Time to Patch – Page 2 – Computer Security Articles

Apple & Microsoft Patch Tuesday, July 2023 Edition

July 11, 2023 admin adam barnett, andrew brandt, apple zero-day, Cisco, cve-2023-32046, cve-2023-32049, cve-2023-35311, cve-2023-36884, immersive labs, ios 16.5.1, kevin breen, macos 13.4.1, patch tuesday july 2023, Rapid7, safari 16.5.2, Security Tools, Sophos, storm-0978, Time to Patch, Trend Micro

Credit to Author: BrianKrebs| Date: Tue, 11 Jul 2023 22:55:07 +0000

Microsoft Corp. today released software updates to quash 130 security bugs in its Windows operating systems and related software, including at least five flaws that are already seeing active exploitation. Meanwhile, Apple customers have their own zero-day woes again this month: On Monday, Apple issued (and then quickly pulled) an emergency update to fix a zero-day vulnerability that is being exploited on MacOS and iOS devices.

Independent Krebs

CISA Order Highlights Persistent Risk at Network Edge

June 15, 2023 admin adam boileau, barracuda networks, cisa, cve-2023-27997, cybersecurity and infrastructure security agency, fortinet, fortra, goanywhere, Latest Warnings, Mandiant, moveit transfer, Patrick Gray, progress software, Risky Business podcast, The Coming Storm, Time to Patch

Credit to Author: BrianKrebs| Date: Thu, 15 Jun 2023 15:40:09 +0000

The U.S. government agency in charge of improving the nation’s cybersecurity posture is ordering all federal civilian agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes amid a surge in attacks targeting previously unknown vulnerabilities in widely used security and networking appliances.

Independent Krebs

Microsoft Patch Tuesday, June 2023 Edition

June 13, 2023 admin action1, cve-2023-28310, cve-2023-29357, cve-2023-29363, cve-2023-32014, cve-2023-32015, cve-2023-32031, immersive labs, kevin breen, microsoft patch tuesday june 2023, Security Tools, Time to Patch

Credit to Author: BrianKrebs| Date: Tue, 13 Jun 2023 20:44:28 +0000

Microsoft Corp. today released software updates to fix dozens of security vulnerabilities in its Windows operating systems and other software. This month’s relatively light patch load has another added bonus for system administrators everywhere: It appears to be the first Patch Tuesday since March 2022 that isn’t marred by the active exploitation of a zero-day vulnerability in Microsoft’s products.

Independent Krebs

Barracuda Urges Replacing — Not Patching — Its Email Security Gateways

June 8, 2023 admin barracuda networks, caitlin condon, cve-2023-2868, email security gateway, International Computer Science Institute, Latest Warnings, Mandiant, Nicholas Weaver, Rapid7, Time to Patch

Credit to Author: BrianKrebs| Date: Thu, 08 Jun 2023 20:17:06 +0000

It’s not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware — as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda Networks, as the company struggled to combat a sprawling malware threat which appears to have undermined its email security appliances in such a fundamental way that they can no longer be safely updated with software fixes.

Independent Krebs

Microsoft Patch Tuesday, May 2023 Edition

May 11, 2023 admin adam barnett, blacklotus, cve-2023-24932, cve-2023-24941, cve-2023-28283, cve-2023-29325, cve-2023-29336, immersive labs, kevin breen, Rapid7, sans internet storm center, Time to Patch

Credit to Author: BrianKrebs| Date: Wed, 10 May 2023 01:19:58 +0000

Microsoft today released software updates to fix at least four dozen security holes in its Windows operating systems and other software, including patches for two zero-day vulnerabilities that are already being exploited in active attacks.

Independent Krebs

Many Public Salesforce Sites are Leaking Private Data

April 27, 2023 admin A Little Sunshine, charan akiri, dc health, dc health link, huntington bank, Latest Warnings, matthew jennings, mike rupert, salesforce community websites, scott carbee, tcf bank, The Coming Storm, Time to Patch, Vermont

Credit to Author: BrianKrebs| Date: Fri, 28 Apr 2023 02:09:56 +0000

A shocking number of organizations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging in.

Independent Krebs

Microsoft (& Apple) Patch Tuesday, April 2023 Edition

April 11, 2023 admin bharat jogi, cve-2022-37969, cve-2023-28219, cve-2023-28220, cve-2023-28252, dbappsecurity, dustin childs, ios 15.5.7, ios/ipados 16.4.1, macos 12.6.5 and 11.7.6., Mandiant, nokoyawa ransomware, Qualys, Security Tools, The Coming Storm, Time to Patch, trend micro zero day initiative, windows common log system file system

Credit to Author: BrianKrebs| Date: Wed, 12 Apr 2023 00:06:51 +0000

Microsoft today released software updates to plug 100 security holes in its Windows operating systems and other software, including a zero-day vulnerability that is already being used in active attacks. Not to be outdone, Apple has released a set of important updates addressing two zero-day vulnerabilities that are being used to attack iPhones, iPads and Macs.

Independent Krebs

Microsoft Patch Tuesday, March 2023 Edition

March 15, 2023 admin cve-2023-23397, cve-2023-24800, dustin childs, immersive labs, kevin breen, microsoft 365 apps for enterprise, microsoft patch tuesday march 2023, Rapid7, Security Tools, The Coming Storm, Time to Patch, Windows SmartScreen, Zero Day Initiative

Credit to Author: BrianKrebs| Date: Wed, 15 Mar 2023 15:19:32 +0000

Microsoft on Tuesday released updates to quash at least 74 security bugs in its Windows operating systems and software. Two of those flaws are already being actively attacked, including an especially severe weakness in Microsoft Outlook that can be exploited without any user interaction.