Patching News, Articles and Updates

Google may contractually require OEMs to perform regular patching

Google is looking into the possibility of requiring device manufacturers to regularly patch their devices, by incorporating such a provision into future OEM agreements.

Why the answer to IT security woes isn't just hiring more talent

Hiring more talent does not mean better security. No amount of additional talent or resource will improve your security posture if you don't fix your underlying broken patching processes. Automation is the answer.

Adobe releases more updates following Patch Tuesday fixes

After patching a confusion flaw in Flash last week, Adobe today issued security updates for Adobe Acrobat and Reader for Windows and MacOS.

Recommendations for cloud security: do the basics and plan for the worst

Don't keep secret or sensitive information in plain text; ensure regular patching; deploy 'least-privilege' to staff; use 2FA and secure password protocols; plan for what to do in the event of a breach and don't try to cover them up.

Why legacy IT is a security risk for utilities companies and their customers

Organisations worldwide are being encouraged to improve their security to avoid becoming victims of cyber-attacks, and one clear way to do this is to update their operating systems to the latest version, and the latest security patches.

Candy bar security posture leaves enterprises soft on the inside

71 percent of hackers say they can breach the perimeter of a target within 10 hours" and 100 percent within 15 according to the latest 'Black Report' from Nuix, surveying hacker method and motivation.

SAP NetWeaver CRM flaws could lead to information disclosure

Security researchers have warned that SAP CRM software has a couple of vulnerabilities that could be combined to compromise user data - the flaw is about as "bad as it gets".

Financial services need to get back to cyber-security basics

The issue with manual patching it that it is very time consuming and vulnerabilities can be missed due to human error. Organisations can combat these issues by delegating the task to technology.

Meltdown and Spectre - vulnerabilities to watch (and fix)

Almost all iPhones and Macs are at risk from Spectre chip security flaw according to industry reports.

Major Intel CPU flaw OS-independent; fix could degrade performance

A reported chip flaw in Intel processors that has existed at least for the last 10 years allows software programs to access content in kernel memory and patching the bug.

Time to wake up to API security, the overlooked vulnerability

API vulnerabilities are the sleeping giant of our technology-led world. The threats posed by an exposed API are significant, yet, they remain the most overlooked threat to information security today says Jason Macy

VMware fixes bugs in vCenter Service Appliance, three hypervisors

VMware on Tuesday patched a series of vulnerabilities in its ESXI, Workstation Pro, and Fusion hypervisors, as well as its vCenter Server Appliance.

Symantec endpoint zero-day unpatched for months

A vulnerability in Symantec endpoint clients remains unpatched months after disclosure, according to security researchers.

Apple issues emergency fix for High Sierra root access flaw

A day after a developer revealed a root access flaw in macOS High Sierra version 10.13.1, Apple released an emergency patch, which it plans to push out today.

Symantec patches certificate spoofing flaw in Install Norton product

Symantec patched a certificate spoofing vulnerability in its Install Norton Security product that occurs when downloading Norton for Mac.

Intel Management Engine vulnerabilities expose millions of PCs to attack

Intel researchers identified an elevation of privilege exploits in various product families which could enable a system crash or system instability, among other issues.

The problem with your inherited legacy systems

Most breaches we become aware of are caused by failure to update software components that are known to be vulnerable for months or even years.

Windows, Mac and Linux all at risk from flaws in Excel file reader library

Security researchers have warned over multiple flaws in Libxls that could result in remote code execution using specially crafted XLS files.

Oracle issues emergency patch for JoltandBleed bug in Tuxedo middleware

Oracle Corporation issued a series of emergency patches on Tuesday last week, fixing five vulnerabilities in its Tuxedo middleware platform, including a critical one that has been compared to Heartbleed.

Cisco: Critical vulnerability in 12 types of Voice OS-based products

Cisco has patched a critical flaw in its Voice-OS which could allow an unauthenticated, remote hacker to gain elevated access to 12 types of its products.

Microsoft Patch Tuesday: 20 critical issues addressed

Microsoft's November Patch Tuesday rollout included patches 53 flaws, 20 rated critical, spread across a variety of products, including Edge, Internet Explorer, Windows and Office.

ToastAmigo malware uses new twist to attack Toast overlay vulnerability

A new malware uses an updated methodology to abuse the previously patched Android Toast overlay vulnerability, which once installed, can download additional malware as well as use various permissions to access the phone.

Tor patches flaw that could expose MacOS and Linux IP addresses

The Tor Project released a patch fixing an issue that could reveal the correct IP address of MacOS and Linux users using the Tor browser.

Apple addresses KRACK exploits in iOS and macOS updates

Apple has finally addressed the KRACK vulnerabilities in its latest macOS High Sierra, Sierra, El Capitan, iOS 11.1, tvOS and watchOS.

Google bug tracker service flaw allowed access to new vulnerability reports

A private website Google used to track bugs in its own products was discovered to have its own set of flaws that could have exposed sensitive vulnerability reports - now fixed.

Apache OpenOffice patches four vulnerabilities in 4.1.4 update

Apache OpenOffice patched four medium vulnerabilities in the suites word processing and graphics apps.

T-Mobile API bug may have leaked customer account data

A bug in T-Mobile's wsg.t-mobile.com API may have allowed attackers to access customer data that can be used to carry out phishing attacks or worse.

LG patches app bug that can turn IoT vacuums into robotic spies

LG patches holes in its IOT device range following cooperation with CheckPoint, including patching vacuum cleaners which could have become digital spies in the home.

Wannacry - North Korea blamed by UK; NHS didn't follow recommendations

National Audit Office (NAO) report says NHS trusts were left vulnerable to the unsophisticated Wannacry attack because NHS chiefs ignored cyber-security recommendations. UK Government holds North Korea responsible.

Quarter of financial service employee mobile devices unpatched

A quarter of financial service employee mobile devices have unpatched vulnerabilities, according to a recent Symantec report.