#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Security patch Update | Breaking Cybersecurity News | The Hacker News

Category — Security patch Update
Critical Print Spooler Bug allows Attackers to Hack any version of Microsoft Windows

Critical Print Spooler Bug allows Attackers to Hack any version of Microsoft Windows

Jul 13, 2016
Microsoft's July Patch Tuesday offers 11 security bulletins with six rated critical resolving almost 50 security holes in its software. The company has patched a security flaw in the Windows Print Spooler service that affects all supported versions of Windows ever released, which if exploited could allow an attacker to take over a device via a simple mechanism. The "critical" flaw ( CVE-2016-3238 ) actually resides in the way Windows handles printer driver installations as well as the way end users connect to printers. The flaw could allow an attacker to install malware remotely on victim machine that can be used to view, modify or delete data, or create new accounts with full user rights; Microsoft said in MS16-087 bulletin posted Tuesday. Users who are logged in with fewer user rights on the system are less impacted than users who operate with administrative user rights, such as some home accounts and server users. Microsoft said the critical flaw could
All Versions of Windows affected by Critical Security Vulnerability

All Versions of Windows affected by Critical Security Vulnerability

Feb 10, 2016
Microsoft has released 13 security bulletins, six of which are considered to be critical, resolving a total of 41 security vulnerabilities in its software this month. Every Windows version Affected: One of the critical vulnerabilities affects all supported version of Windows , including Microsoft's newest Windows 10 operating system, as well as Windows Server 2016 Tech Preview 4. The memory-corruption flaw ( MS16-013 ) could allow a remote attacker to execute arbitrary code as the logged-in user by tricking a user into opening a specially crafted Journal file. This vulnerability would let the attacker run malicious programs on victim's machine, even delete data and create new accounts with full user rights. Administrator accounts are at the greatest risk than users with a fewer user rights account on the system. However, the good news is the vulnerability has not been spotted in the wild. List of All Critical Vulnerabilities Other Critical Secur
How to Get Going with CTEM When You Don't Know Where to Start

How to Get Going with CTEM When You Don't Know Where to Start

Oct 04, 2024Vulnerability Management / Security Posture
Continuous Threat Exposure Management (CTEM) is a strategic framework that helps organizations continuously assess and manage cyber risk. It breaks down the complex task of managing security threats into five distinct stages: Scoping, Discovery, Prioritization, Validation, and Mobilization. Each of these stages plays a crucial role in identifying, addressing, and mitigating vulnerabilities - before they can be exploited by attackers.  On paper, CTEM sounds great . But where the rubber meets the road – especially for CTEM neophytes - implementing CTEM can seem overwhelming. The process of putting CTEM principles into practice can look prohibitively complex at first. However, with the right tools and a clear understanding of each stage, CTEM can be an effective method for strengthening your organization's security posture.  That's why I've put together a step-by-step guide on which tools to use for which stage. Want to learn more? Read on… Stage 1: Scoping  When you're defin
Oracle Issues Emergency Java Update for Windows

Oracle Issues Emergency Java Update for Windows

Feb 08, 2016
The US-based software maker Oracle delivered an unusual out-of-box emergency patch for Java in an effort to fix a during-installation flaw on the Windows platforms. The successful exploitation of the critical vulnerability, assigned CVE-2016-0603 , could allow an attacker to trick an unsuspecting user into visiting a malicious website and downloading files to the victim's system before installing Java 6, 7 or 8. Although the vulnerability is considered relatively complex to exploit, a successful attack results in " complete compromise " of the target's machine. What You Need to Know About the Java Exploit The successful attack requires an attacker to trick a suitably unskilled user for opening a Java release even though the user is nowhere near the Java Website. Since the existence of the loophole is only during the installation process, users are not required to upgrade their existing Java installations in order to address the vulnerability.
cyber security

The State of SaaS Security 2024 Report

websiteAppOmniSaaS Security / Data Security
Learn the latest SaaS security trends and discover how to boost your cyber resilience. Get your free…
Google Patches Critical Remotely-exploitable Flaws in Latest Android Update

