Articles about patching

No big deal. You can defeat Kaspersky's ATM antivirus with a really fat executable

Flaws have been found and fixed in Kaspersky Lab's security software for cash machines and other embedded systems. Hackers can exploit the bugs to circumvent anti-malware defenses in ATMs. Although Kaspersky responded promptly to the discovery and developed and released a patch, one wonders how long it will take for the …
John Leyden, 13 Jul 2017

Most of 2016's holes had fixes the day we knew about 'em. Did we patch? Did we @£$%

Patching rates went down in 2016 despite an increase in availability of security patches, according to a new study out today. Last year Secunia Research at Flexera Software recorded a total of 17,147 vulnerabilities in 2,136 products from 246 vendors. Even though a big majority (81 per cent) of all vulnerabilities had patches …
John Leyden, 13 Mar 2017
WikiLeaks

WikiLeaks promises to supply CIA's hacking tool code to vendors

WikiLeaks has promised to release software code of CIA hacking tools to tech firms. The promise from chief Wikileaker Julian Assange – now ensconced in Ecuador's London embassy for four and a half years – came on Thursday during a internet-streamed press conference on Vault 7, its recent CIA cyber-weapons documents dump. "We …
John Leyden, 10 Mar 2017
RomanYa http://www.shutterstock.com/gallery-1222298p1.html

WordPress fixed god-mode zero day without disclosing the problem

Last week's WordPress patch run fixed a then-secret zero day bug that let remote unauthorised hackers edit or delete WordPress pages. The remote privilege escalation and content injection hole hits Wordpress versions 4.7 and 4.7.1 and allows all pages on unpatched sites to be modified, redirecting visitors to exploits and a …
Darren Pauli, 2 Feb 2017
lychy 01 http://www.shutterstock.com/gallery-299362p1.html

WordPress slips out three quick patches

WordPress has fixed three flaws in its content management system, shuttering cross-site scripting and SQL injection bugs three weeks after its last update. The world's most popular content management system, used by some 74.7 million web sites, was open to a SQL injection flaw in WP_Query class that handles database and post …
Team Register, 29 Jan 2017
Composite image. Image by Syda Productions https://www.shutterstock.com/g/Syda+Productions

Boffins break Samsung Galaxies with one SMS carrying WAP crap

A single TXT message is enough to cause Samsung S5 and S4 handsets to return to factory settings, likely wiping users' data along the way. And because the attack exploits Android's innards, other vendors' handsets are at risk. The vulnerabilities, thankfully patched by Samsung, means attackers can send WAP configuration …
Darren Pauli, 25 Jan 2017
Software patch

Microsoft fixes remote desktop app Mac hole

Microsoft has patched a code execution hole in its Mac remote desktop client that grants read and write to home directories if users do no more than click a link, says Italian security researcher Filippo Cavallarin. The hole was patched 17 January. Cavallarin says the flaw allowed remote attackers to execute arbitrary code on …
Darren Pauli, 24 Jan 2017
Newly passed out 2Lts from 6 RIFLES on Salisbury Plain Training Area. Crown copyright, 2013

Flaws fixed in SAP's police and military software

Three of the 31 patches pushed out by SAP on Tuesday tackle flaws in the ERP giant’s technology for Defense Forces & Public Security. In particular, SAP's Defense Forces & Public Security and SAP Mobile Defense & Security components are susceptible to a missing authorisation check vulnerability. “This issue potentially allows …
John Leyden, 14 Dec 2016
Image composite: Microsoft and StudioLondon http://www.shutterstock.com/gallery-893620p1.html

SHIFT + F10, Linux gets you Windows 10's cleartext BitLocker key

Microsoft is working on a patch for a bug or feature in Windows 10 that allowed access to the command line and, using a live Linux .ISO, made it possible steal BitLocker keys during OS updates. The command line interface bypasses BitLocker and permits access to local drives simply by tapping the Shift and F10 keys. BitLocker …
Darren Pauli, 1 Dec 2016
Image by rudall30 http://www.shutterstock.com/gallery-573151p1.html

Microsoft update servers left all Azure RHEL instances hackable

Microsoft has patched flaws that attackers could exploit to compromise all Azure Red Hat Enterprise Linux (RHEL) instances. Software engineer Ian Duffy found the flaws while building a secure RHEL image for Microsoft Azure. During that process he noticed an installation script Azure uses in its preconfigured RPM Package …
Darren Pauli, 28 Nov 2016

Telegram API ransomware wrecked three weeks after launch

Ransomware scum abusing the protocol of the popular Telegram encrypted chat app have been wrecked and their malware ransom system decrypted. TeleCrypt throws a message to Russian-speaking victims thanking them for helping the "Young Programmers Fund" via the US$78 (5000 ruble) ransom payments, a comparatively small charge …
Darren Pauli, 23 Nov 2016

WordPress auto-update server had flaw allowing anyone to add anything to websites worldwide

Up to a quarter of all websites on the internet could have been attacked through a since-patched vulnerability that allowed WordPress' core update server to be compromised. The since-shuttered remote code execution flaw was found in a php webhook within api.wordpress.org that allows developers to supply a hashing algorithm of …
Darren Pauli, 23 Nov 2016

Cisco's job applications site leaked personal data

Cisco has fixed a vulnerability in its Professional Careers portal that may have exposed truckloads of personal information. The networking giant has sent an email to affected users in which it says a "limited set of job application related information" was leaked from the mobile version of the website, blaming an "incorrect …
Darren Pauli, 6 Nov 2016

Universal hijack hole turns DIY Wix blogs into botnets

Millions of do-it-yourself websites built with the Wix web maker were at risk of hijack thanks to a brief zero day DOM-based cross-site scripting vulnerability. Wix boasts some 87 million users, among them two million paying subscribers. Contrast Security researcher Matt Austin (@mattaustin) dug up the flaw he rates as severe …
Darren Pauli, 3 Nov 2016

Vuln hunter finds nasty shared server god mode database hack holes

Dangerous since-patched vulnerabilities in MySQL, MariaDB, and Percona's Server and XtraDB Cluster have been found that, when chained, allow attackers in shared environments complete compromise of servers. The database servers are among the world's most popular and count all major tech giants as customers including Google and …
Darren Pauli, 3 Nov 2016

Multiple RCE flaws found in Memcached web speed tool

A remote code execution vulnerability in popular website backend performance tool Memcached has been found and squashed. Cisco penetration tester Aleksandar Nikolich reported three remote code execution holes in the tool used by big name sites including Facebook, Twitter, YouTube, and Reddit to help decrease database burdens …
Darren Pauli, 2 Nov 2016

PayPal patches bone-headed two factor authentication bypass

Update Paypal has patched a boneheaded two factor authentication breach that allowed attackers to switch off the critical account control in minutes by changing a zero to a one. British MWR InfoSecurity consultant Henry Hoggart (@_mobisek) discovered and quietly reported the flaw to the payment giant. Attackers with username and …
Darren Pauli, 27 Oct 2016

Joomla! squashes critical privileged account creation holes

Joomla! has revealed it's patched twin critical flaws allowing attackers to bypass rules and create elevated privilege accounts. Project staff warned of the looming patch this week asking administrators to prepare for the patch and apply it immediately. The Joomla! security strike team said at the time only that a hole …
Darren Pauli, 27 Oct 2016

Create a news alert about patching, or find more stories about patching.

Biting the hand that feeds IT © 1998–2017