Articles about patches

Image by Daniel Wiedemann http://www.shutterstock.com/gallery-89719p1.html

NUUO, do not want! CCTV webcams can be hacked to spy on you

Researchers have uncovered two flaws that leave more than 100,000 NUUO-powered internet-connected surveillance cameras open to remote takeover. Tenable Research on Monday laid claim to discovering two bugs in NUUO's Network Video Recorder firmware that can be exploited to covertly access a camera's video feed or simply take …
Shaun Nichols, 17 Sep 2018
mountain

Docker fave Alpine Linux suffers bug miscreants can exploit to poison containers

An infosec bod has documented a remote-code execution flaw in Alpine Linux, a distro that pops up a lot in Docker containers. Max Justicz, researcher and creator of crowd-sourced bug bounty system Bountygraph, said on Thursday that the vulnerability could be exploited by someone with man-in-the-middle (MITM) network access, or …
Shaun Nichols, 15 Sep 2018
Blurry image of people

Cisco loses focus over TelePresence blurry videoconferencing bug

Have you noticed that your big expensive Cisco TelePresence unit seems like it needs a pair of glasses? You're not alone. Switchzilla is advising companies using two of the older models of its video conferencing system to install software update to address a defect in the camera that leaves users with a blurry picture. cisco …
Shaun Nichols, 12 Sep 2018

When is a patch not a patch? When it's for this McAfee password bug

A privilege escalation flaw in McAfee's True Key software remains open to exploitation despite multiple attempts to patch it. This according to researchers with security shop Exodus Intel, who claim that CVE-2018-6661 was not fully addressed with either of the two patches McAfee released for it. The flaw is an elevation of …
Shaun Nichols, 11 Sep 2018
phishing

Safari, Edge fans: Is that really the website you think you're visiting? URL spoof bug blabbed

A security researcher has disclosed a bug that could be abused to spoof website addresses in either Edge or Safari. Rafay Baloch told The Register that while Microsoft has since patched the flaw (CVE-2018-8383) in its browser, Apple has been dragging its feet on a fix for Safari for weeks, and the browser remains vulnerable …
Shaun Nichols, 11 Sep 2018
Pixellated Facebook thumb

Now that's a fortune cookie! Facebook splats $5k command-injection bug in one of its servers

Facebook has patched a remote-code execution flaw discovered in one of its servers. Researcher Daniel 'Blaklis' Le Gall, of SCRT Information Security, said on Friday he bagged a $5,000 bug bounty from the social network for reporting a flaw that could be exploited to execute arbitrary commands using malicious cookies. Though …
Shaun Nichols, 24 Aug 2018
BSOD in Glasgow

Well, can't get hacked if your PC doesn't work... McAfee yanks BSoDing Endpoint Security patch

McAfee has pulled a version of its Endpoint Security software after folks reported the antivirus software was crashing their Windows machines. The security giant said it has taken down the August update for Endpoint Security 10.5.4, and is advising anyone who has downloaded it, but not installed, to hold off installing it. " …
Shaun Nichols, 24 Aug 2018
scream

Oracle: Run, don't walk, to patch this critical Database takeover bug

Oracle is advising customers to update their database software following the discovery and disclosure of a critical remote code execution vulnerability. The flaw, dubbed CVE-2018-3110 was given a CVSS base score of 9.9 (out of 10) and Oracle warns that successful exploit of the bug "can result in complete compromise of the …
Shaun Nichols, 14 Aug 2018
Doctor Nick Riviera

Hey, you know what a popular medical record system doesn't need? 23 security vulnerabilities

Fresh light has been shed on a batch of security vulnerabilities discovered in the widely used OpenEMR medical records storage system. A team of researchers at Project Insecurity discovered and reported the flaws, which were patched last month by the OpenEMR developers in version 5.0.1.4. With the fixes now having been out for …
Shaun Nichols, 7 Aug 2018

