Articles about vulnerability management

Nothing to see here, folks, literally... Citrix mysteriously pulls NetScaler downloads

Citrix has temporarily suspended its NetScaler downloads due to an unspecified, and possibly security-related, issue. In an advisory to customers on Monday, and updated on Wednesday, Citrix outlined the affected software builds and promised that downloads should be restored by Monday, September 25. One version of note, seen by …
John Leyden, 21 Sep 2017

For pity's sake, enterprises, upgrade your mobile OS - report

Nine out of 10 enterprise mobile devices are using out-of-date operating systems, according to a new study, with upgrade issues increasing users' exposure to breaches, Duo Security warns. The analysis of more than one million actual iOS and Android mobile devices users in enterprises revealed that running updates is still hit …
John Leyden, 20 Jan 2016

Hey kids, who wants to pwn a million BIOSes?

The overlooked task of patching PC BIOS and UEFI firmware vulnerabilities leaves corporations wide open to attack, a new paper by security researchers warns. Xeno Kovah and Corey Kallenberg argue that the poor state of low-level software security is among the easiest ways for hackers to deeply infiltrate organizations. A …
John Leyden, 12 Jun 2015

PATCH FREAK NOW: Cloud providers faulted for slow response

Hundreds of cloud providers are still vulnerable to the serious FREAK cryptographic vulnerability. Skyhigh Networks found that 766 cloud services are still at risk 24 hours after FREAK was made public, based on an analysis of more than 10,000 different services. The average company is using 122 potentially vulnerable services …
John Leyden, 5 Mar 2015

Start stockpiling tinned beans and ammo: This malware will end civilisation

Media hype is affecting vendors’ patching strategies to the detriment of internet security, vulnerability management firm Secunia warns. The high-profile Heartbleed OpenSSL vulnerability triggered the mass patching of 600 products by more than 100 vendors within just 40 days. A further OpenSSL vulnerability from June 2014 led …
John Leyden, 6 Feb 2015
IE8 patch

Internet Explorer stars in monster October Patch Tuesday

October is stacking up to be a bumper Patch Tuesday update with nine bulletins lined up for delivery — three rated critical. Cloud security firm Qualys estimates two of the lesser "important" bulletins are just as bad however, as they would also allow malicious code injection onto vulnerable systems. Top of the critical list …
John Leyden, 10 Oct 2014

IE 0-day plugged up but TIFF terror continues in November Patch Tuesday

November's edition of Patch Tuesday brought relief from an IE zero-day exploit but a TIFF image-handling vulnerability under active attack from hackers remains unpatched. Microsoft released a total of five bulletins, three of which are marked up as critical and five of which are designated as important. The patch batch …
John Leyden, 13 Nov 2013

Feeling twitchy about nasty IE 0-day? Microsoft promises relief today

An unpatched flaw in Internet Explorer that become the topic of a high-profile warning over the weekend will be patched later on Tuesday, Microsoft promises. The CVE-2013-3918 vulnerability, affecting an Internet Explorer ActiveX Control, shipped up in active attacks detected by net security firm FireEye, sparking a high- …
John Leyden, 12 Nov 2013

Yet ANOTHER IE 0-day hole found: Malware-flingers already using it for drive-by badness

Security researchers have discovered new zero-day vulnerabilities in Internet Explorer that are already being harnessed by hackers to run a new type of drive-by attack. FireEye, the security firm that discovered the attack method, said that the flaw is present in various versions of Internet Explorer 7, 8, 9 and 10, while …
John Leyden, 11 Nov 2013

Windows, Office zero-day vuln must wait for next Patch Tuesday, says MS

Microsoft is lining up eight bulletins for the November edition of patch Tuesday (12 November), including three critical fixes, but there's no relief in sight for a zero-day vulnerability in how Office handles .TIFF graphics files. Hackers are exploiting a zero-day vulnerability in a graphics library that is used by Microsoft …
John Leyden, 8 Nov 2013
More flaws found in Java

Oracle drops shedload of CRITICAL vuln-busting Java patches

Oracle's autumn batch of quarterly updates included no fewer than 127 security fixes, including 51 for Java alone. The arrival of the Critical Patch Update (CPU) from Oracle means pretty much all of the enterprise server packages from the software giant need patching. Oracle Database Server, Oracle E-Business Suite, Oracle …
John Leyden, 16 Oct 2013

Oracle releases July patch batch... with 27 fixes for remote exploits

Oracle has pushed out a quarterly patch batch of 89 updates that mean almost all of its enterprise software products need updating for one reason or another. Craig Young, a security researcher at Tripwire, noted that most of the vulnerabilities were picked up by third-party researchers. “The constant drumbeat of critical …
John Leyden, 17 Jul 2013
The Register breaking news

Windows kernel bug-squish, IE update star in July Patch Tuesday

Microsoft's Patch Tuesday for July landed overnight with a bumper crop of seven bulletins, six of which cover critical flaws that carry remote code execution risks. And the Windows 8 giant today revealed that one of these, CVE-2013-3163, is currently under active attack online. Every supported operating system, every version …
John Leyden, 10 Jul 2013
The Register breaking news

Tripwire buys nCircle

IT security firm Tripwire has agreed to acquire vulnerability management specialists nCircle. Terms of the deal, announced Monday, were undisclosed. Combining forces will allow the development of technologies that will enable senior security officers to make risk-based security decisions that align with business priorities and …
John Leyden, 11 Mar 2013
The Register breaking news

IRS may be able to count beans, but it can't count its own PCs

Auditors have criticised US taxmen for failing to keep on top of its IT and the installation of software security patches. A report [PDF] by the US Treasury credits the IRS with upping its game in patching insecure products faster than it has done previously - but faults the agency for failing to apply a more coherent approach …
John Leyden, 13 Nov 2012
The Register breaking news

Oracle squashes 109 bugs in quarterly patch batch

Oracle published the latest edition of its quarterly patch update on Tuesday, addressing 109 vulnerabilities in 10 products. The patch batch coincided with a release of a new version of Java, tackling 30 vulnerabilities. The Oracle Java SE critical patch for various supported versions of the software is important because Java …
John Leyden, 17 Oct 2012
The Register breaking news

Microsoft puts Patch Tuesday on a diet, fixes Office flaw

Microsoft is planning a light October edition of its regular Patch Tuesday updates next week that focuses on Office flaws and features just one critical patch. The critical bulletin features a vulnerability in Microsoft Office 2003, 2007, and 2010 as well as Word Viewer and Microsoft Office Web Apps. Office for Mac is not …
John Leyden, 5 Oct 2012
The Register breaking news

Microsoft bundles BlueHat finalist tech into anti-exploit tool

Microsoft has beefed up one of its anti-exploit tools with technology from a $200K contest finalist. Technology from a BlueHat Prize finalist Ivan Fratric, designed to mitigate attacks that leverage Return Oriented Programming (ROP), has already been incorporated into Redmond's Enhanced Mitigation Experience Toolkit (EMET) 3.5 …
John Leyden, 27 Jul 2012

Create a news alert about vulnerability management, or find more stories about vulnerability management.

Biting the hand that feeds IT © 1998–2018