updates Archives - Cyber Security Minute

Malicious Plugins Found on 25,000 WordPress Websites: Study

Issued by: Security Week

An analysis of nightly backups of more than 400,000 unique web servers has revealed the existence of more than 47,000 malicious plugins installed on nearly 25,000 unique WordPress websites. More than 94% of these plugins (over 44,000) continue to be in use today. Over 3,600 of the identified malicious plugins were purchased from legitimate marketplaces…

Network Security

BIND Vulnerabilities Expose DNS Servers to Remote Attacks

Issued by: Security Week

Three new security advisories have been published, including two that cover high-severity vulnerabilities that can be exploited remotely. The advisories describing the vulnerabilities were made public on April 28, but some organizations were privately notified in advance. The most serious of the flaws — based on its CVSS score of 8.1 — is CVE-2021-25216, a…

Vulnerabilities

Rockwell Industrial Switches Affected by More Vulnerabilities in Cisco Software

Issued by: Security Week

Rockwell Automation regularly releases firmware updates for its Stratix devices to address vulnerabilities introduced by the use of Cisco software. In fact, a majority of the security advisories released by the company for its Stratix products address flaws that exist in Cisco software. The latest Stratix advisory released by Rockwell covers a total of 8…

Vulnerabilities

Cisco Patches Critical Code Execution Flaw in Security Appliances

Issued by: Security Week

Cisco informed customers on Monday that updates released for its Adaptive Security Appliance (ASA) software patch a critical vulnerability that can be exploited to gain full control of devices or cause them to reload. The security hole, tracked as CVE-2018-0101 and assigned a CVSS score of 10, allows a remote and unauthenticated attacker to execute arbitrary code…

Software Security

Is your Mac software secure but firmware vulnerable?

Issued by: Help Net Security

Mac users who have updated to the latest OS version or have downloaded and implemented the most recent security update may not be as secure as they originally thought, Duo Security researchers have found. That’s because many of them did not receive the newest firmware along with OS and software updates.

Vulnerabilities

Microsoft Releases Security Update for Flash Player Libraries

Issued by: Security Week

While most of this month’s security updates have been postponed to March 14, Microsoft has decided to release one bulletin to address the Flash Player vulnerabilities fixed by Adobe on Patch Tuesday. The critical bulletin, MS17-005, resolves 13 vulnerabilities in the Flash Player libraries used by Internet Explorer 10, Internet Explorer 11 and Edge.

Vulnerabilities

Microsoft Patches Several Publicly Disclosed Flaws

Issued by: Security Week

Microsoft’s December 2016 Patch Tuesday updates include a total of 12 critical and important security bulletins that resolve vulnerabilities in Windows, Office, Internet Explorer and Edge. Several of the vulnerabilities patched this week have already been publicly disclosed. For instance, the critical bulletin MS16-144 fixes eight remote code execution, security bypass and information disclosure flaws….

Software Security

Software updates are critical, so automate them

Issued by: Kaspersky Blog

Why do we need to update our software, anyway? Well, the first thing to understand is that there are different kinds of updates. Some of them add new features or improve existing ones. Others make your software compatible with other programs, different protocols, new or updated operating systems, and so forth. With greater compatibility you’ll…