#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cloud Security

download update | Breaking Cybersecurity News | The Hacker News

Adobe Releases Security Patches For Critical Flash Player Vulnerabilities

Adobe Releases Security Patches For Critical Flash Player Vulnerabilities

Sep 10, 2019
It's Patch Tuesday again—the day of the month when both Adobe and Microsoft release security patches for vulnerabilities in their software. Adobe has just released its monthly security updates to address a total of 3 security vulnerabilities in only two of its products this time—Adobe Flash Player and Adobe Application Manager (AAM). None of the security vulnerabilities patched this month in Adobe products is being exploited in the wild. The latest update for Adobe Flash Player , the software that will receive security patch updates until the end of 2020, this month addresses two critical vulnerabilities and affects Windows, macOS, Linux, and Chrome OS versions of the software. Both the critical vulnerabilities in Flash Player, listed below, lead to arbitrary code execution in the context of the current user, allowing attackers to take complete control over targeted systems. Same-origin method execution (CVE-2019-8069) Use-after-free (CVE-2019-8070) Both the vuln
Microsoft June 2018 Patch Tuesday Pushes 11 Critical Security Updates

Microsoft June 2018 Patch Tuesday Pushes 11 Critical Security Updates

Jun 12, 2018
It's time to gear up for the latest June 2018 Microsoft security patch updates. Microsoft today released security patch updates for more than 50 vulnerabilities, affecting Windows, Internet Explorer, Edge, MS Office, MS Office Exchange Server, ChakraCore, and Adobe Flash Player—11 of which are rated critical and 39 as important in severity. Only one of these vulnerabilities, a remote code execution flaw ( CVE-2018-8267 ) in the scripting engine, is listed as being publicly known at the time of release. However, none of the flaws are listed as under active attack. Discovered by security researcher Dmitri Kaslov, the publicly known vulnerability is a remote memory-corruption issue affecting Microsoft Internet Explorer. The flaw exists within the IE rendering engine and triggers when it fails to properly handle the error objects, allowing an attacker to execute arbitrary code in the context of the currently logged-in user. Microsoft has also addressed an important vulnera
Timing is Everything: The Role of Just-in-Time Privileged Access in Security Evolution

Timing is Everything: The Role of Just-in-Time Privileged Access in Security Evolution

Apr 15, 2024Active Directory / Attack Surface
To minimize the risk of privilege misuse, a trend in the privileged access management (PAM) solution market involves implementing just-in-time (JIT) privileged access. This approach to  privileged identity management  aims to mitigate the risks associated with prolonged high-level access by granting privileges temporarily and only when necessary, rather than providing users with continuous high-level privileges. By adopting this strategy, organizations can enhance security, minimize the window of opportunity for potential attackers and ensure that users access privileged resources only when necessary.  What is JIT and why is it important?   JIT privileged access provisioning  involves granting privileged access to users on a temporary basis, aligning with the concept of least privilege. This principle provides users with only the minimum level of access required to perform their tasks, and only for the amount of time required to do so. One of the key advantages of JIT provisioning
Microsoft Releases 4 Security Updates — Smallest Patch Tuesday Ever!

Microsoft Releases 4 Security Updates — Smallest Patch Tuesday Ever!

Jan 11, 2017
In Brief Microsoft has issued its first Patch Tuesday for 2017 , and it's one of the smallest ever monthly patch releases for the company, with only four security updates to address vulnerabilities in its Windows operating system as well as Adobe Flash Player. Meanwhile, Adobe has also released patches for more than three dozen security vulnerabilities in its Flash Player and Acrobat/Reader for Windows, MacOS, and Linux desktops. According to the Microsoft Advisory, only one security bulletin is rated critical, while other three are important. The bulletins address security vulnerabilities in Microsoft's Windows, Windows Server, Office, Edge and Flash Player. The only security bulletin rated as critical is the one dedicated to Adobe Flash Player, for which Microsoft distributed security patches through Windows Update. Other security bulletins that addresses flaws in Microsoft products are as follows: Bulletin 1 — MS17-001 This security update resolves just one v
cyber security