Google Patches Critical Remotely-exploitable Flaws in Latest Android Update

Feb 02, 2016
Google has released the February Security Update for Android that patches multiple security vulnerabilities discovered in the latest version of Android operating system. In total, there were five "critical" security vulnerabilities fixed in the release along with four "high" severity and one merely "moderate" issues. Remote Code Execution Flaw in WiFi A set of two critical vulnerabilities has been found in the Broadcom WiFi driver that could be exploited by attackers to perform Remote Code Execution (RCE) on affected Android devices when connected to the same network as the attacker. The vulnerabilities (CVE-2016-0801 and CVE-2016-0802) can be exploited by sending specially crafted wireless control message packets that can corrupt kernel memory, potentially leading to remote code execution at the kernel level. "These vulnerabilities can be triggered when the attacker and the victim are associated with the same network," read
Critical Flaws in Magento leave Millions of E-Commerce Sites at Risk

Critical Flaws in Magento leave Millions of E-Commerce Sites at Risk

Jan 27, 2016
If you are using Magento to run your e-commerce website, it's time for you to update the CMS ( content management system ) now. Millions of online merchants are at risk of hijacking attacks due to a number of critical cross-site scripting (XSS) vulnerabilities in the Magento, the most popular e-commerce platform owned by eBay. Why the Bugs are So Serious? Virtually all versions of Magento Community Edition 1.9.2.2 and earlier as well as Enterprise Edition 1.14.2.2 and earlier, are vulnerable to the Stored Cross-Site Scripting (XSS) flaws. The stored XSS flaws are awful as they allow attackers to: Effectively take over a Magento-based online store Escalate user privileges Siphon customers' data Steal credit card information Control the website via administrator accounts However, the good news is that the vulnerabilities are patched, and an update has been made available to the public after security firm Sucuri discovered and privately reported the v
From Today Onwards, Don't You Even Dare to Use Microsoft Internet Explorer

From Today Onwards, Don't You Even Dare to Use Microsoft Internet Explorer

Jan 12, 2016
Yes, from today, Microsoft is ending the support for versions 8, 9 and 10 of its home-built browser Internet Explorer, thereby encouraging Windows users to switch on to Internet Explorer version 11 or its newest Edge browser . Microsoft is going to release one last patch update for IE8, IE9 and IE10 today, but this time along with an " End of Life " notice, meaning Microsoft will no longer support the older versions. So, if you want to receive continuous updates for your web browser and avoid being exposed to potential security risks after 12 January, you are advised to upgrade your browser to Internet Explorer 11, or its new Edge browser. End of Life of Internet Explorer 8, 9 and 10  "Internet Explorer 11 is the last version of Internet Explorer, and will continue to receive security updates, compatibility fixes, and technical support on Windows 7, Windows 8.1, and Windows 10," Microsoft says . This move could be part of Microsoft's bigger
Patch now! Adobe releases Emergency Security Updates for Flash Player

Patch now! Adobe releases Emergency Security Updates for Flash Player

Dec 29, 2016
The Adobe Flash Player just said goodbye to the year with another bunch of vulnerability patches. Adobe released an out-of-band security update on Monday to address Nineteen ( 19 ) vulnerabilities in its Flash Player, including one ( CVE-2015-8651 ) that is being exploited in the wild. All the programming loopholes could be abused to execute malicious code (here malicious Flash file on a web page) on victims' computers in order to hijack an unpatched PC or Mac entirely. So, if you are running the Flash Player plugin on Windows, Mac OS X, Linux, or Chrome OS, it is time for you to upgrade your system as soon as possible before criminals start taking advantage of the bugs. Here're the details of the Flash's 19 security vulnerabilities patched in the emergency APSB16-01 update posted Monday afternoon: A Type Confusion Vulnerability that could lead to arbitrary code execution ( CVE-2015-8644 ) An Integer Overflow Vulnerability that also leads to code e
Oracle Ordered to Publicly Admit Misleading Java Security Updates

