#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

download software update | Breaking Cybersecurity News | The Hacker News

Microsoft Issues Emergency Security Updates for Windows 8.1 and Server 2012 R2

Microsoft Issues Emergency Security Updates for Windows 8.1 and Server 2012 R2
Aug 20, 2020
Microsoft has issued an emergency out-of-band software update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 systems to patch two new recently disclosed security vulnerabilities. Tracked as CVE-2020-1530 and CVE-2020-1537 , both flaws reside in the Remote Access Service (RAS) in a way it manages memory and file operations and could let remote attackers gain elevated privileges after successful exploitation. In brief, the Remote Access Service functionality of the Windows operating system allows remote clients to connect to the server and access internal resources from anywhere via the Internet. A patch for both vulnerabilities was first released on August 11 with the batch of August Patch Tuesday updates, but it was for Windows 10, Windows 7, and Windows Server 2008, 2012, 2016, 2019, and Windows Server versions 1903, 1909, and 2004 systems. A week later, yesterday, on August 19, the company announced that Windows 8.1 and Windows Server 2012 R2 systems are vulner

Microsoft Reveals New Innocent Ways Windows Users Can Get Hacked

Microsoft Reveals New Innocent Ways Windows Users Can Get Hacked
Aug 12, 2020
Microsoft earlier today released its August 2020 batch of software security updates for all supported versions of its Windows operating systems and other products. This month's Patch Tuesday updates address a total of 120 newly discovered software vulnerabilities, of which 17 are critical, and the rest are important in severity. In a nutshell, your Windows computer can be hacked if you: Play a video file — thanks to flaws in Microsoft Media Foundation and Windows Codecs Listen to audio — thanks to bugs affecting Windows Media Audio Codec Browser a website — thanks to 'all time buggy' Internet Explorer Edit an HTML page — thanks to an MSHTML Engine flaw Read a PDF — thanks to a loophole in Microsoft Edge PDF Reader Receive an email message — thanks to yet another bug in Microsoft Outlook But don't worry, you don't need to stop using your computer or without Windows OS on it. All you need to do is click on the Start Menu → open Settings → click Security

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future
Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu

Adobe Issues July 2020 Critical Security Patches for Multiple Software

Adobe Issues July 2020 Critical Security Patches for Multiple Software
Jul 14, 2020
Adobe today released software updates to patch a total of 13 new security vulnerabilities affecting 5 of its widely used applications. Out of these 13 vulnerabilities, four have been rated critical, and nine are important in severity. The affected products that received security patches today include: Adobe Creative Cloud Desktop Application Adobe Media Encoder Adobe Genuine Service Adobe ColdFusion Adobe Download Manager Adobe Creative Cloud Desktop Application versions 5.1 and earlier for Windows operating systems contain four vulnerabilities, one of which is a critical symlink issue (CVE-2020-9682) leading to arbitrary file system write attacks. According to the advisory , the other three important flaws in this Adobe software are privilege escalation issues. Adobe Media Encoder contains two critical arbitrary code execution (CVE-2020-9650 and CVE-2020-9646) and one important information disclosure issues, affecting both Windows and macOS users running Media En

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.

Oracle E-Business Suite Flaws Let Hackers Hijack Business Operations

Oracle E-Business Suite Flaws Let Hackers Hijack Business Operations
Jun 16, 2020
If your business operations and security of sensitive data rely on Oracle's E-Business Suite (EBS) , make sure you recently updated and are running the latest available version of the software. In a report released by enterprise cybersecurity firm Onapsis and shared with The Hacker News, the firm today disclosed technical details for vulnerabilities it reported in its integrated group of applications designed to automate CRM, ERP, and SCM operations for organizations. The two vulnerabilities, dubbed " BigDebIT " and rated a CVSS score of 9.9, were patched by Oracle in a critical patch update (CPU) pushed out earlier this January. But the company said an estimated 50 percent of Oracle EBS customers have not deployed the patches to date. The security flaws could be exploited by bad actors to target accounting tools such as General Ledger in a bid to steal sensitive information and commit financial fraud. According to the researchers, "an unauthenticated hacker

