Microsoft warns zero-day in SolarWinds Serv-U software being exploited by Chinese threat group Data Breach by Derek B. Johnson - July 14, 20210 SolarWinds CEO Sudhakar Ramakrishna attends a Senate Intelligence Committee hearing on Capitol Hill on Feb. 23, 2021, in Washington. A new zero-day affecting SolarWinds’ Serv-U software has seen “limited and targeted” exploitation by a threat group based in China, Microsoft warned. (Photo by Demetrius Freeman-Pool/Getty Images) Microsoft said it discovered a
Microsoft fixes 117 vulnerabilities, four exploited in the wild Data Breach by Steve Zurier - July 14, 20210 The Microsoft logo is illuminated on a wall during a Microsoft launch event in New York City. Microsoft released fixes for 117 vulnerabilities. (Photo by Drew Angerer/Getty Images) Microsoft on Tuesday picked up the pace on patching for July and released fixes for 117 vulnerabilities, four of which are being actively exploited
Microsoft fixes 50 vulnerabilities for June, but patch first the six exploited in the wild Data Breach by Steve Zurier - June 10, 20210 For June’s Patch Tuesday yesterday Microsoft fixed 50 vulnerabilities, six of which are being actively exploited in the wild. (Photo by Kevork Djansezian/Getty Images) For June’s Patch Tuesday yesterday Microsoft fixed 50 vulnerabilities, six of which are being actively exploited in the wild. While security researchers say that administrators should focus on
Google fixes five Chrome bugs, including one zero-day exploited in the wild Data Breach by Steve Zurier - March 16, 20210 The news of the patch vulnerabilities Google released last Friday underscores the importance of organizations using a cloud-based solution instead of legacy apps supported by on-premises infrastructure. (Photo by Alex Tai/SOPA Images/LightRocket via Getty Images) Google released fixes for five security bugs found in its Chrome browser, one of which was
Microsoft IE zero-day exploited in wild, could provide unrestricted operating system access Data Breach by Steve Zurier - March 11, 20210 Security researchers said the fix for the remote execution flaw found in Microsoft Internet Explorer should top the patching list for security pros following Patch Tuesday yesterday. “Internet Explorer is being exploited in the wild, so this should be top of the list to patch,” said Kevin Breen, director of cyber
SonicWall issues firmware patch after attackers exploited critical bugs Data Breach by Bradley Barth - February 4, 20210 SonicWall made available a critical patch for two vulnerabilities in its Secure Mobile Access 100 series products featuring 10.x firmware. (SonicWall) SonicWall today made available a critical patch for two vulnerabilities in its Secure Mobile Access 100 series products featuring 10.x firmware, which malicious actors exploited in a cyberattack against the infosec firm last month. Days
Avon attackers may have exploited unprotected web server Data Breach by Bradley Barth - July 29, 20200 An openly accessible web server has emerged as a possible attack vector used by cybercriminals in a reported ransomware incident that affected personal care and beauty marketer Avon Products last June. Researchers from Safety Detectives today announced its discovery of a U.S.-based Avon.com server that was not defended by a password,
Cisco patches severe traversal vulnerability exploited in wild Data Breach by Teri Robinson - July 26, 20200 Cisco is urging organizations to implement its patch for a high severity directory traversal vulnerability that affected the web services interface of the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software firewall products and which is being actively exploited in the wild. The vulnerability, CVE-2020-3452, stems
Six Cisco servers compromised when hackers exploited SaltStack Salt flaws Data Breach by Teri Robinson - May 30, 20200 Six Cisco salt-master backend servers were compromised when attackers exploited two recently reported vulnerabilities in SaltStack Salt. Cisco revealed the attacks in an advisory, saying the Cisco Modeling Labs Corporate Edition (CML) and the Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE) were vulnerable. In early May one or more attackers exploited
Mozilla patches exploited zero-day flaw in Firefox Data Breach by Bradley Barth - January 9, 20200 The Mozilla Foundation yesterday issued a security update for Firefox and Firefox Extended Support Release, which were found to contain an actively exploited, critical vulnerability in the IonMonkey JIT compiler. “Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion,” reads an official advisory