Patching

Website owners warned over Joomla flaws

Website owners warned over Joomla flaws

By

Joomla flaws - unpatched websites may already be infected

All AppSec vulnerabilities are equal - so why do some seem more equal than others?

All AppSec vulnerabilities are equal - so why do some seem more equal than others?

By

Which vulnerability do you fix first, the one that's quickest to fix or the one that can cause the most damage? Targetting the most prevelant vulnerabilities may not always be the best option.

OPenSSL patch introduced flaw, critical fix advised

OPenSSL patch introduced flaw, critical fix advised

By

Critical bug in patch means OPenSSL security fix needs fixing.

White hats save greybeards from black hat attack

White hats save greybeards from black hat attack

By

As yet another well-known consumer brand falls victim to 'old version syndrome' and serves up malware to its customers; we ask, why lessons aren't being learned?

Apple patches remote code execution flaws

Apple patches remote code execution flaws

By

Apple patches critical vulnerabilities in iOS and OS X that could allow remote code execution.

CVE-ZOMBIE: the Word vulnerability that refuses to die

CVE-ZOMBIE: the Word vulnerability that refuses to die

By

CVE-2012-0158 allocated in 2011, patched in 2012, still being actively exploited in 2016: the question is why?

Why does old malware refuse to die? ...and is the IT security industry doing enough to kill it?

Why does old malware refuse to die? ...and is the IT security industry doing enough to kill it?

By

Old malware is the zombie apocalypse of the cyber -ecurity world. So why is that and why can't we fix it?

ICYMI: Buffalo stampede; Airport attack?; Ransomware plus; Patching halted; Short URLs

ICYMI: Buffalo stampede; Airport attack?; Ransomware plus; Patching halted; Short URLs

By

The latest In Case You Missed It (ICYMI) looks at Malware targeting malware; Was airport attacked?; Ransomware, malvertising & phishing; Quicktime unfixed; Short urls a risk

Endpoints rank among top security concerns for IT pros

By

Endpoint security continues to be one of the weakest areas for organisations around the world and a key factor behind a large amount of data breaches.

Warnings over Node.js flaw that could lead to DoS attacks

Warnings over Node.js flaw that could lead to DoS attacks

By

Node.js admits to two critical security flaws but delays patching

How to solve a problem like security update apathy?

How to solve a problem like security update apathy?

By

When a high percentage of users have unpatched systems and unpatched programs, as found in a recent Secunia report, can you protect them from themselves?

Exploring Android insecurities

Exploring Android insecurities

By

Nearly 88 percent of Android devices have been exposed to at least one critical vulnerability, according to research from the University of Cambridge.

Threat of the month: Zero-day

Threat of the month: Zero-day

ICYMI: Big data leaking; Salesforce vulnerability; suppressed car hack; sound authentication and critical IE fix

ICYMI: Big data leaking; Salesforce vulnerability; suppressed car hack; sound authentication and critical IE fix

By

In this week's In Case You Missed It (ICYMI): Big data leaking; Salesforce vulnerability patched; suppressed car hack; ambient sound authentication and critical IE fix.

How to get IT to eat its vegetables

How to get IT to eat its vegetables

Patching can be a significant pain for organisations. Similar to eating our vegetables, it's something we know we should do but is still hard to swallow for various reasons, says Rob Juncker.

Apple CORED but ignored

Apple CORED but ignored

The apple CORED/XARA vulnerability remains unpatched but appears unexploited in the wild.

Ignore cyber fears and get the basics right, say infosec experts

Ignore cyber fears and get the basics right, say infosec experts

By

For all the talk of cyber-warfare and black-hat hackers, most information security experts still get the basics wrong, said speakers at today's 44CON conference in London.

Wi-Fi car updates pose security risk

Wi-Fi car updates pose security risk

By

Ford's announcement of software updates to its cars via WiFi highlights security concerns about Smart Car software.

Response to Freak flaw slammed

Response to Freak flaw slammed

The response of Microsoft and cloud companies to the Freak vulnerability has been far too slow say commentators.

CISOs: Out of step with their own security teams?

CISOs: Out of step with their own security teams?

By

CISOs are increasingly taking on greater management responsibilities - but are they as a result being divorced from their firm's true security maturity and the tools needed to avoid being breached?

'Bizarre' Google stops WebView patching on older Androids

'Bizarre' Google stops WebView patching on older Androids

By

Google today ended support for patching the WebView tool that is used on Android 4.3 Jelly Bean and earlier versions of the operating system.

Microsoft report warns on outdated security software

Microsoft report warns on outdated security software

By

Microsoft says outdated software can be almost as insecure as having no protection at all.

Heartbleed (remediation) has improved open source cybersecurity

Heartbleed (remediation) has improved open source cybersecurity

The future of computing infrastructure, mobile applications, and personal data protection has been altered by Heartbleed says Joram Borenstein.

Microsoft still hasn't fixed US$100,000 bounty bug

Microsoft still hasn't fixed US$100,000 bounty bug

By

Some eight months after discovery and paying a bug bounty of US100,000, Microsoft Windows remains vulnerable to the weakness found by James Forshaw.

Microsoft to fix eight bugs, two critical, on Patch Tuesday

Microsoft to fix eight bugs, two critical, on Patch Tuesday

By

Microsoft's upcoming Patch Tuesday will address remote code execution vulnerabilities, elevation of privileges, a security feature bypass and a denial-of-service issue across various platforms.

Breaking the refresh cycle

Breaking the refresh cycle

The cycle of updating software at the end of life has, itself, reached its end of life with managed services the way ahead says Kevin Linsell

Tens of thousands of servers *still* vulnerable to Heartbleed

Tens of thousands of servers *still* vulnerable to Heartbleed

By

Half of all servers affected by the global Heartbleed flaw remain unpatched - and it could be months before vulnerable systems are fixed, if ever.

SC Webcasts UK

Sign up to our newsletters

FOLLOW US