Patching

Vulnerabilities

Issued by: DataBreach Today

Configuration management – especially vulnerability patching – is a significant challenge for many healthcare entities, including some Veterans Affairs medical facilities. A recent watchdog agency security inspection found configuration issues to be a top weakness at a VA healthcare system in Arizona. The Veterans Affairs Office of Inspector General in a report issued Tuesday said…

Vulnerabilities

Issued by: DataBreach Today

The company behind the MOVEit managed file transfer application is urging customers into a new round of emergency patching after identifying additional vulnerabilities. Progress Software in a Friday update said it had identified additional SQL injection vulnerabilities allowing attackers access to the MOVEit transfer database. “These newly discovered vulnerabilities are distinct from the previously reported…

Application Security

Issued by: SecurityWeek

Google on Friday joined the list of vendors dealing with zero-day attacks, rolling out a major Chrome Desktop update to fix a security defect that’s already been exploited in the wild. The high-severity vulnerability, tracked as CVE-2023-2033, is described as a type confusion in the Chrome V8 JavaScript engine. “Google is aware that an exploit…

Software Security

Issued by: Dark Reading

The recent ransomware incident at Rackspace that took down the company’s hosted Microsoft Exchange server environment has focused attention on the often-risky gamble that security teams take when choosing to mitigate a vulnerability — rather than apply a patch for it. Last week, Rackspace disclosed that a Dec. 2 intrusion into the hosting company’s Exchange…