Articles about patching

A man in panic

Release the KRACKen patches: The good, the bad, and the ugly on this WPA2 Wi-Fi drama

WPA2 Wi-Fi users – ie, almost all of us – have had a troubling Monday with the arrival of research demonstrating a critical design flaw in the technology used to secure our wireless networks. A flaw so bad, it can be exploited by nearby miscreants to potentially snoop on people's internet connections over the air. However, don …
Iain Thomson, 17 Oct 2017
Linux penguin canape... snacks. Photo by SHutterstock

Patch alert! Easy-to-exploit flaw in Linux kernel rated 'high risk'

A flaw has been found in the way the Linux kernel loads ELF files. If a malicious program is built as a Position Independent Executable (PIE), the loader can be exploited to map part of that application's data segment over the memory area reserved for its stack. This can result in memory corruption and possible local privilege …
John Leyden, 28 Sep 2017
Litter

Finance sector is littered with vulns, and guess what – most can be resolved by patching

Security vulnerabilities across the finance sector have increased more than fivefold (418 per cent) in the last four years, according to a study by NCC Group. The most common high and medium-risk vulnerabilities were found in customer-facing web apps. NCC categorised vulnerabilities found in 168 financial services …
John Leyden, 22 Sep 2017

Nothing to see here, folks, literally... Citrix mysteriously pulls NetScaler downloads

Citrix has temporarily suspended its NetScaler downloads due to an unspecified, and possibly security-related, issue. In an advisory to customers on Monday, and updated on Wednesday, Citrix outlined the affected software builds and promised that downloads should be restored by Monday, September 25. One version of note, seen by …
John Leyden, 21 Sep 2017
Image by Vaniato http://www.shutterstock.com/gallery-2619637p1.html

Equifax's disastrous Struts patching blunder: THOUSANDS of other orgs did it too

Thousands of companies may be susceptible to the same type of hack that recently struck Equifax. The Equifax breach was the result of a vulnerable Apache Struts component. Software automation vendor Sonatype warns that 3,054 organisations downloaded the same Struts2 component exploited in the Equifax hack in the last 12 months …
John Leyden, 20 Sep 2017
fail

Missed patch caused Equifax data breach

Equifax has revealed that the cause of its massive data breach was a flaw it should have patched weeks before it was attacked. The company has updated its www.equifaxsecurity2017.com/ site with a new “A Progress Update for Consumers” that opens as follows: Equifax has been intensely investigating the scope of the intrusion …
Simon Sharwood, 14 Sep 2017

Pathetic patching leaves over 70,000 Memcached servers still up for grabs

If you're running the caching service Memcached, and particularly if you're exposing it to the public internet for some reason, please make sure you've patched it. Tens of thousands of vulnerable systems haven't. Back in October, researchers at Cisco’s Talos security team found three major security vulnerabilities that would …
Iain Thomson, 24 Jul 2017

No big deal. You can defeat Kaspersky's ATM antivirus with a really fat executable

Flaws have been found and fixed in Kaspersky Lab's security software for cash machines and other embedded systems. Hackers can exploit the bugs to circumvent anti-malware defenses in ATMs. Although Kaspersky responded promptly to the discovery and developed and released a patch, one wonders how long it will take for the …
John Leyden, 13 Jul 2017

Most of 2016's holes had fixes the day we knew about 'em. Did we patch? Did we @£$%

Patching rates went down in 2016 despite an increase in availability of security patches, according to a new study out today. Last year Secunia Research at Flexera Software recorded a total of 17,147 vulnerabilities in 2,136 products from 246 vendors. Even though a big majority (81 per cent) of all vulnerabilities had patches …
John Leyden, 13 Mar 2017
WikiLeaks

