Vulnerabilities

(get it in RSS or Atom)

Patch Tuesday January 2014 - Microsoft, Adobe and Oracle

istock_patchtuesday250

Microsoft, Adobe and Oracle have all released fixes today. Products covered include Microsoft Word, Windows XP, Windows 7, Adobe Reader, Java, MySQL and VirtualBox.

How to protect your critical infrastructure

How to protect your critical infrastructure

It’s easy to overlook the security of critical IT infrastructure - the low level things that you rely on and that "just work", that nobody wants to touch and that probably haven't been patched for years. Here are some things to consider when keeping your critical infrastructure secure.

Oracle releases 127 security fixes, 51 for Java alone

oraclejava-250

Oracle has released its quarterly software update fixing more than 100 security vulnerabilities in its products. Java is at risk from more than 50 flaws, so it is time to update immediately if you still use it.

NIST, US government's vulnerability database, brought down by ironic malware

NIST, US government's vulnerability database, brought down by ironic malware

The US's national vulnerability database has been offline for days thanks to multi-server infection inflicted by hacker(s) who really know how to hurt a infosec guy or gal.

Monster super-critical Patch Tuesday for February 2013

Monster super-critical Patch Tuesday for February 2013

Microsoft has released 12 patches covering 56 vulnerabilities as part of the February monthly "Patch Tuesday" update. Five of these patches are rated critical and code allow criminals to drive-by install malware onto Windows systems.

Technical paper: Deeper inside the Blackhole exploit kit

Technical Paper: Inside a Black Hole (part 2)

For those interested in exploit kits and how they work, Gabor Szappanos has published the second (and concluding) part of his technical paper looking at the Blackhole kit.

Recommended reading for all those that want a little more detail as to how one of the most prolific and widely used crimeware kits actually works.

Technical paper: Journey inside the Blackhole exploit kit

plug-hole-thumb

Do you want to learn more about the exploit kit that is arguably responsible for the most malware infections this year?

Well read the latest technical paper from SophosLabs, where Gabor Szappanos uncovers some of the details behind the Blackhole exploit kit.

Adobe fixes 25 critical security holes in its software

flash-logo

Adobe released an important update for its software on Monday, fixing 25 security holes. The updates affect Flash running on Windows, Apple Mac and Linux systems.

In addition, Adobe AIR users on Windows, Mac OS X, Android and iOS are also advised to install an update.

Patch Tuesday April 2012 - Critical updates for Windows, Office and Adobe Reader

Patch Tuesday for October 2012

Microsoft released six patches for eleven vulnerabilities today for Windows, Office, SQL and other products. Adobe also updated their Reader app to fix four vulnerabilities that can be exploited by malicious PDF files.

Identify your missing security patches this Christmas

laptop_250

New vulnerabilities are being discovered all the time, and attackers are still exploiting old ones. But how do you deal with the vulnerabilities? Patch them of course.

iOS 5 introduces security challenges and flaws

ios5250

A week after the release of iOS 5 several flaws and vulnerabilities that could affect your data security have been found. Unauthorized calls, Smart Cover unlocks and media access are all possible with system defaults.

Apple releases OS X 10.7.2 and iOS 5 with enormous security patch

iStock_AppleLove250

A comprehensive look at the security updates in iOS 5 and OS X Lion 10.7.2. In addition to new features for iOS users, many critical fixes are present.

Patch Tuesday July 2011 - 4 updates, 22 bugs

Patch Tuesday for January - what you need to know

Microsoft have released four bulletins this month, three important and one critical. Fixes included impact Windows 7, Windows Vista and Microsoft Visio 2003 SP3 users.

Patch Tuesday part two - Adobe patches Reader, Flash and more

adobe logo

Adobe's Patch Tuesday quarterly release is out and fixes many critical vulnerabilities. Time to patch Reader, Acrobat, Shockwave, Flash, ColdFusion, LifeCycle and Blaze...

April 2011 MS Patch Tuesday - 17 patches, 64 vulnerabilities

Patch Tuesday for January - what you need to know

Microsoft released patches today for Windows XP through Windows 7, Office, .Net, Internet Explorer and more. Learn about the key highlights and our advice on what to do.

Flaw in ISC's dhclient could allow remote code execution

ISCCVE175

Unix/Linux users may be vulnerable to a new flaw in ISC's DHCP client. ISC is advising users to apply mitigation or update to their latest release.

December 2010 Patch Tuesday is a whopper

Dec2010PatchTuesday250

December's Microsoft Patch Tuesday fixed 40 vulnerabilities in 17 patches. While it fixes many critical and important vulnerabilities a few are noticeably absent.

Adobe announces Reader X and Acrobat X editions

Adobe announces Reader X and Acrobat X editions

Adobe has announced the long-awaited sandboxed versions of their ubiquitous Adobe Reader and Adobe Acrobat applications, now branded as X. Brad Arkin, Adobe's Senior Director of Product Security and Privacy, first spoke with Sophos about Adobe's plans to better secure Read more…

Sophos Security Chet Chat 30 and VB 2010 roundup

Sophos Security Chet Chat 30 and VB 2010 roundup

There was a lot of security news this week as Michael Argast and I went into our Vancouver studio to record Chet Chat 30. I was on vacation at the beginning of the week, so it is a bit longer Read more…

Malicious PDFs: A summary of my VB2010 presentation

VB2010 presentation about PDFs

Last week, I presented at VB2010 a talk that was well received in the room and on the wires. A number of people have requested copies of or links to my presentation and paper (thanks to Helen Martin of Virus Read more…