Home Archive by category "Security Updates" (Page 2)

Category: Security Updates

Time-sensitive security updates

Mozilla Firefox (and Thunderbird) Zero-day Vulnerabilities – CVE-2019-17026

Firefox

WHAT YOU NEED TO KNOW 

On January 10, 2020, Mozilla Firefox, Firefox ESR, and Thunderbird Zero-day Vulnerabilities have been discovered for Windows, MacOS and Linux.  These vulnerabilities could allow an attacker to take control of an affected system.   

This vulnerability was detected in exploits in the wild and has been assigned a Critical severity.  This vulnerability has been assigned to CVE-2019-17026: IonMonkey type confusion with StoreElementHole …

Read More…

Out of band Zero-Day Patch for Microsoft Internet Explorer (IE)

Internet Explorer Logo

Microsoft has released an out of band patch for a vulnerability that is currently being exploited.  The ePatching team has folded patches KB4483187, KB4483228, KB4483229, KB4483230, KB4483232, KB4483234, and KB4483235 into the MECM GS-ENT-2018-12-Security Update group.  The ePatching team will be adding relevant Server patches into this months advertisements later today. Users that have already applied December patches will receive …

Read More…

VMware Security Announcements: VMSA-2018-0004.3

VM Ware Logo

https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html

VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest Mitigations for speculative execution issue.The mitigations in this advisory are categorized as Hypervisor-Assisted Guest Mitigations described by VMware Knowledge Base article 52245.

Relevant Products
  • VMware vCenter Server (VC)
  • VMware vSphere ESXi (ESXi)
  • VMware Workstation Pro / Player (Workstation)
  • VMware Fusion Pro / Fusion (Fusion)

Read More…

Hacking Group APT28(Fancy Bear) putting Malware in to Office Document (whether macros are enabled or not)

Microsoft Office Logo

The McAfee Advanced Threat Group discovered a malicious Word document that appears to leverage the Microsoft Office Dynamic Data Exchange (DDE) technique that has been previously reported by Advanced Threat Research. This document likely marks the first observed use of this technique by APT28. The use of DDE with PowerShell allows an attacker to execute arbitrary code on a victim’s system …

Read More…

WannaCry Ransomware and USGS response

WannaCry Ransomware

A widespread ransomware campaign is affecting various organizations with reports of tens of thousands of infections in as many as 74 countries, including the United States, United Kingdom, Spain, Russia, Taiwan, France, and Japan. The software can run in as many as 27 different languages. This exploit utilizes a vulnerability (CVE-2017-0144) in the Microsoft Server Message Block 1.0 (SMBv1) server to …

Read More…

June 2016 Microsoft Security Bulletin Release

Windows logo icon

This alert is to provide you with an overview of the new security bulletins being released onJune 14, 2016. New security bulletins are released monthly to address security vulnerabilities in Microsoft products. The alert also provides information regarding two new security bulletin revisions.

 

New Security Bulletins

 

Microsoft is releasing 16 new security bulletins for newly discovered vulnerabilities:

 

Read More…

Latest iOS update cause some iPad Pro tablets to stop working

iOS Apple

Do not upgrade iPad Pro tablets to iOS 9.3.2 because the device locks up after the update is installed and won’t restart.

Many of those hit by the glitch say they receive an “Error 56” message that tells them to plug their device into iTunes. But that action does nothing to resolve the error, and rebooting simply returns the device …

Read More…