Oracle Ordered to Publicly Admit Misleading Java Security Updates

Dec 22, 2015
Security issues have long tantalized over 850 Million users that have Oracle's Java software installed on their computers. The worst thing is that the software was not fully updated or secure for years, exposing millions of PCs to attack. And for this reason, Oracle is now paying the price. Oracle has been accused by the US government of misleading consumers about the security of its Java software. Oracle is settling with the Federal Trade Commission (FTC) over charges that it " deceived " its customers by failing to warn them about the security upgrades. Java is a software that comes pre-installed on many computers and helps them run web applications, including online calculators, chatrooms, games, and even 3D image viewing. Oracle Left Over 850 Million PCs at Risk The FTC has issued a press release that says it has won concessions in a settlement with Oracle over its failure to uninstall older and insecure Java SE software from customer PCs u
Patch Report: All Versions of Windows affected by Critical Vulnerability

Patch Report: All Versions of Windows affected by Critical Vulnerability

Oct 14, 2015
Microsoft has rolled out six security updates this Patch Tuesday , out of which three are considered to be " critical, " while the rest are marked as " important. " Bulletin MS15-106 is considered to be critical for Internet Explorer (IE) and affects absolutely all versions of Windows operating system. The update addresses a flaw in the way IE handles objects in memory. The flaw could be exploited to gain access to an affected system, allowing hackers to gain the same access rights as the logged-in user. A hacker could " take advantage of compromised websites, and websites that accept or host user-provided content or advertisements ," the advisory states. " These websites could contain specially crafted content that could exploit the vulnerabilities. " Therefore, the dependency here is that an IE user must knowingly click on the malicious link, which then be leveraged by an attacker to get the full control over a computer t
Google releases Security Patch for Android Stagefright 2.0 Vulnerability

Google releases Security Patch for Android Stagefright 2.0 Vulnerability

Oct 06, 2015
Google reportedly fixed the latest round of Stagefright vulnerabilities in Android, pushing its latest over-the-air (OTA) update to Nexus devices. Last week, researchers warned of Stagefright 2.0 vulnerability that affected more than one Billion Android devices dating back to the latest versions of the Android operating system. The Stagefright bugs allowed hackers to take control of affected Android devices by sending a malicious audio or video file. In April, Zimperium researchers disclosed the first Stagefright vulnerability that allowed hackers to hijack any Android smartphones with just a simple text message ( exploit code ). As promised, Google on Monday pushed a patch that fixes the holes in Stagefright media playback engine used by Android to process, record and play multimedia files such as PDFs. The patch fixes 30 vulnerabilities in total, which includes: 14 critical vulnerabilities in Stagefright library 5 Remote Code Execution bugs 8 Eleva
Apple iOS 9.0.2 Update Patches Lock Screen Bypass Exploit

Apple iOS 9.0.2 Update Patches Lock Screen Bypass Exploit

Oct 01, 2015
Apple has rolled out the second minor iteration of its newest mobile operating system iOS 9, which fixes the iOS lockscreen vulnerability . The widely publicized LockScreen bug allowed anyone with physical access to your iOS device running iOS 9.0 or  iOS 9.0.1 to access all the contacts and photos without unlocking the device. Just one week after the last update iOS 9.0.1, Apple rolled out iOS 9.0.2 update that fixes: iMessage activation problems An issue with mobile data settings An issue with iCloud Backup An issue where the screen incorrectly rotates when receiving notifications Improves the stability of Podcasts According to an update on Apple's support website, the iOS lockscreen issue was the only security bug fixed in the latest iOS 9.0.2 release. Last week, iPhone user Jose Rodriguez published a " dead simple " method to bypass lock screen of the devices running iOS 9 and iOS 9.0.1. Using the benevolent nature of Apple's
Microsoft Releases 12 Security Updates (5 Critical and 7 Important Patches)