Microsoft Issues Patches for 3 Bugs Exploited as Zero-Day in the Wild

Microsoft Issues Patches for 3 Bugs Exploited as Zero-Day in the Wild
Apr 14, 2020
It's April 2020 Patch Tuesday , and during these challenging times of coronavirus pandemic, this month's patch management process would not go easy for many organizations where most of the resources are working remotely. Microsoft today released the latest batch of software security updates for all supported versions of its Windows operating systems and other products that patch a total of 113 new security vulnerabilities, 17 of which are critical and 96 rated important in severity. Patches for 4 Zero-Days Exploited In the Wild Most importantly, two of the security flaws have been reported as being publicly known at the time of release, and the 3 are being actively exploited in the wild by hackers. One of the publicly disclosed flaws, which was also exploited as zero-day, resides in the Adobe Font Manager Library used by Windows, the existence of which Microsoft revealed last month within an early security warning for its millions of users. Tracked as CVE-2020-10

Update Microsoft Windows Systems to Patch 99 New Security Flaws

Update Microsoft Windows Systems to Patch 99 New Security Flaws
Feb 11, 2020
A few hours after Adobe today released security updates for five of its widely-distributed software, Microsoft also issued its February 2020 Patch Tuesday edition with patches for a total of 99 new vulnerabilities. According to the advisories, 12 of the total issues patched by the tech giant this month are critical in severity, and the remaining 87 have been listed as important. Five of the bugs are listed as publicly known at the time of release, four of which are important in severity and one critical ( CVE-2020-0674 ) that is also listed as under active attack. Microsoft warned about this zero-day vulnerability in Internet Explorer (IE) browser last month when it released an advisory without releasing a patch for millions of its affected users. As explained previously, this flaw could allow a remote attacker to execute arbitrary code on targeted computers and take full control over them just by convincing victims into opening a maliciously crafted web page on the vulner

Adobe Releases Patches for Dozens of Critical Flaws in 5 Software

Adobe Releases Patches for Dozens of Critical Flaws in 5 Software
Feb 11, 2020
Here comes the second 'Patch Tuesday' of this year. Adobe today released the latest security updates for five of its widely used software that patch a total of 42 newly discovered vulnerabilities, 35 of which are critical in severity. The first four of the total five affected software, all listed below, are vulnerable to at least one critical arbitrary code execution vulnerability that could allow attackers to take full control of vulnerable systems. Adobe Framemaker Adobe Acrobat and Reader Adobe Flash Player Adobe Digital Edition Adobe Experience Manager In brief, Adobe Framemaker for Windows, an advanced document processing software, contains 21 flaws, and all of them are critical buffer error, heap overflow, memory corruption, and out-of-bounds write issues, leading to code execution attacks. Adobe Acrobat and Reader for Windows and macOS also contain 12 similar critical code execution vulnerabilities, along with 3 other important information disclosure

Update Windows 10 Immediately to Patch a Flaw Discovered by the NSA

Update Windows 10 Immediately to Patch a Flaw Discovered by the NSA
Jan 14, 2020
After Adobe today releases its first Patch Tuesday updates for 2020, Microsoft has now also published its January security advisories warning billions of users of 49 new vulnerabilities in its various products. What's so special about the latest Patch Tuesday is that one of the updates fixes a serious flaw in the core cryptographic component of widely used Windows 10, Server 2016 and 2019 editions that was discovered and reported to the company by the National Security Agency (NSA) of the United States. What's more interesting is that this is the first security flaw in Windows OS that the NSA reported responsibly to Microsoft, unlike the  Eternalblue SMB flaw that the agency kept secret for at least five years and then was leaked to the public by a mysterious group, which caused WannaCry menace in 2017. CVE-2020-0601: Windows CryptoAPI Spoofing Vulnerability According to an advisory released by Microsoft, the flaw, dubbed ' NSACrypt ' and tracked as CVE-20

Adobe Releases Patches for 'Likely Exploitable' Critical Vulnerabilities

Adobe Releases Patches for 'Likely Exploitable' Critical Vulnerabilities
Dec 10, 2019
The last Patch Tuesday of 2019 is finally here. Adobe today released updates for four of its widely used software—including Adobe Acrobat and Reader, Photoshop CC, ColdFusion, and Brackets—to patch a total of 25 new security vulnerabilities. Seventeen of these flaws have been rated as critical in severity, with most of them carrying high priority patches, indicating that the vulnerabilities are more likely to be used in real-world attacks, but there are currently no known exploits in the wild. The software update for Adobe Acrobat and Reader for Windows and macOS operating systems addresses a total of 21 security vulnerabilities, 14 of which are critical, and rest are important in severity. Upon successful exploitation, all critical vulnerabilities in Adobe Acrobat and Reader software lead to arbitrary code execution attacks, allowing attackers to take complete control of targeted systems. Adobe Photoshop CC for Windows and macOS contains patches for two critical arbitrary