WikiLeaks promises to supply CIA's hacking tool code to vendors

WikiLeaks has promised to release software code of CIA hacking tools to tech firms. The promise from chief Wikileaker Julian Assange – now ensconced in Ecuador's London embassy for four and a half years – came on Thursday during a internet-streamed press conference on Vault 7, its recent CIA cyber-weapons documents dump. "We …
John Leyden, 10 Mar 2017
RomanYa http://www.shutterstock.com/gallery-1222298p1.html

WordPress fixed god-mode zero day without disclosing the problem

Last week's WordPress patch run fixed a then-secret zero day bug that let remote unauthorised hackers edit or delete WordPress pages. The remote privilege escalation and content injection hole hits Wordpress versions 4.7 and 4.7.1 and allows all pages on unpatched sites to be modified, redirecting visitors to exploits and a …
Darren Pauli, 2 Feb 2017
lychy 01 http://www.shutterstock.com/gallery-299362p1.html

WordPress slips out three quick patches

WordPress has fixed three flaws in its content management system, shuttering cross-site scripting and SQL injection bugs three weeks after its last update. The world's most popular content management system, used by some 74.7 million web sites, was open to a SQL injection flaw in WP_Query class that handles database and post …
Team Register, 29 Jan 2017
Composite image. Image by Syda Productions https://www.shutterstock.com/g/Syda+Productions

Boffins break Samsung Galaxies with one SMS carrying WAP crap

A single TXT message is enough to cause Samsung S5 and S4 handsets to return to factory settings, likely wiping users' data along the way. And because the attack exploits Android's innards, other vendors' handsets are at risk. The vulnerabilities, thankfully patched by Samsung, means attackers can send WAP configuration …
Darren Pauli, 25 Jan 2017
Software patch

Microsoft fixes remote desktop app Mac hole

Microsoft has patched a code execution hole in its Mac remote desktop client that grants read and write to home directories if users do no more than click a link, says Italian security researcher Filippo Cavallarin. The hole was patched 17 January. Cavallarin says the flaw allowed remote attackers to execute arbitrary code on …
Darren Pauli, 24 Jan 2017
Newly passed out 2Lts from 6 RIFLES on Salisbury Plain Training Area. Crown copyright, 2013

Flaws fixed in SAP's police and military software

Three of the 31 patches pushed out by SAP on Tuesday tackle flaws in the ERP giant’s technology for Defense Forces & Public Security. In particular, SAP's Defense Forces & Public Security and SAP Mobile Defense & Security components are susceptible to a missing authorisation check vulnerability. “This issue potentially allows …
John Leyden, 14 Dec 2016
Image composite: Microsoft and StudioLondon http://www.shutterstock.com/gallery-893620p1.html

SHIFT + F10, Linux gets you Windows 10's cleartext BitLocker key

Microsoft is working on a patch for a bug or feature in Windows 10 that allowed access to the command line and, using a live Linux .ISO, made it possible steal BitLocker keys during OS updates. The command line interface bypasses BitLocker and permits access to local drives simply by tapping the Shift and F10 keys. BitLocker …
Darren Pauli, 1 Dec 2016
Image by rudall30 http://www.shutterstock.com/gallery-573151p1.html

Microsoft update servers left all Azure RHEL instances hackable

Microsoft has patched flaws that attackers could exploit to compromise all Azure Red Hat Enterprise Linux (RHEL) instances. Software engineer Ian Duffy found the flaws while building a secure RHEL image for Microsoft Azure. During that process he noticed an installation script Azure uses in its preconfigured RPM Package …
Darren Pauli, 28 Nov 2016

Telegram API ransomware wrecked three weeks after launch

Ransomware scum abusing the protocol of the popular Telegram encrypted chat app have been wrecked and their malware ransom system decrypted. TeleCrypt throws a message to Russian-speaking victims thanking them for helping the "Young Programmers Fund" via the US$78 (5000 ruble) ransom payments, a comparatively small charge …
Darren Pauli, 23 Nov 2016

Create a news alert about patching, or find more stories about patching.

Biting the hand that feeds IT © 1998–2017