Microsoft Releases 12 Security Updates (5 Critical and 7 Important Patches)

Sep 09, 2015
With the release of 12 Security Bulletins , Microsoft addresses a total of 56 vulnerabilities in its different products. The bulletins include five critical updates, out of which two address vulnerabilities in all versions of Windows. The September Patch Tuesday update (released on second Tuesday of each month) makes a total of 105 Security Bulletins being released this year; which is more than the previous year with still three months remaining for the current year to end. The reason for the increase in the total number of security bulletins within such less time might be because of Windows 10 release and its installation reaching to a score of 100 million. Starting from MS15-094 to   MS15-105 ( 12 security bulletins ) Microsoft rates the severity of the vulnerabilities and their impact on the affected software. Bulletins MS15-094 and MS15-095 are the cumulative updates, meaning these are product-specific fixes for security related vulnerabilities that are rated
Incomplete 'Stagefright' Security Patch Leaves Android Vulnerable to Text Hack

Incomplete 'Stagefright' Security Patch Leaves Android Vulnerable to Text Hack

Aug 14, 2015
Wanna hack someone's Android smartphone by sending just an MMS message? Yes, you can, because Google's patch for the Stagefright vulnerability in hundreds of Millions of Android devices is BUGGY. Last week, Google issued an official patch for Stagefright vulnerability that affects 95 percent of Android devices running version 2.2 to version 5.1 of the operating system, an estimated 950 Million Android devices in use worldwide. But, the patch is so flawed that hackers can still exploit the Stagefright vulnerability (CVE-2015-3824) anyways. "The [original] patch is four lines of code and was (presumably) reviewed by Google engineers prior to shipping," researchers at Exodus Intelligence wrote in a blog post published Thursday. "The public at large believes the current patch protects them when it, in fact, does not." Buggy Patch Issued by Google The patch doesn't fix the vulnerability, allowing booby-trapped MP4 videos that supplied
Microsoft issues Security Patches for Windows 10 and Edge Browser

Microsoft issues Security Patches for Windows 10 and Edge Browser

Aug 12, 2015
Updated your PCs to Windows 10 ? Now it's time to patch your Windows 10 software. Microsoft has issued its monthly Patch Tuesday by releasing 14 security bulletins , nearly half of it address vulnerabilities in its latest operating system, Windows 10. Four of them are marked critical, affecting Windows, .Net Framework, Microsoft Office, Microsoft Lync, Internet Explorer, Microsoft Silverlight and Edge Browser . Yes, the critical update includes even Edge browser – Microsoft's newest and supposedly super-secure web browser. Windows users are advised to patch their system as soon as possible because the security flaws can be remotely exploited to execute malicious code on vulnerable systems, allowing hackers to install malware and take full control of systems. Most Critical Security Updates: MS15-079 – The critical update fixes a total of 10 privately disclosed flaws in Internet Explorer. Most of these flaws allow a hacker to execute malicious code on v
Apple Releases dozens of Security Updates to Fix OS X and iOS Flaws

Apple Releases dozens of Security Updates to Fix OS X and iOS Flaws

Jul 02, 2015
Apple has released updates to patch dozens of security vulnerabilities in iOS and OS X Yosemite operating system. The updates include iOS 8.4 version of the mobile operating system, OS X Yosemite 10.10.4 and Security Update 2015-005. iOS 8.4 Update The iOS 8.4  update includes patches for over 20 security vulnerabilities that could lead to remote code execution (RCE) , application termination, the intercepted encrypted traffic, man-in-the-middle attacks and other problem. Certificate trust policy issues, buffer overflow vulnerabilities, apache compatibility issues, memory corruption flaws, and a host of WebKit, kernel, and CoreText vulnerabilities were also patched in the latest iOS update. OS X Yosemite 10.10.4 update The OS X Yosemite 10.10.4 update includes patches for QuickTime, ImageIO, and OpenSSL along with Remote Code Execution (RCE) flaws and other issues that may allow attackers to gain elevated privileges or crash applications. The Safari 8.
Microsoft, Adobe and Mozilla issue Critical Security Patch Updates

