Category Archives: security update

VLC users urged to implement latest security update

VLC, the popular cross-platform media player, has reached version 3.0.8, which fixes over a dozen security vulnerabilities, some of which could be exploited by attackers to achieve code execution on victims’ machines. About VLC VLC is an extremely popular piece of software that started as an academic project. It’s free and open-source and is available for Windows, macOS, Linux, Android, Chrome OS, iOS, Apple TV, and Windows Phone. It is currently maintained by the VideoLAN … More

The post VLC users urged to implement latest security update appeared first on Help Net Security.

August 2019 Patch Tuesday: Microsoft plugs critical wormable RDP holes

It’s that time of the month again: Microsoft, Adobe and Intel have pushed out fixes for a bucketload of security issues in their various software. Microsoft’s security updates should take precedence, though, as they fix 29 critical vulnerabilities, including four in Remote Desktop Services, two of which – Microsoft warns – are wormable, just like BlueKeep before them. Microsoft patches Microsoft has plugged 93 CVEs and has released two advisories – one recommends a new … More

The post August 2019 Patch Tuesday: Microsoft plugs critical wormable RDP holes appeared first on Help Net Security.

Critical holes plugged in Cisco 220 Series smart switches

Cisco has fixed three vulnerabilities in its Cisco 220 Series smart switches and is urging owners to upgrade their firmware as soon as possible. Among these are two critical flaws that could allow unauthenticated, remote attackers to compromise vulnerable devices. About the vulnerabilities Cisco 220 Series smart switches are generally used by small and midsize businesses. All the flaws affect the switches’ web management interface, which is enabled by default. CVE-2019-1912 is an authentication bypass … More

The post Critical holes plugged in Cisco 220 Series smart switches appeared first on Help Net Security.

SWAPGS Attack: A new Spectre haunts machines with Intel CPUs

Bitdefender researchers have uncovered yet another viable speculative execution side-channel attack that can be leveraged against Intel CPUs and the computers running on them. The SWAPGS Attack, as they call it, circumvents the protective measures that have been put in-place in response to earlier attacks such as Spectre and Meltdown. Still, there is plenty of good news: Microsoft has already released Windows patches for the flaw that makes the attack possible and, even though feasible, … More

The post SWAPGS Attack: A new Spectre haunts machines with Intel CPUs appeared first on Help Net Security.

If you’re struggling with Windows 10 migration, updates will be an even bigger challenge

With the end of Windows 7 support on the horizon, many companies remain significantly behind in completing their Windows 10 migration, new data from 1E shows. Of 600 senior IT decision makers surveyed, it was reported that 32% of endpoints were left unconverted, raising serious questions about the risks organizations are willing to take with cybersecurity. According to the report, “Windows 10 2020: Beyond the Migration,”: 82% of organizations say security is a motivating factor … More

The post If you’re struggling with Windows 10 migration, updates will be an even bigger challenge appeared first on Help Net Security.

Flaw in Iomega, LenovoEMC NAS devices exposes millions of files on the Internet

A vulnerability in legacy Iomega and LenovoEMC network-attached storage (NAS) devices has led to many terabytes of potentially sensitive data being accessible to anyone via the Internet. About Iomega and LenovoEMC Iomega Corporation was acquired in 2008 by EMC. In 2013, Iomega became LenovoEMC – a joint venture between Lenovo and EMC Corporation – and Iomega’s products were rebranded under the new name. Iomega’s and LenovoEMC’s storage products were aimed at small and medium-sized businesses. … More

The post Flaw in Iomega, LenovoEMC NAS devices exposes millions of files on the Internet appeared first on Help Net Security.

CVE-2019-11815: Experts discovered a privilege escalation vulnerability in the Linux Kernel

Red Hat engineers and experts discovered a memory corruption vulnerability in Linux kernel, which is basically a flaw while implementation of RDS (Remote desktop Protocol) over TCP. This flaw has affected Red Hat, Ubuntu, Debian and SUSE and security advisories have been issued for all. This flaw could enable an…