HP Patches High-Risk Vulnerability in Business Printers

HP released security firmware updates this week for dozens of printers, including enterprise models, to fix a high-risk vulnerability that could allow attackers to compromise the devices. The vulnerability, tracked as CVE-2017-2750, stems from a failure to properly validate DLL signatures and can be exploited to execute arbitrary code on the operating system of 54..
Read more

Intel Warns of Serious Processor Flaws

Intel has released firmware updates for many of its processors to fix eight high-risk flaws that can put systems at risk of complete compromise. The flaws are located in low-level technologies found in the Intel Management Engine (ME), the Intel Trusted Execution Engine (TXE) and the Intel Server Platform Services (SPS). By exploiting the vulnerabilities,..
Read more

What Is Vulnerability Management?

Enterprise networks regularly see change in their devices, software installations, and file content. These modifications can create risk for the organization. Fortunately, companies can mitigate such risk by implementing foundational security controls. For example, enterprises can monitor their important files for change using file integrity monitoring (FIM). This security measure enables IT security teams to … Read More The post What Is Vulnerability Management? appeared first on The State of Security.
Read more

Oracle Patches Critical Vulnerabilities in PeopleSoft Applications

Oracle has released out-of-band security patches for a component used by multiple ERP applications from its PeopleSoft suite. The updates fix five vulnerabilities, including two critical ones that can be exploited to access data from or completely compromise those systems. The vulnerabilities are located in the Jolt protocol implementation within Oracle Tuxedo, an application server..
Read more

Adobe Releases Critical Security Patches for 9 Products

Adobe Systems has released security patches for nine of its products to fix 86 vulnerabilities, the majority of which are rated as critical and important. In addition to Flash Player, Reader and Acrobat, which are the usual recipients of Adobe’s security patches, the company has updated Photoshop CC, Adobe Connect, Adobe DNG Converter, InDesign, Digital..
Read more

November Patch Tuesday: 53 Vulnerabilities and a Massive Adobe Update

This November Patch Tuesday is moderate in volume and severity.  Microsoft released patches to address 53 unique vulnerabilities, with 25 focused on Remote Code Execution fixes. Windows OS receives 14 patches, while the lion’s share is focused on Browsers, Microsoft Office, and Adobe. According to Microsoft, there do not appear to be any actively attacked
Read more

Quarantine Flaw in Antivirus Products Allows Privilege Escalation

The malware quarantine feature in several antivirus products could have been abused by local attackers to gain administrative privileges on computers. The issue, dubbed AVGater, was discovered by Florian Bogner, a researcher with security firm Kapsch. It exploits a user’s ability to restore suspicious files that antivirus programs have moved to quarantine. Bogner found a..
Read more

SQL Injection in bbPress

During regular audits of our Sucuri Firewall (WAF), one of our researchers at the time, Slavco Mihajloski, discovered an SQL Injection vulnerability affecting bbPress. If the proper conditions are met, this vulnerability is very easy to abuse by any visitors on the victim’s website. Because details about this vulnerability have been made public today on a Hackerone report and updating to the latest version of WordPress fixes the root cause of the problem, we chose to disclose this bug and make the details public. Continue reading SQL Injection in bbPress at Sucuri Blog.
Read more
Page 1 of 1012345...10...Last »