The latest cybersecurity threats and news to help you protect your data, networks, applications, and devices.
It wasn’t just Microsoft making news last week; Adobe, Apple, Chrome, SAP and VMware also pushed out updates for critical vulnerabilities. Read more
Microsoft’s Patch Tuesday for September 2023 includes 59 vulnerabilities, five of them rated critical and two currently being exploited in the wild. The two vulnerabilities currently being exploited are CVE-2023-36761, an information disclosure flaw in Microsoft Word with a CVSS score of 6.2; and CVE-2023-36802, an elevation of privilege flaw in Microsoft Streaming Service with… Read more
Android, Apple, Apache, Cisco and Microsoft are among the names reporting security vulnerabilities in the last week, and some are already under attack. Read more
Citrix, Juniper, VMware and Cisco are just a few of the IT vendors whose products made news for security vulnerabilities in the last week. Read more
Normally, ‘ace’ implies something great, such as to ace an exam or to draw an ace in Blackjack. Unfortunately, arbitrary code execution (ACE) means that an attacker can use a vulnerability to execute any code they want on a device. In the vulnerabilities covered this week, attackers used an ACE vulnerability to install webshells and… Read more
No one likes the hassle of dealing with patch management or vulnerability management, but it is universally agreed that security breaches are far worse. Many organizations try to proactively patch and manage vulnerabilities to prevent attackers from gaining any foothold. Google announced this week that it will now push out weekly security updates to Chrome… Read more
Trellix researchers are disclosing a number of critical data center power management platform vulnerabilities at DEFCON 2023 today. The vulnerabilities “could allow attackers to shut down entire data centers in minutes, slowly infect entire data center deployments to steal key data and information, or utilize compromised resources to initiate massive attacks at a global scale,”… Read more
Microsoft’s August 2023 updates include six critical vulnerabilities, including a pair of Teams flaws that ‘deserve immediate remediation attention.’ Read more
Microsoft has hardened security following a Chinese hack of U.S. government agency email accounts, but some details remain a mystery. Even as the threat has passed, Microsoft officials are still analyzing how a Chinese threat group was able to access U.S. government accounts using a stolen inactive Microsoft account (MSA) consumer signing key. Chinese hacker… Read more