What patches to prioritize following the April 2018 Patch Tuesday?

This April 2018 Patch Tuesday Adobe addressed vulnerabilities in Adobe PhoneGap Push Plugin, Adobe Digital Editions, Adobe InDesign, Adobe Experience Manager, and Adobe Flash Player. Of these updates, the most important one is that for Adobe Flash Player. Not only is the product the most widely used of those mentioned above, but it also patches three critical […]

‘SirenJack’ Vulnerability Lets Hackers Hijack Emergency Warning System

The sound of an emergency alert siren can be a nightmare soundtrack to the millions who live in areas subject to hurricanes, tornados, earthquakes, or other natural disasters. A recently disclosed vulnerability in the emergency warning system used by San Francisco and other municipalities could allow a threat actor to take control of the system, […]

RTF Design, Office Flaw Exploited in Multi-Stage Document Attack

A newly discovered multi-stage document attack exploits design behaviors in .docx and RTF, along with CVE-2017-8570, to drop a malicious payload called Formbook on target endpoints. Attackers bypass traditional security tools with embedded URLs instead of active code. Researchers at Menlo Security Labs who isolated the second-stage document say the behaviors enabling this attack are […]

Cisco security: Russia, Iran switches hit by attackers who leave US flag on screens

Hackers on Friday attacked vulnerable Cisco switches at data centers in Russia and Iran, leaving an image of the US flag and the message: “Don’t mess with our elections”. Cisco last month released a patch for a critical vulnerability affecting Smart Install software. However, the Friday attacks exploited a Smart Install “protocol misuse” issue that […]

SECURITY Intel: Our Remote Keyboard app has a critical bug; delete it now!

A critical flaw in the Intel Remote Keyboard app for iOS and Android has led to the decision by Intel to discontinue the app, and the company advises all users to uninstall it as soon as possible. Used in conjunction with Intel Next Unit of Computing (NUC) mini PCs and flashdrive-sized Intel Compute Stick, the Intel Remote Keyboard allowed users to […]

Unpatched Vulnerabilities the Source of Most Data Breaches

Nearly 60% of organizations that suffered a data breach in the past two years cite as the culprit a known vulnerability for which they had not yet patched. Half of organizations in a new Ponemon Institute study conducted on behalf of ServiceNow say they were hit with one or more data breaches in the past […]

Critical remote code execution vulnerabilities impact Natus medical devices

A set of critical vulnerabilities have been uncovered in Natus NeuroWorks software which may place medical devices connecting to the software at risk. Earlier this week, researchers from Cisco Talos said in a blog post that the vulnerabilities could not only cause services to crash but may also allow attackers to remotely execute code on medical devices. […]

Windows 10 security: Microsoft patches critical flaw in Windows Defender

Microsoft has rolled-out security updates to fix a critical remote code execution flaw affecting Windows Defender and other anti-malware products. The critical flaw affects Microsoft Malware Protection Engine, or mpengine.dll, the core of Windows Defender in Windows 10. “An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the […]

New Attack Vector Shows Dangers of S3 Sleep Mode

Two researchers at Black Hat Asia last month gave computers a reason to sleep with one eye open in their demo of “S3 Sleep,” a new attack vector used to subvert the Intel Trusted eXecution Environment (TXT). A flaw in Intel TXT lets hackers compromise a machine as it wakes up. Intel TXT is the […]

How to close the security update gap

Security patching is hard and patch fatigue is real. So what can be done to make the process more simple, less disruptive, and more likely to be performed in a timely manner? According to the results of a recent survey by ACROS Security, those responsable for it are asking for – among other things – […]