security update
New Firefox offers MITM protection via public key pinning
Mozilla has released the latest version of Firefox (v32) for Windows, Mac, Linux, and Android, and the new browser sports some notable security improvements. For one, the new …
Patching: The least understood line of defense
When it comes to security, only a total dope doesn’t understand firewalls, anti-virus and at least the basics of passwords. But how many end users, indeed how many IT …
New Chrome fixes 50 security issues, bug hunter gets $30k
Having implemented 50 security fixes, the Google Chrome team has pushed out a new stable version of the popular browser. The company hasn’t shared many bug details since …
Apple patches Safari arbitrary code execution vulnerabilities
Apple released new versions of their Safari browser – 6.1.6 and 7.0.6 – in which they fixed multiple memory corruption problems in Webkit. Out of the seven …
Google starts warning users about deceptive downloads
Google has announced a welcome change to its Safe Browsing service: starting next week, Google Chrome will also warn users about attempts to make them download software that …
Microsoft fixes 37 vulnerabilities
Microsoft clearly wants everyone to shake off the dog days of summer and pay attention to patching. This month’s advance notice contains nine advisories spanning a range …
Serious flaws in cell phone carrier control software found
At the Black Hat conference this week, two Accuvant researchers have disclosed serious security flaws in the carrier control software used in over 2 billion cellular devices …
Critical bug in WordPress plugin allows site hijacking
A popular WordPress plugin that allows site owners to easily customize the contact form has a critical vulnerability that can be exploited to download and remotely modify the …
Symantec issues update fixing Endpoint Protection zero-day
Symantec has issued updates for its Endpoint Protection solution that fix the zero-day escalation of privilege vulnerability recently discovered by Offensive Security …
I2P patched against de-anonymizing 0-day, Tails integration still to follow
Developers of the I2P anonymous networking tool have released a new version (0.9.14) of the tool that fixes XSS and remote execution vulnerabilities reported by Exodus …
Oracle delivers 113 updates
Oracle’s Quarterly Critical Patch Update (CPU) is never a minor event. In April we saw 104 security issues addressed, in January it was 144. This time around we are …
Light Patch Tuesday fixes six issues, two critical
Microsoft has released the patches and it is a relatively light month. Six issues in total, 2 Critical, 3 Important, 1 Moderate. OS administration teams will be busy, …
Featured news
Resources
Don't miss
- PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159)
- Account takeover detection: There’s no single tell
- Man vs. machine: Striking the perfect balance in threat intelligence
- Misconfig Mapper: Open-source tool to uncover security misconfigurations
- Why AI deployment requires a new level of governance