decade, but the new vulnerability is more devastating.

Published in Security

A serious vulnerability in the Log4j Java-based logging library is affecting many enterprise applications and cloud services.

Published in Security
Wednesday, 13 October 2021 09:33

Microsoft patches 71 flaws, including one zero-day

Seventy-one flaws have been patched in Microsoft's products, the company announced on Tuesday, the monthly Patch Tuesday.

Published in Security

Microsoft has released patches for two zero-day vulnerabilities, along with patches for 84 other flaws in its products, including Microsoft Edge.

Published in Security

Users of the Google Chrome and Microsoft Edge browsers have been told that they need not hold too many fears over a one-day vulnerability in the V8 JavaScript engine used by the two applications, but should still patch as and when patches were made available.

Published in Security

Cloud computing and virtualisation software and services company VMware has released fixes for two vulnerabilities in three of its products, which could be chained together and exploited to execute code remotely, a researcher says.

Published in Security

Microsoft has released an additional patch to fix the Zerologon vulnerability that surfaced last year, having first issued a patch for the flaw in August 2020 and then updated it the following month.

Published in Security

A serious vulnerability in SAP Solution Manager would allow an attacker can authenticate to vulnerable systems by simply trying to connect, a local researcher has warned, adding that a proof-of-concept exploit is circulating.

Published in Security

Thirty-five percent of security breaches in 2020 were caused by ransomware attacks, resulting in tremendous financial cost, while between January and October last year, 730 "publicly disclosed events" resulted in over 22 billion records being exposed, according to a report from security vendor Tenable.

Published in Security

A seasoned security professional has slammed Microsoft for the company's decision to remove CVE description information from the monthly listing of patches on the second Tuesday of each month, saying that the new method will give malicious attackers the advantage to reverse engineer patches.

Published in Security
Page 1 of 2

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments