patches

How to manage vulnerabilities when developing or using open-source software.

How to eliminate the threat posed to organizations by ownerless servers and services, outdated libraries, and insecure APIs.

We examine how popular Canon printers could become a foothold for attackers within an organization’s network.

Causes of discrepancies in Common Vulnerability Scoring System ratings, common mistakes when using CVSS for vulnerability prioritization, and how to do this right.

Microsoft’s March Patch Tuesday fixes several vulnerabilities that have already been used in the wild. Details are not clear at the moment, but it’s worth installing the patches ASAP.

Exploitation of vulnerability CVE-2024-43451 allows an attacker to steal an NTLMv2 hash with minimal interaction from the victim.

Someone is targeting security experts using an archive that allegedly contains an exploit for the regreSSHion vulnerability.

A new vulnerability allows remote attackers to gain root privileges on Linux servers. How easy is it for CVE-2024-6387 to be exploited – and how to prevent it

Mistakes commonly found in almost every large organization. What should the inforsec team look out for, and what protective measures should they take?

Some thoughts on what PC software patches should be prioritized and why.

Legacy systems continue to toil away in embedded solutions, medical equipment, and precision instruments. How can the respective security risks be mitigated?

After a hack, a company needs to improve security quickly and effectively. We outline the first steps to cyber-resilience.

July Microsoft Patch Tuesday: a collection of exploited vulnerabilities.

Attackers exploit four dangerous vulnerabilities in Microsoft Exchange to get a foothold in the corporate network.

Researchers at RSAC 2019 reported on the current vulnerability landscape and built a model that helps with effective patching strategy.

Since mid-October, several major software vendors have released a number of security announcements and updates, most of them serious or outward critical.

Google’s Android OS is a vulnerable system. Developers make it worse by not providing critical patches in time.

Kaspersky Security Center 10, the Kaspersky Lab’s unified management console, makes it easier to manage and secure all your endpoints – including physical, virtual and mobile devices.

One can find a number of reasons why this very bug cannot be patched right now, or this quarter, or, like, ever. Yet, the problem has to be solved.

A four year old Flash patch did not properly resolve a vulnerable Flex application, and attackers can exploit the bug, which is said to affect some 30 percent of Alexa’s top 10 most popular sites in the world, which threatens the integrity of the businesses behind these sites.

Today’s software packages have become so huge and complex that stacks of patches issued one after the other are increasingly common. This has consequences for system administrators.