Microsoft, Adobe and Mozilla issue Critical Security Patch Updates

May 13, 2015
This week you have quite a long list of updates to follow from Microsoft, Adobe as well as Firefox. Despite announcing plans to kill its monthly patch notification for Windows 10, the tech giant has issued its May 2015 Patch Tuesday , releasing 13 security bulletins that addresses a total of 48 security vulnerabilities in many of their products. Separately, Adobe has also pushed a massive security update to fix a total of 52 vulnerabilities in its Flash Player, Reader, AIR and Acrobat software. Moreover, Mozilla has fixed 13 security flaws in its latest stable release of Firefox web browser, Firefox 38, including five critical flaws. First from the Microsoft's side: MICROSOFT PATCH TUESDAY Three out of 13 security bulletins issued by the company are rated as 'critical', while the rest are 'important' in severity, with none of these vulnerabilities are actively exploited at this time. The affected products include Internet Explorer (IE),
Drupal Patches Critical Password-Reset Vulnerability

Drupal Patches Critical Password-Reset Vulnerability

Mar 20, 2015
Drupal , one of the widely used open source content management system is recommending its users to update their software to the latest versions 6.35 and 7.35 after the company discovered two moderately critical vulnerabilities that may allow an attacker to hack Drupal websites. According to a security advisory published yesterday, a flaw found in the Drupal core could allow a potential hacker under certain circumstances to bypass security restrictions by forging the password reset URLs. ACCESS BYPASS / PASSWORD RESET URLs VULNERABILITY Successful exploitation of this Access Bypass vulnerability could leverage the hacker to gain unauthorized access to user accounts without knowing their password. This vulnerability is considered as moderately critical in which an attacker can remotely trick a registered user of Drupal based website, such as an administrator, into launching a maliciously crafted URL in an attempt to take control of the target server. AFFECTED DRUPA
Apple Releases iOS 8.1.3

Apple Releases iOS 8.1.3

Jan 27, 2015
Apple has rolled out iOS 8.1.3 for iPhone, iPod touch and iPad devices, after weeks of extensive testing. The iOS 8.1.3 update contains bug fixes, stability enhancements and performance improvements. Among the new features, it reduces the amount of storage space required to perform a software update. The update can be downloaded by going to Settings > General > Software Update . The download size of iOS 8.1.3 is 246MB . Apple users with 8GB and 16GB devices will definitely appreciate the reduced storage requirements for updating to iOS 8. In addition to bug fixes, iOS 8.1.3 also includes a number of security improvements which can be viewed in detail on Apple's security page for the update. Apple is also preparing to release OS X Yosemite 10.10.2 beta update , which contains a patch for the Thunderstrike vulnerability that allows malware to be injected into Macs via the Thunderbolt port.
Apple OS X Yosemite 10.10.2 Update to Patch years-old Thunderstrike vulnerability

Apple OS X Yosemite 10.10.2 Update to Patch years-old Thunderstrike vulnerability

Jan 27, 2015
Apple is preparing to release the second update to OS X Yosemite in the coming days to its customers. The upcoming beta update OS X Yosemite 10.10.2 contains a patch for the Thunderstrike vulnerability that allows malware to be injected into Macs via the Thunderbolt port. Earlier this month, Reverse engineer Trammell Hudson revealed technical details and proof-of-concept of Thunderstrike attack . Thunderstrike, an undetectable bootkit, works by injecting an Option ROM into a Mac's EFI. It is possible because hardware attached to a system through Thunderbolt port are not as secure as a Mac itself. Once installed using Thunderstrike attack, the malware would be almost impossible to detect and remove. Because the firmware used on Macs doesn't always apply to the security of attached hardware. So "Apple had to change the code to not only prevent the Mac's boot ROM from being replaced, but also to prevent it from being rolled back to a state where the at
Expert Insights / Articles Videos
Cybersecurity Resources