Critical News, Articles and Updates

21% of serverless applications feature critical vulnerabilities

An audit of 1,000 open-source serverless applications carried out by serverless security company PureSec has revealed that 21 percent of such applications feature critical security vulnerabilities that can be exploited.

Intel urges users to delete remote keyboard app, halts Spectre fixes

Intel is instructing users of its remote keyboard to delete the app after a critical flaw was found and also the firm is halting Spectre fixes on older chips.

Drupal advises be on lookout for highly critical release

Drupal is calling its users to be on standby for the announcement of a highly critical release on 28 March that will address issues in Drupal 7 and 8.

Patch Tuesday: Microsoft patches Remote Desktop Protocol exploit

This month's Microsoft patch Tuesday included more than 70 patches 15 of which were marked as critical and one that could exploit authentication in Microsoft Remote Desktop Protocol.

Patch Tuesday: Adobe patches 7 critical flaws

Patch Tuesday Adobe included updates for Adobe Flash Player, Adobe Connect, and Adobe Dreamweaver with seven critical vulnerabilities.

SEC issues cyber-security guidance disclosure

"Principles-based" guidance issued by the Securities and Exchange Commission (SEC) Wednesday clarifies how the commission views the disclosure responsibility of public companies that have fallen victim to a cyber-attack.

Adobe Patch Tuesday patches issues in Acrobat, Reader & Experience manager

Adobe's Patch Tuesday updates included security updates for Adobe Acrobat and Reader for Windows and Macintosh to address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

Attackers exploit critical Adobe Flash Player zero-day bug; no patch yet

Adobe Systems says it plans to address a critical zero-day vulnerability in Flash Player that a researcher asserts is being actively exploited in the wild to attack South Koreans conducting research on North Korea.

Cisco warns of a critical vulnerability in its SSL VPN solution

Hackers could run code on VPN box. Cisco has confirmed a critical security vulnerability in its SSL VPN solution, Adaptive Security Appliance (ASA), one of the most widely-deployed SSL VPNs on the market.

Malicious websites steal from vulnerable Electrum cryptocurrency wallets

The popular Bitcoin client Electrum has developed a patch for a critical vulnerability that allows malicious websites to steal from digital wallets that are not password-protected.

VMware repairs three critical bugs in vSphere Data Protection

VMware issued patches on Wednesday for a trio of critical vulnerabilities in its vSphere Data Protection backup and recovery solution. The problem was found in versions 6.1.x, 6.0.x, and 5.x, and repaired in versions 6.1.6 and 6.0.7.

Mozilla patches one critical, two high flaws in Thunderbird

Mozilla issued a series of security updates for Thunderbird 52.5.2 that included a critically rated buffer overflow issue that could lead to a crash if exploited.

US FCC to repeal net neutrality, could increase cyber-security threats

The commission decided today to repeal the regulations put in place under the Obama administration, prompting criticism that the move would not only choke freedom but would compromise security and privacy.

Google patches 37 security issues in Chrome

Google issued patches for 37 security issues in Chrome, with one being rated critical and six considered high risks, with the release of Chrome 63.0.3239.84.

Cisco patches critical vulnerability in Nexus devices

Cisco Wednesday warned users of a critical vulnerability in Nexus 3000 and 3500 series switches.