Whisk-y business: How Apache OpenWhisk hole left IBM Cloud Functions at risk of hijacking

IBM has patched a critical vulnerability in its Cloud Functions platform that would have allowed miscreants to remotely overwrite customers' code – and execute malicious commands to hijack services. The flaws, designated CVE-2018-11756 and CVE-2018-11757, are actually present in Apache OpenWhisk, a component Big Blue uses to …
Shaun Nichols, 24 Jul 2018
Someone applying security updates

If at first you, er, make things worse, you're probably Microsoft: Bug patch needed patching

A remote code execution vulnerability in the Windows VBScript engine was left open for exploitation for two months after it was supposedly patched. In fact, the fix made things even worse by introducing another remotely exploitable bug in VBScript. This is all according to researchers at Qihoo 360, who today claimed a …
Shaun Nichols, 23 Jul 2018
Hammer and Nails

Rowhammer returns, Spectre fix unfixed, Wireguard makes a new friend, and much more

Roundup This week we dealt with buggered bookies, trouble at Ticketmaster, and a compromised Linux build from Gentoo. Here's what else went down during the week. Trustwave sued Some breaking news as we were typing away: two insurance companies, Lexington Insurance Co and Beazley Insurance Co in the US, are suing infosec biz Trustwave …
Shaun Nichols, 30 Jun 2018
A security guard asleep

Sophos SafeGuard anything but – thanks to 7 serious security bugs

Companies running Sophos security clients will want to update their software following the disclosure of seven privilege escalation flaws in the security suite. Sophos says its SafeGuard Enterprise Client, LAN Crypt client and Easy software on Windows are all vulnerable to the bugs, which can be exploited by an attacker to run …
Shaun Nichols, 26 Jun 2018
A screen door being repaired

Stop us if you've heard this one: Adobe Flash gets emergency patch for zero-day exploit

Adobe has kicked out an out-of-band update for a security vulnerability in Flash – after learning the bug was being actively exploited in the wild by hackers to hijack PCs. The Photoshop giant said today its Flash Player 30.0.0.113 update should be a top installation priority for Mac, Windows, and Linux systems. One of the …
Shaun Nichols, 7 Jun 2018
Cats eyes behind a zip

Loose .zips sink chips: How poisoned archives can hack your computer

Video Booby-trapped archive files can exploit vulnerabilities in a swath of software to overwrite documents and data elsewhere on a computer's file system – and potentially execute malicious code. Specifically, the flaws, dubbed "Zip Slip" by its discoverers at security outfit Snyk, are path traversals that can potentially be …
Shaun Nichols, 5 Jun 2018
Nexus 5X

It's August 2017 and your Android gear can be pwned by, oh look, just patch the things

Android users should be expecting a security update to land for the mobile operating system in short order, as Google has issued fixes for 99 CVE-listed programming cockups. This month's update has been released for the Pixel and Nexus lines and kicked out to other manufacturers and carriers, which will post their own updates …
Shaun Nichols, 9 Aug 2017

Adobe will kill Flash by 2020: No more updates, support, tears, pain...

Adobe has officially set a kill date for its beleaguered Flash. The Photoshop giant said today it plans to end support for the hacker-prone multimedia browser plugin by the end of 2020. This means no more updates for Flash Player after that date and the end of support on many browsers, including Chrome, Internet Explorer and …
Shaun Nichols, 25 Jul 2017

Why can't you install Windows 10 Creators Update on your old Atom netbook? Because Intel stopped loving you

Microsoft has blamed Intel for the sad trail of low-end PCs left out of the Windows 10 Creators Update rollouts. The Redmond giant says its latest flavor of Windows can't support machines powered by Intel's Atom Cloverview processor family because Chipzilla has stopped supporting those chips. Without Intel providing firmware …
Shaun Nichols, 20 Jul 2017

Create a news alert about patches, or find more stories about patches.

Biting the hand that feeds IT © 1998–2018