Patch Tuesday, December 2019 Edition

Krebs on Security

Microsoft today released updates to plug three dozen security holes in its Windows operating system and other software. What’s curious about this advisory is that it applies only to Windows XP Service Pack 3 , which is no longer receiving security updates.

Patch Tuesday, August 2019 Edition

Krebs on Security

Most Microsoft Windows (ab)users probably welcome the monthly ritual of applying security updates about as much as they look forward to going to the dentist: It always seems like you were there just yesterday, and you never quite know how it’s all going to turn out. Security vendor Qualys says two of these weaknesses can be exploited remotely without any authentication or user interaction. Latest Warnings Time to Patch August 2019 Edition Microsoft Patch Tuesday

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Patch Tuesday Lowdown, April 2019 Edition

Krebs on Security

Microsoft today released fifteen software updates to fix more than 70 unique security vulnerabilities in various flavors of its Windows operating systems and supported software, including at least two zero-day bugs. Separately, Adobe has issued security updates for Acrobat/Reader and Flash Player. According to security firm Rapid 7 , two of the vulnerabilities — CVE-2019-0803 and CVE-2019-0859 — are already being exploited in the wild.

Patch Tuesday, March 2019 Edition

Krebs on Security

Microsoft on Tuesday pushed out software updates to fix more than five dozen security vulnerabilities in its Windows operating systems, Internet Explorer , Edge , Office and Sharepoint. A security alert from Google last week said attackers were chaining the Windows and Chrome vulnerabilities to drop malicious code onto vulnerable systems.

IT 143

Patch Tuesday, September 2019 Edition

Krebs on Security

Microsoft today issued security updates to plug some 80 security holes in various flavors of its Windows operating systems and related software. According to security vendor Qualys , these Remote Desktop flaws were discovered in a code review by Microsoft, and in order to exploit them an attacker would have to trick a user into connecting to a malicious or hacked RDP server. Time to Patch.lnk adobe flash player Microsoft Patch Tuesday September 2019 Qualys Stuxnet

IT 129

Patch Tuesday, February 2019 Edition

Krebs on Security

Microsoft on Tuesday issued a bevy of patches to correct at least 70 distinct security vulnerabilities in Windows and software designed to interact with various flavors of the operating system. Security experts are fond of saying “patch now!” ” when it comes to Windows bugs, but in general it can’t hurt for regular users to wait a day or two after Microsoft releases monthly security updates before installing the fixes.

IT 140

Patch Tuesday, January 2019 Edition

Krebs on Security

Microsoft on Tuesday released updates to fix roughly four dozen security issues with its Windows operating systems and related software. All things considered, this first Patch Tuesday of 2019 is fairly mild, bereft as it is of any new Adobe Flash updates or zero-day exploits. According to security vendor Tenable , this is the most severe bug of the entire patch batch.

IT 137

Microsoft Patch Tuesday, June 2019 Edition

Krebs on Security

Microsoft on Tuesday released updates to fix 88 security vulnerabilities in its Windows operating systems and related software. And of course Adobe has its customary monthly security update for Flash Player. ” Microsoft also pushed an update to plug a single critical security hole in Adobe’s Flash Player software, which is waning in use but it still is a target for malware purveyors.

IT 145

2019 IoT Security Outlook

Data Breach Today

DigiCert just conducted a global study of how organizations across sectors are approaching IoT security. What are some of the best practices of the organizations that emphasize securing connected devices? Mike Nelson of DigiCert shares the findings

IoT 157

Capital One Warns of More Data Leaked in 2019 Breach

Data Breach Today

Additional Social Security Numbers May Have Been Exposed Capital One is warning additional customers that their Social Security numbers may have been exposed in a massive 2019 breach.

The Best of RSA Conference 2019

Data Breach Today

A Guide to Video Interviews With Thought Leaders at This Year's Event At RSA Conference 2019 in San Francisco, Information Security Media Group's editorial team conducted more than 100 video interviews with industry thought leaders. Here are the highlights

Federal Agencies Reported Fewer Security Incidents in 2019

Data Breach Today

federal agencies reported 8% fewer cybersecurity incidents in 2019 compared to the previous year, according to the White House's Office of Management and Budget. But 71 audits of agencies' "high-value assets" showed many remain susceptible to attacks because of a lack of security measures

Top Mobile Security Stories of 2019

Threatpost

Cybercrime increasingly went mobile in 2019, with everything from Apple iPhone jailbreaks and rogue Android apps to 5G and mobile-first phishing dominating the news coverage. Here are Threatpost's Top 10 mobile security stories of 2019.

Nine 2019 Cybersecurity Predictions

Security Affairs

Wondering about the state of global cybersecurity in 2019? Department of Homeland Security, merely the rumor of secretly placed foreign microchips in Super Micro motherboards was enough to send technology companies into a tailspin. They ramped up efforts to seal potential holes in their security practices and ensure counterfeit or sabotaged parts don’t end up opening a backdoor into their companies’ products. This bodes ill for 2019.

