The November Patch Tuesday update fixed 13 critical flaws, including a zero-day bug in Internet Explorer. Patch Tuesday is back once again, bringing with it 74 security fixes, 61 of which are classified as Important and 13 as Critical, including one Internet Explorer bug under active attack. Microsoft today released fixes for CVEs across Windows,
The fix addresses CVE-2019-13720, a high-severity, use-after-free vulnerability discovered by Kaspersky Lab researchers. Google upped the ante for Halloween frights when it issued a Chrome browser update to patch two vulnerabilities, one of which is a high-severity zero-day being actively exploited in the wild. Chrome version 78.0.3904.87 is for Windows, Mac, and Linux, and it
The ransomware operators targeted an “unquoted path” vulnerability in iTunes for Windows to evade detection and install BitPaymer. Ransomware operators have been seen exploiting a zero-day vulnerability in iTunes for Windows to slip past security tools and infect victims with BitPaymer, researchers report. Back in August, the Morphisec team noticed attackers targeting the network of
At Black Hat USA, Project Zero’s team lead shared details of projects it has accomplished and its influence on the security community. In July 2014, Google announced Project Zero, a research group built to reduce the number of zero-day vulnerabilities used in targeted attacks. Five years later, team lead Ben Hawkes took the Black Hat
Vulnerabilities in VxWorks’ TCP stack could allow an attacker to execute random code, launch a DoS attack, or use the vulnerable system to attack other devices. A series of vulnerabilities in a real-time operating system (RTOS) could leave up to 200 million devices open to exploit. And those devices include everything from network firewalls to
Microsoft issued fixes for 77 unique vulnerabilities this Patch Tuesday, including two zero-day privilege escalation vulnerabilities seen exploited in the wild. Microsoft today patched 77 vulnerabilities and issued two advisories as part of its July security update. Two of these bugs are under active attack; six were publicly known at the time fixes were released.
When it comes to acceptable circumstances for government disclosure of zero-days, the new Vulnerabilities Equity Process might be the accountability practice security advocates have been waiting for. Where do you stand in the debate over whether governments should stockpile vulnerabilities? Some believe that regardless of its utility, the practice of keeping software vulnerabilities secret affects