security update
Over a million WP sites at risk of hijacking due to plugin bug
Users who run their websites on the popular WordPress CMS and are also using the WP-Slimstat web analytics plugin should update as soon as possible, warns Sucuri vulnerability …
Critical Samba flaw allows unauthorized remote code execution
Samba, the popular free software that allows file and print sharing between computers running Windows and those running Unix or Linux, has been found sporting a critical flaw …
Flaw makes Cisco routing hardware vulnerable to DoS attacks
A serious vulnerability affecting the software of some of Cisco’s routing hardware systems for telecommunications and Internet service providers could be exploited to …
Microsoft fixes critical remotely exploitable Windows root-level design bug
In this month’s Patch Tuesday, Microsoft has released nine security bulletins to address 56 unique vulnerabilities in Microsoft Windows, Microsoft Office, Internet …
Adobe patches latest Flash Player zero-day
Adobe has released Flash Player 16.0.0.305, a new version that fixes the latest zero-day flaw (CVE-2015-0313) that is currently exploited in mass malvertising campaigns. An …
New OS X Yosemite version fixes critical security issues, including Thunderstrike
Apple has released the latest version of OS X Yosemite (v10.10.2) and the first security update (2015-001) for this year, and among the problems fixed is one affecting the CPU …
Why Google won’t be updating pre-KitKat WebKit anymore
Two weeks ago, Rapid 7 researchers discovered that Google will no longer be providing security patches for WebView used in pre-KitKat (v4.4) Android versions, meaning that …
Adobe updates Flash Player again, plugs 0-day exploited by Angler
Adobe made good on its promise to make available by this week a fix for the recently discovered critical zero-day Flash Player vulnerability (CVE-2015-0311) preyed on by the …
Critical Flash Player hole plugged, another still unpatched and exploited
Adobe has released an out-of-band update for Flash Player, which fixes a security flaw (CVE-2015-0310) that could be used to circumvent memory randomization mitigations on the …
GoDaddy fixes domain-hijacking vulnerability
Security engineer Dylan Saccomanni has discovered a critical CSRF vulnerability that can be exploited to take over domains registered with Go Daddy, and has forced the popular …
Oracle patches 169 vulns across its products, many are critical
On Tuesday Oracle released its quarterly Critical Patch Update, which addressed a total of 169 vulnerabilities across multiple products, including Java SE (Standard Edition). …
January’s Patch Tuesday marks the start of a new era
Microsoft’s January 2015 patch Tuesday marks the start of a new era. It seems that Microsoft’s trend towards openness in security has reversed and the company that …
Featured news
Sponsored
Don't miss
- Void Banshee APT exploited “lingering Windows relic” in zero-day attacks
- SYS01 info-stealer pushed via Facebook ads, LinkedIn and YouTube posts
- ChatGPTriage: How can CISOs see and control employees’ AI use?
- Managing exam pressure: Tips for certification preparation
- Firmware update hides Bluetooth fingerprints