NEW TECH: Will ‘Secure Access Service Edge’ — SASE — Be the Answer to Secure Connectivity?

The Last Watchdog

Company networks have evolved rather spectacularly in just 20 years along a couple of distinct tracks: connectivity and security. Related: The shared burden of securing the Internet of Things. Security, meanwhile, has morphed into a glut of point solutions that mostly serve to highlight the myriad gaps in an ever-expanding attack surface. One new approach that is showing a lot of promise cropped up in late 2019.

10 Highlights: Cryptographers' Panel at RSA Conference 2019

Data Breach Today

Facebook's Cryptocurrency Folly, Scaling Security and Why Doomsday Is Temporary From blockchains and surveillance to backdoors and GDPR, a group of leading cryptographers rounded up the top cybersecurity and privacy matters of the day at the cryptographers' panel held at the recent RSA Conference 2019 in San Francisco

SAP September 2019 Security Patch Day addresses four Security Notes rated as Hot News

Security Affairs

SAP released the September 2019 Security Patch that addressed four Security Notes rated as Hot News by the company. SAP released the September 2019 Security Patch that addressed four Security Notes rated as Hot News by the company, but only one of them is new. SAP released 16 new or updated Security Notes, the overall number of Security Notes published this month is lower than in August. ” reads the security adviso r y.

2019 Security Spending Outlook

Dark Reading

Cybersecurity and IT risk budgets continue to grow. Here's how they'll be spent

10 Highlights: Infosecurity Europe 2019 Keynotes

Data Breach Today

Maersk on NotPetya Cleanup, Troy Hunt on Kid-Perpetrated Data Breaches, and More Data breaches, incident response and complying with the burgeoning number of regulations that have an information security impact were among the top themes at this year's Infosecurity Europe conference in London.

OpenText Enfuse 2019

OpenText Information Management

Barrenechea in the opening keynote at OpenText™ Enfuse 2019 in Las Vegas. News & Events Enfuse Enfuse 2019“It’s your edge. Own it.” That was the big message from OpenText™ CEO and CTO Mark J.

Cloud 60

Art Coviello on the 2019 State of Security

Data Breach Today

Ex-RSA Chair Weighs In on Threats, Technologies and Opportunities Retired RSA Chairman Art Coviello is optimistic about the rise of privacy and the progression in how enterprises secure their critical, expanded networks. But he also has significant concerns

Facebook Security Debacles: 2019 Year in Review

Threatpost

2019 was a tumultuous year for Facebook as it continued to grapple with privacy fallout after Cambridge Analytica, as well as dealing with a slew of security challenges. Facebook Privacy Slideshow cambridge analytica Data Privacy facebook security social media

RSA Conference 2019: A Preview

Data Breach Today

Britta Glade, content director for the world's largest data security event, says DevSecOps - as well as third-party risk and cloud-related issues - are emerging as key themes What are some of the hottest issues that will be discussed at this year's RSA Conference, to be held March 4-8 in San Francisco?

Cloud 143

SAP Security Patch Day for May 2019 fixes many missing authorization checks

Security Affairs

SAP released SAP Security Patch Day for May 2019 that includes 8 Security Notes, 5 of which are updates to previously released Notes. Five Security Notes included in SAP Security Patch Day for May 2019 addressed missing authorization checks in SAP products, including Treasury and Risk Management, Solution Manager and ABAP managed systems, dbpool administration, and Enterprise Financial Services. . ” reads the security advisory for the CVE-2019-0301.

SAP April 2019 Security Patch Day addresses High severity flaws in Crystal Reports, NetWeaver

Security Affairs

SAP released the April 2019 Security Patch Day that is included 6 Security Notes, two of which address High severity flaws in Crystal Reports and NetWeaver. SAP released 6 Security Notes as part of the April 2019 Security Patch Day, two of which address High severity flaws in Crystal Reports and NetWeaver. Update to security note release on January 2019 Patch Day: [ CVE-2018-2484 ] Missing Authorization check in SAP Enterprise Financial Services.

VMware addressed vulnerabilities disclosed at Pwn2Own 2019

Security Affairs

VMware released security updates to address vulnerabilities in its vCloud Director, ESXi, Workstation and Fusion products. The company also fixed the security flaws disclosed at the Pwn2Own 2019 hacking competition. VMware released updates to address vulnerabilities in vCloud Director, ESXi, Workstation and Fusion products, including ones disclosed at the Pwn2Own 2019. VMware released security updates for macOS version of ESXi, Workstation, and Fusion.

11 Hot Sessions: Infosecurity Europe 2019

Data Breach Today

Cybersecurity Conference Addresses AppSec, Incident Response, Top Threats and More Infosecurity Europe returns to London June 4-6, featuring more than 230 sessions over three days covering a range of topics, including application security, automation, data protection, risk management, incident response and threat analysis.