Adobe Releases Out-of-Band Security Patches for 82 Flaws in Various Products

Adobe Releases Out-of-Band Security Patches for 82 Flaws in Various Products
Oct 15, 2019
No, it's not a patch Tuesday. It's the third Tuesday of the month, and as The Hacker News shared an early heads-up late last week on Twitter, Adobe today finally released pre-announced out-of-band security updates to patch a total of 82 security vulnerabilities across its various products. The affected products that received security patches today include: Adobe Acrobat and Reader Adobe Experience Manager Adobe Experience Manager Forms Adobe Download Manager Out of 82 security vulnerabilities, 45 are rated critical, and all of them affect Adobe Acrobat and Reader and which, if exploited successfully, could lead to arbitrary code execution in the context of the current user. A majority of critical-rated vulnerabilities (i.e., 26) in Adobe Acrobat and Reader reside due to use-after-free, 6 due to out-of-bounds write, 4 are type confusion bugs, 4 due to untrusted pointer dereference, 3 are heap overflow bugs, one buffer overrun and one race condition issue. Ad

Microsoft Releases October 2019 Patch Tuesday Updates

Microsoft Releases October 2019 Patch Tuesday Updates
Oct 08, 2019
Microsoft today rolling out its October 2019 Patch Tuesday security updates to fix a total of 59 vulnerabilities in Windows operating systems and related software, 9 of which are rated as critical, 49 are important, and one is moderate in severity. What's good about this month's patch update is that after a very long time, none of the security vulnerabilities patched by the tech giant this month is being listed as publicly known or under active attack. Moreover, there is no roll-up patch for Adobe Flash Player bundled in Windows update for this month. Besides this, Microsoft has also put up a notice as a reminder for Windows 7 and Windows Server 2008 R2 users, warning them that the extended support for these two operating systems is about to end in the next two months and that they will no longer receive updates as of January 14, 2020. Two of the critical vulnerabilities patched this month are remote code execution flaws in the VBScript engine, and both exist in the way VBS

Microsoft Releases July 2019 Security Updates, 2 Flaws Under Active Attack

Microsoft Releases July 2019 Security Updates, 2 Flaws Under Active Attack
Jul 09, 2019
Microsoft today released its monthly batch of software security updates for the July month to patch a total of 77 vulnerabilities, 14 are rated Critical, 62 are Important, and 1 is rated Moderate in severity. The July 2019 security updates include patches for various supported versions of Windows operating systems and other Microsoft products, including Internet Explorer, Edge, Office, Azure DevOps, Open Source Software, .NET Framework, Azure, SQL Server, ASP.NET, Visual Studio, and Exchange Server. Details of 6 security vulnerabilities, all rated important, were made public before a patch was released, none of which were found being exploited in the wild. However, two new privilege escalation vulnerabilities, one affects all supported versions of the Windows operating system, and the other affects Windows 7 and Server 2008, have been reported as being actively exploited in the wild. Both actively exploited vulnerabilities lead to elevation of privilege, one (CVE-2019-1132)

Adobe Releases Critical Patches for Flash, Acrobat Reader, and Media Encoder

Adobe Releases Critical Patches for Flash, Acrobat Reader, and Media Encoder
May 14, 2019
Adobe today released its monthly software updates to patch a total of 87 security vulnerabilities in its Adobe Acrobat and Reader, Flash Player and Media Encoder, most of which could lead to arbitrary code execution attacks or worse. None of the flaws patched this month in Adobe products has been found exploited in the wild. Out of 87 total flaws, a whopping number of vulnerabilities (i.e., 84 in total) affect Adobe Acrobat and Reader applications alone, where 42 of them are critical and rest 42 are important in severity. Upon successful exploitation, all critical vulnerabilities in Adobe Acrobat and Reader software lead to arbitrary code execution, allowing attackers to take complete control over targeted systems. Adobe has released updated versions of Acrobat and Reader software for Windows and macOS operating systems to address these security vulnerabilities. The update for Adobe Flash Player , which will receive security patch updates until the end of 2020, comes this

