Patch Management
News
APT attackers are increasingly using booby-trapped RTF documents, experts say
Booby-trapped RTF documents are one of the most common types of malicious Microsoft Office files that are used to infect computers with advanced...
CSOs warned of serious cyber-espionage attack
A cybersecurity consulting firm has documented the existence of a China-based espionage operation that has infiltrated the computer systems of at...
PHP working on new patch for critical vulnerability after initial one failed
The PHP Group plans to release new versions of the PHP processor on Tuesday in order to patch two publicly known critical remote code execution...
Is Facebook use in the enterprise too risky to allow?
It is not news that Facebook is less than aggressive about protecting the personal privacy of its 900 million users. But even relatively savvy users...
Researcher misinterprets Oracle advisory, discloses unpatched database vulnerability
Instructions on how to exploit an unpatched Oracle Database Server vulnerability in order to intercept the information exchanged between clients and...
WordPress security update patches external libraries, several vulnerabilities
The WordPress development team released WordPress 3.3.2 on Friday in order to address several vulnerabilities in the popular blogging platform as...
Embedded system security much more dangerous, costly than traditional software vulnerabilities
Experts say embedded device manufacturers too often lack maturity when it comes to designing secure embedded systems.
Oracle to issue 88 security patches
Oracle is planning to release 88 patches on Tuesday, covering vulnerabilities affecting a wide array of its products, according to a pre-release...
Malware infects Macs through Microsoft Office vulnerability
Security researchers have encountered new email-based targeted attacks that exploit a vulnerability in Microsoft Office to install a remote access...
Flash Player 11.2 fixes critical vulnerabilities, adds silent updates
Adobe released Flash Player 11.2 on Tuesday, addressing two critical arbitrary code execution vulnerabilities and introducing a silent update option.
Secunia: We don't know how vendors will react to our repackaging their updates
Security firm Secunia expects a reaction from vendors as it plans to repackage security updates for hundreds of applications into its own proprietary...
PHP 5.3.10 fixes critical remote code execution vulnerability
The PHP Group released PHP 5.3.10 on Thursday in order to address a critical security flaw that can be exploited to execute arbitrary code on servers...
Fundamental Oracle flaw revealed
A design decision made by Oracle architects long ago may have painted some of Oracle's largest customers into a corner. Patches have arrived, but...
Oracle to issue 78 patches, including 27 for MySQL
Oracle is set on Tuesday to release 78 security fixes for vulnerabilities in its database, middleware and applications, according to a preview...
LibreOffice backers want community to join 'bug hunt'
The organization behind LibreOffice is hoping community members will help it uncover problems with an upcoming release of the open-source office...
Microsoft to start automatic updates of IE without asking the user
Microsoft next year will change its automated update process for the Internet Explorer (IE) Web browser to push out the latest version of the browser...
Unpatched Apache reverse proxy flaw allows access to internal network
A yet-to-be-patched flaw discovered in the Apache HTTP server allows attackers to access protected resources on the internal network if some rewrite...
Google Chrome update addresses high-severity flaw
Google has released an update for Chrome 15 which addresses a high-risk vulnerability. The security issue is the result of an out-of-bounds memory...
Apple secures iTunes update checking to address man-in-the-middle vulnerability
Apple's iTunes 10.5.1 update addresses a weakness in the application's update mechanism that could be exploited to trick users into visiting...
Microsoft issues workaround for Duqu attack while it prepares a patch
Microsoft has published code to temporarily blunt attacks against a software vulnerability exploited by Duqu, an advanced piece of malicious software...
The Connected Enterprise