The 2019 State of Cloud Security

Dark Reading

Enterprise cloud security is making real progress, but emerging technologies call for security teams to keep up the pace

Cloud 86

Black Hat 2019: 5G Security Flaw Allows MiTM, Targeted Attacks

Threatpost

Black Hat IoT Mobile Security 5G Altaf Shaik Attacks battery drain bidding down black hat 2019 iot sensors Man in the Middle nb iot session vulnerabilitiesAcademic researchers carry out attacks on high-end commercial devices as well as narrowband IoT sensors.

IoT 82

Microsoft April 2019 Patch Tuesday fixes Windows 0days under attack

Security Affairs

Microsoft has released its April 2019 Patch Tuesday updates that address over 70 vulnerabilities, including two Windows zero-day flaws. Microsoft has released the April 2019 Patch Tuesday updates that address 74 vulnerabilities, including two Windows zero-days under active attack. April 2019 Patch Tuesday security updates resolve over a dozen critical remote code execution and privilege escalation vulnerabilities affecting Windows and Microsoft browsers.

Maximize Cybersecurity Risk Ratings in 2019

Data Breach Today

If you are a security or risk leader, you know that even with a formal third-party risk program in place, you are not effectively keeping track of all of your third parties Insights from the Forrester New Wave: Cybersecurity Risk Rating Solutions, Q4 2018.

Risk 147

Pwn2Own 2019 Day 3: Experts hacked Tesla 3 browser

Security Affairs

Pwn2Own 2019 Day 3 – Experts earned $35,000 and a Tesla Model 3 after hacking the vehicle’s web browser. Pwn2Own 2019 Day 3 – Hackers focused their efforts on car hacking, two teams participated in the competitions but only one of them reached the goal. The security experts Amat Cama and Richard Zhu of team Fluoroacetate, earned $35,000 for their exploit, along with the Tesla they hacked. SecurityAffairs – Pwn2Own 2019, hacking).

Gartner's Top IT Security Projects for 2019

eSecurity Planet

Which IT security projects deliver the most value and protection from risk? Gartner analysts offer their views

Risk 77

Tianfu Cup 2019 Day 1 – Chinese experts hacked Chrome, Edge, Safari, Office365

Security Affairs

The Tianfu Cup 2019 International Cyber ??Security Security Competition has started, in two days white hat hackers will attempt to exploit flaws in major software. The Tianfu Cup 2019 International Cyber ??Security Security Competition has started, white hat hackers will attempt to devise working zero-day exploits for popular software. — TianfuCup (@TianfuCup) November 16, 2019. — TianfuCup (@TianfuCup) November 16, 2019.

Pwn2Own 2019 Day 1 – participants hacked Apple, Oracle, VMware products

Security Affairs

Pwn2Own 2019 hacking competition is started and participants hacked Apple Safari browser, Oracle VirtualBox and VMware Workstation on the first day. As you know I always cover results obtained by white hat hackers at hacking competitions, for this reason, today I’ll share with you the results of the first day of the Pwn2Own 2019. The security duo chained an integer overflow in the browser and a heap overflow that allowed them to escape the sandbox.

IT 87

SAP October 2019 Security Patch Day fixes 2 critical flaws

Security Affairs

SAP addressed two critical vulnerabilities (Hot News) as part of the October 2019 Security Patch Day. SAP has released its October 2019 Security Patch Day updates that also address two critical vulnerabilities (Hot News) with CVSS scores of 9.3 The October 2019 Security Patch Day also includes a High Priority Note addressing Binary Planting vulnerability. ” reads the analysis published by security firm Onapsis.

B2B 73

Microsoft released Patch Tuesday security updates for July 2019

Security Affairs

Microsoft Patch Tuesday updates for July 2019 address a total of 77 vulnerabilities, 14 rated as Critical, 62 as Important, and only 1 as Moderate in severity. Microsoft released Patch Tuesday updates for July 2019 that address a total of 77 vulnerabilities, 14 rated as Critical, 62 as Important, and only 1 as Moderate in severity. ” reads the security advisory. Don’t forget to check that your system has installed the latest security patches released by Microsoft.

Security and Human Behavior (SHB) 2019

Schneier on Security

Today is the second day of the twelfth Workshop on Security and Human Behavior , which I am hosting at Harvard University. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself. Ross also maintains a good webpage of psychology and security resources.

Paper 77

18 Cyber Security Startups to Watch in 2019

eSecurity Planet

Here are 18 hot IT security startups addressing everything from IoT security and blockchain to artificial intelligence and machine learning

Black Hat 2019: Security’s Powerful Cultural Transformation

Threatpost

Dino Dai Zovi, mobile security lead at Square, discusses ongoing transformation in security's role in the workplace during the keynote. Black Hat Cloud Security Featured Vulnerabilities Web Security black hat 2019 cultural change DevOps Dino Dai Zovi keynote new roles organizational change security teams Square transformation