Patch Tuesday: Four Critical Vulnerabilities Paved Over

Patch Tuesday: Four Critical Vulnerabilities Paved Over

On Patch Tuesday, Windows systems will be updated with a flood of security fixes. In November, Windows patched four zero-day vulnerabilities, two of which have been exploited. Patch Tuesdays are a good time for admin teams to remind employees of the importance of keeping operating systems and applications up to date. In the meantime, software makers like Microsoft and Adobe will have caught problems and closed backdoors. In addition, as XDA pointed out, sharp-eyed Windows…

Read More

Patch Tuesday: Microsoft Catches Four Zero-Day Vulnerabilities

Patch Tuesday: Microsoft Catches Four Zero-Day Vulnerabilities

Every second Tuesday of the month, Microsoft releases a bundle of fixes for Windows. This Tuesday brings four zero-day vulnerabilities, two high-criticality vulnerabilities, and some sister patches from Adobe. On Patch Tuesday, which Microsoft calls “Update Tuesday,” other large software companies like Adobe release major security fixes. It’s a time to launch updates across corporate networks, and it occurs during mid-morning Pacific Standard Time to keep admins and users from having to scramble at the…

Read More

Microsoft Patched 6 Actively Exploited Zero-Day Flaws

Microsoft Patched 6 Actively Exploited Zero-Day Flaws

Patch Tuesday, Microsoft’s monthly report of security updates, brought 90 CVEs, including some vulnerabilities that were being actively exploited. Some vulnerabilities originated in Chromium, meaning both Microsoft Edge and Google Chrome may have been affected. Here are the most critical flaws and patches disclosed by Microsoft on Aug. 13. Six zero-day flaws had been exploited Threat actors had already taken advantage of six zero-day exploits in particular: CVE-2024-38106: an elevation of privilege vulnerability in the…

Read More

CrowdStrike Outage Disrupts Microsoft Systems Worldwide | TechRepublic

CrowdStrike Outage Disrupts Microsoft Systems Worldwide | TechRepublic

A major disruption to Windows PCs in the U.S., U.K., Australia, South Africa and other countries was caused by an error in a CrowdStrike update, the cloud security company announced on Friday. Emergency services, airports and law enforcement reported downtime, which is ongoing. “This is not a security incident or cyberattack,” CrowdStrike said in a statement. Blue Screen of Death widespread due to CrowdStrike outage Affected organizations saw the infamous Blue Screen of Death, the…

Read More

Apple Operating Systems are Being Targeted by Threat Actors, Report Finds

Apple Operating Systems are Being Targeted by Threat Actors, Report Finds

The number of macOS vulnerabilities exploited in 2023 increased by more than 30%, according to a new report. The Software Vulnerability Ratings Report 2024 from patch management software company Action1 also found that Microsoft Office programs are becoming more exploitable, while attackers are targeting load balancers like NGINX and Citrix at a record rate. Action1 analysts used data from the National Vulnerability Database and CVEdetails.com to draw five insights into how the threat landscape changed…

Read More

What Is ShrinkLocker? New Ransomware Targets Microsoft BitLocker Encryption Feature

What Is ShrinkLocker? New Ransomware Targets Microsoft BitLocker Encryption Feature

A new strain of ransomware dubbed ShrinkLocker is being used by cyberattackers to target enterprise computers. It exploits the Microsoft BitLocker encryption feature to encrypt the entire local drive and remove the recovery options before shutting down the PC. ShrinkLocker was discovered by cybersecurity firm Kaspersky, and analysts have observed variants in Mexico, Indonesia and Jordan. BitLocker has been used to stage ransomware attacks in the past, but this strain has “previously unreported features to…

Read More

Widespread Windows and Linux Vulnerabilities Could Let Attackers Sneak in Malicious Code Before Boot

Widespread Windows and Linux Vulnerabilities Could Let Attackers Sneak in Malicious Code Before Boot

Lenovo, AMI and Insyde have released patches for LogoFAIL, an image library poisoning attack. Researchers at firmware supply chain security platform company Binarly discovered a set of security vulnerabilities that open almost all Windows and Linux computers up to attack. The security researchers named the attack LogoFAIL because of its origins in image parsing libraries. Binarly announced its discovery on Nov. 29 and held a coordinated mass disclosure at the Black Hat Security Conference in…

Read More

Microsoft Improves Windows Security with a Path to Move Off NTLM

Microsoft Improves Windows Security with a Path to Move Off NTLM

NTLM is a simple and straightforward authentication method for connecting to applications on enterprise servers, but it’s also outdated and insecure. Despite that, NTLM is still widely used, partly because of inertia but also because the preferred replacement Kerberos doesn’t currently cope with some important scenarios. Now Microsoft plans to extend Kerberos in the versions of Windows and Windows Server that will ship in the next two years to help organizations move off NTLM. Here’s…

Read More

Get a Lifetime of Secure VPN Protection for Just $28.97 Until 10/31

Get a Lifetime of Secure VPN Protection for Just .97 Until 10/31

Keep your most sensitive data safe and access your favorite content no matter where you are with a lifetime VPN subscription offered at an exclusive price drop. Image: StackCommerce There are few things more important to your business than keeping your most confidential data safe – both yours and your client’s or customer’s. And now you can get affordable lifetime access to a powerful VPN. A lifetime subscription to BulletVPN offers a leading service with…

Read More