Latest iOS 12.2 Update Patches Some Serious Security Vulnerabilities

Latest iOS 12.2 Update Patches Some Serious Security Vulnerabilities
Mar 26, 2019
Apple on Monday released iOS 12.2 to patch a total of 51 security vulnerabilities in its mobile operating system that affects iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. A majority of vulnerabilities Apple patched this month reside in its web rendering engine WebKit, which is used by many apps and web browsers running on the Apple's operating system. According to the advisory , just opening a maliciously crafted web content using any vulnerable WebKit-based application could allow remote attackers to execute arbitrary code, disclose sensitive user information, bypass sandbox restrictions, or launch universal cross-site scripting attacks on the device. Among the WebKit vulnerabilities include a consistency issue (CVE-2019-6222) that allows malicious websites to potentially access an iOS device microphone without the "microphone-in-use" indicator being shown. A similar vulnerability (CVE-2019-8566) has been patched in Apple's Replay

Microsoft Patch Tuesday — February 2019 Update Fixes 77 Flaws

Microsoft Patch Tuesday — February 2019 Update Fixes 77 Flaws
Feb 12, 2019
Microsoft has issued its second Patch Tuesday for this year to address a total of 77 CVE-listed security vulnerabilities in its Windows operating systems and other products, 20 of which are rated critical, 54 important and 3 moderate in severity. February security update addresses flaws in Adobe Flash Player, Internet Explorer, Edge, Windows, MS Office, and Office Services and Web Apps, ChakraCore, .NET Framework, Exchange Server, Visual Studio, Azure IoT SDK, Dynamics, Team Foundation Server, and Visual Studio Code. Four of the security vulnerabilities patched by the tech giant this month have been reported as being publicly known at the time of release, and one is being actively exploited in the wild. The vulnerability actively being exploited in the wild is rated as important and resides in the way Internet Explorer handles objects in the memory. An attacker can trick victims into landing on a specially crafted website and exploit this vulnerability, identified as CVE-201

Microsoft Issues Patch for Windows Zero-Day Flaw Under Active Attack

Microsoft Issues Patch for Windows Zero-Day Flaw Under Active Attack
Dec 12, 2018
Microsoft today, on its year-end December Patch Tuesday, released security updates to patch a total 39 vulnerabilities its Windows operating systems and applications—10 of which are rated as critical and other important in severity. One of the security vulnerabilities patched by the tech giant this month is listed as publicly known at the time of release, and one is a zero-day reported as being actively exploited in the wild by multiple hacking groups, including FruityArmor and SandCat APTs. Discovered and reported by security researchers at Kaspersky, the zero-day attack exploits an elevation-of-privilege (EoP) bug in the Windows Kernel (ntoskrnl.exe) that could allow malicious programs to execute arbitrary code with higher privileges on the targeted systems. The vulnerability, tracked as CVE-2018-8611  and classified important in severity, resides in the Kernel Transaction Manager, which occurs due to improper processing of transacted file operations in kernel mode. The flaw

Adobe releases important security patches for its 4 popular software

Adobe releases important security patches for its 4 popular software
Aug 14, 2018
Adobe has released August 2018 security patch updates for a total of 11 vulnerabilities in its products, two of which are rated as critical that affect Adobe Acrobat and Reader software. The vulnerabilities addressed in this month updates affect Adobe Flash Player, Creative Cloud Desktop Application, Adobe Experience Manager, Adobe Acrobat and Reader applications. None of the security vulnerabilities patched this month were either publicly disclosed or found being actively exploited in the wild. Adobe Acrobat and Reader (Windows and macOS) Security researchers from Trend Micro's Zero Day Initiative and Cybellum Technologies have discovered and reported two critical arbitrary code execution vulnerabilities respectively in Acrobat DC and Acrobat Reader DC for Windows and macOS. According to the Adobe advisory, the flaw (CVE-2018-12808) reported by Cybellum Technologies is an out-of-bounds write flaw, whereas the bug (CVE-2018-12799) reported by Zero Day Initiative is an
Cybersecurity Resources