security update
The value of patching and how to do it properly
Patching has been the stalwart of the information security community for at least the last 15 years. In this podcast recorded at RSA Conference 2015, Wolfgang Kandek, CTO at …
1,500 iOS apps sport flaw that allows interception of sensitive user data
A bug in an older version of AFNetworking, an open source library widely used for adding networking capabilities to iOS and OS X apps, can allow attackers to intercept and …
Apple’s fix didn’t close Rootpipe backdoor
When TrueSec researcher Emil Kvarnhammar discovered a privilege escalation bug affecting OS X that could allow attackers to gain complete control of the target’s Mac …
Cisco splats router bug that can lead to persistent DoS
Cisco has patched a vulnerability that affects Cisco ASR 9000 Series Aggregation Services Routers and can be exploited by a remote, unauthenticated attacker to effectively …
New Java vulnerabilities remotely executable without login
It is extremely important that enterprises urgently patch their Java Runtime Environments (JREs) and (Java Development Kits) JDKs since 14 vulnerabilities addressed in this …
Adobe fixes Flash Player zero-day exploited in the wild
Adobe released a new version of Flash Player (17.0.0.169) for Windows and Macintosh, and for Linux (11.2.202.457). These security updates fix a host of critical …
Microsoft releases 11 security bulletins
Administrators and security teams are in for a busy day tackling 11 Microsoft security bulletins, Adobe updates and Oracle has pre-announced that their quarterly update …
New security requirements for payment card vendors
The PCI Security Standards Council (PCI SSC) has published version 1.1. of its PCI Card Production Security Requirements. The updated standard helps payment card vendors …
Latest OS X update closes backdoor that allows root access
On Thursday Apple released another batch of updates for a variety of its products. The security update for OS X Yosemite (10.10.3) includes a fix for a four-year-old …
MitM, DoS bugs in Network Time Protocol squashed
Two vulnerabilities affecting Network Time Protocol (NTP), which is used for synchronizing clocks of computer systems, have been patched and made available in the latest …
Snapchat blocks third-party apps from accessing its APIs
Snapchat has had its fair share of data breaches and security troubles, the latest of which stemmed from the fact that the app’s internal API has been reverse-engineered …
Firefox 37 enhances security
Mozilla has released Firefox 37.0. This update includes security fixes for four critical, two high, five moderate and one low impact vulnerability. Among the new and changed …
Featured news
Resources
Don't miss
- PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159)
- Account takeover detection: There’s no single tell
- Man vs. machine: Striking the perfect balance in threat intelligence
- Misconfig Mapper: Open-source tool to uncover security misconfigurations
- Why AI deployment requires a new level of governance