Microsoft on Tuesday released patches for four zero-day vulnerabilities that are being exploited in the wild, including an official patch for a critical remote code vulnerability dubbed "PrintNightmare" for which an out-of-band fix was issued earlier.
Thousands of organizations that rely on Miami-based Kaseya's VSA software to remotely manage systems are going to have to wait longer to regain the ability to use it, company CEO Fred Voccola explains in a Thursday video.
Microsoft's emergency, out-of-band patch for a critical remote code vulnerability dubbed "PrintNightmare" falls short in addressing the local privilege escalation part of the flaw, according to security researchers.
Update: The Cybersecurity and Infrastructure Security Agency reported Tuesday that Microsoft has released an emergency out-of-band security update to address the "PrintNightmare" Windows Print spooler service flaw.
Ransomware-wielding criminals continue to hone their illicit business models, as demonstrated by the strike against customers of Kaseya. A full postmortem of the attack has yet to be issued, but one question sure to be leveled at the software vendor is this: Should it have fixed the flaw more quickly?
The REvil ransomware operation behind the massive attack centering on Kaseya, which develops software used by managed service providers, has offered to decrypt all victims - MSPs as well as their customers - for $70 million in bitcoins. Experts note this isn't the first time REvil has hit MSPs, or even Kaseya.
Taiwanese networking device manufacturer Zyxel is notifying customers about an ongoing series of attacks on some of its enterprise firewall and VPN products and is advising users to maintain proper remote access security policies as it prepares a hotfix.
The saga around how scores of aging Western Digital NAS devices were remotely erased has deepened with the discovery of a new, unknown software vulnerability. The situation underscores the problems of still-used devices that have been abandoned by manufacturers.
Security researchers at Eclypsium have reported that they had identified four vulnerabilities that could affect 30 million users of computer technology company Dell's laptops, desktops and tablets. The vulnerabilities have a cumulative CVSS score of 8.3 (high).
Apple has released patches for two zero-day vulnerabilities and a fix for another security issue, all of which affected devices running iOS version 12.5.3. It says the zero-day flaws are being exploited in the wild.
Microsoft's June Patch Tuesday contained patches for six zero-day vulnerabilities being exploited in the wild, including two flaws detected by Kaspersky that were being exploited by a new threat group named PuzzleMaker.
Researchers have uncovered an ongoing campaign by a Chinese advanced persistent threat group that has spent the last three years testing and refining a custom backdoor in its arsenal to conduct espionage campaigns targeting governments in Southeast Asia.
Security researchers have identified two vulnerabilities in the Joomla content management system that can be chained together for complete compromise of the network, a report by security firm Fortbridge finds.
Hackers are exploiting a critical zero-day flaw in the WordPress plug-in Fancy Product Designer, which allows remote code execution, the Wordfence Threat Intelligence team at Defiant Inc. says. Because a patch has not yet been released, the team urges users to immediately uninstall the vulnerable plug-in.
In a recent research project on cyber risk management, 340 cybersecurity and IT professionals were surveyed. They were asked what their organization’s biggest vulnerability management challenge is. 42% of respondents indicated that their biggest vulnerability management challenge is tracking vulnerability and patch...