WATCH: The SaaS Security Challenge in 90 Seconds

websiteAdaptive ShieldSaaS Security / Cyber Threat
Discover how you can overcome the SaaS security challenge by securing your entire SaaS stack with SSPM.
Firefox 31 — Mozilla Releases Security Updates to Tighten Browser Security

Firefox 31 — Mozilla Releases Security Updates to Tighten Browser Security

Jul 23, 2014
Mozilla has officially released its latest build Firefox 31 for all supported platforms, addressing 11 vulnerabilities in total, three of which are marked critical that could have been exploited by hackers to mount remote code execution attacks. Mozilla Firefox recommends its users to install the security update as soon as possible, warning that the three critical vulnerabilities discovered in its browser could be exploited by attackers and leverage them to " run attacker code and install software, requiring no user interaction beyond normal browsing ". CRITICAL VULNERABILITIES The three major vulnerabilities are as follows: MFSA 2014-62 - This is one of the three critical vulnerabilities reported by Patrick Cozzi and get fixed in the newer version of the browser. The vulnerability allows the exploitation of a WebGL crash with Cesium JavaScript library. Much details about the flaw are not known at the time, but Mozilla notes that the flaw cannot be exploi
Update Your Java to Patch 20 Vulnerabilities Or Just Disable it

Update Your Java to Patch 20 Vulnerabilities Or Just Disable it

Jul 16, 2014
Today, Oracle has released its quarterly Critical Patch Update (CPU) for the month of July, as part of its monthly security bulletin, in which it fixes a total of 113 new security vulnerabilities for hundreds of the company's products. The security update for Oracle's popular browser plug-in Java addresses 20 vulnerabilities in the software, all of which are remotely exploitable without authentication, that means an attacker wouldn't need a username and password to exploit them over a network. MOST CRITICAL ONE TO PATCH FIRST Oracle uses the Common Vulnerability Scoring System (CVSS) to provide an open and standardized rating of the security holes it finds in its products. One or more of the Java vulnerabilities received the most "critical" rating according to Oracle's Common Vulnerability Scoring System (CVSS), i.e. base score of 10 or near. Although, numerous other Oracle products and software components addressed in the latest security updates, which address
Learn How to Hide WhatsApp 'Last seen at' Time and Profile Picture from Other Users

Learn How to Hide WhatsApp 'Last seen at' Time and Profile Picture from Other Users

Feb 22, 2014
WhatsApp for Android added most awaited privacy option for all who do not want to display information about when they last used the app. This is the first impressive update of the  WhatsApp after acquisition by Facebook , who   has paid a lot of money in cash and stock to acquire it. The Popular Smartphone messaging application  WhatsApp version 2.11.169 will provide you more ability and control over privacy options i.e. Hiding ' last seen at ' time, Profile picture, status updates from others, which are currently visible for all WhatsApp users. Currently, these options are set to  'everyone'  by default, that allows any WhatsApp user to find out exactly when you used WhatsApp for the last time, also reveals your image and Status message. Most of the times we don't want it to be shown to anyone or to non-contact users. How to hide WhatsApp 'last seen at' time and Profile Picture? WhatsApp now allows you to Modify your Privacy settings in three wa
Microsoft February Patch Tuesday : Two critical and Three Important Security Updates

Microsoft February Patch Tuesday : Two critical and Three Important Security Updates

Feb 07, 2014
Today Microsoft has released Security Bulletin Advanced Notification for February 2014 Patch Tuesday. The notification dictates five bulletins out of which two have critical Remote Code Execution and rest are important in aspect to severity of security flaw. A Remote Code Execution vulnerability has been found in Security software of Microsoft i.e. Forefront Protection 2010 for Exchange Server, but this time there will be no new bulletins for Internet Explorer. Not only this, users of Windows 7, Windows Server 2008 R2, Windows 8 and Windows 8.1, Windows Server 2012 and Windows Server 2012 R2, Windows RT and Windows RT 8.1 are also advised to patch their systems in order to protect themselves from being a victim of malicious code which is exploiting Remote code execution vulnerability. Except the remote code execution, Microsoft is going to release patches for privilege escalation, information disclosure, and denial of service security flaws in Windows operating syste
Cybersecurity Resources