Microsoft Releases April 2023 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s April 2023 Security Update Guidelink is external an...

Automating Vulnerability Management with Qualys VMDR & ServiceNow

With a growing number of cyber-attacks and the push to stay ahead of adversaries, the Vulnerability Management lifecycle has become necessary for ensuring enterprise-grade cyber resiliency. For many organizations, there is a persistent challenge in supporting vulnerability assessment and...

Citrix Endpoint Management (aka XenMobile Server) 10.12.0 Rolling Patch 11

Package name: xms10.12.0.11103.bin For: XenMobile Server 10.12.0 Deployment type: On-premises only Replaces: xms10.12.0.11004.bin, xms10.12.0.10917.bin, xms10.12.0.10818.bin, xms10.12.0.10714.bin, xms10.12.0.10613.bin, xms10.12.0.10539.bin, xms10.12.0.10417.bin, xms10.12.0.10324.bin,...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

cve-2021-44228-qingteng-online-patch What is this Hot-pa...

Vulnerabilities fixed in OpenBSD

Two vulnerabilities have been fixed in OpenBSD. The vulnerabilities apply to the kernel and libcrypto. The kernel vulnerability allows a local authorized user able to establish a denial of service on the system. This vulnerability is present in OpenBSD 6.9 and 7.0. The second vulnerability is in...

PYSEC-2021-567

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a CHECK-fail in debug builds of TensorFlow using tf.rawops.ResourceGather or a read from outside the bounds of heap allocated data in the same API in a release build. Th...

Manage Linux Patching with Qualys VMDR

As attacks on infrastructure continue to increase, security teams are looking to go beyond detection and response by eliminating the root cause of the attacks -- unpatched vulnerabilities. With the majority of production systems running Linux, IT teams have been looking for a single, efficient...

Security Bulletin: IBM Kenexa LMS On Premise - IBM SDK, Java Technology Edition Quarterly CPU - Jan 2020 - Includes Oracle Jan 2020 CPU (CVE-2019-4732)

Summary We have identified that the IBM Kenexa LMS On Premise is affected by one or more security vulnerabilities. These have been addressed in LMS 6.1.0 version. Vulnerability Details CVEID: CVE-2019-4732 DESCRIPTION: IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0...

Automatically Discover, Prioritize and Remediate Windows Adobe Type Manager Library Remote Code Execution Vulnerability (ADV200006) using Qualys VMDR®

On March 23, Microsoft released zero day advisory ADV200006 to address two critical remote code execution vulnerabilities in Adobe Type Manager Library that affects multiple versions of Windows and Windows Server. The vulnerabilities exist within the way that Windows parses OpenType fonts. For...

Automatically Discover, Prioritize and Remediate Apache Tomcat AJP File Inclusion Vulnerability (CVE-2020-1938) using Qualys VMDR

A severe vulnerability exists in Apache Tomcat’s Apache JServ Protocol. The Chinese cyber security company Chaitin Tech discovered the vulnerability, which is named "Ghostcat" and is tracked using CVE-2020-1938. The security issue has received a critical severity rating score of 9.8 based on CVSS...

Payment Card Breach Hits 8 Cities Using Vulnerable Bill Portal

A vulnerable municipality payment software, which previously led to the breach of hundreds of thousands of payment cards in 2017, has been targeted once again. This time it was part of a breach involving of eight cities in August. The hack targets a flaw in Click2Gov software, which is used in...

Firmware Bugs Plague Server Supply Chain, 7 Vendors Impacted

Two firmware vulnerabilities impacting Lenovo, Acer and five additional server brands allow adversaries to brick servers, run arbitrary code on targeted systems and maintain a persistent foothold – surviving even an operating system reinstallation. The bugs are tied to Gigabyte motherboards used ...

Description of the security update for Excel 2013: July 9, 2019

Description of the security update for Excel 2013: July 9, 2019 Summary This security update resolves a remote code execution vulnerability that exists in Microsoft Excel if the software does not correctly handle objects in memory. To learn more about the vulnerability, see Microsoft Common...

Integrating Threat and Vulnerability Management with Patch Management: The (Feasible) Quantum Leap

The rise of sophisticated attacks combined with the security-skills shortage have driven many organizations to go back to basics and review their processes for vulnerability and patch management. The approach is definitely a winning one, given that shrinking and managing the vulnerability surface...

Boosting Patch Management Is Key for Breach Prevention

Vulnerabilities that vendors have disclosed and issued patches for remain a major source of breaches. Why? Too many organizations take too long to deploy those patches -- or never do. That was the case with WannaCry. The ransomware exploited Windows vulnerability MS17-010, which Microsoft disclos...

SecureCore Standard Edition vulnerable to authentication bypass

Overview SecureCore Standard Edition provided by Feitian Japan Co., Ltd. contains an authentication bypass vulnerability CWE-287. Daisuke Ota of BizReach, inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

Linux Kernel IP Vulnerability 2

On the week of July 15th, researcher Juha-Matti Tilli disclosed a vulnerability in the Linux kernel to the kernel maintainers, the National Cyber Security Center - Finland NCSC-FI, CERT Coordination Center CERT/CC, and Akamai. The vulnerability, CVE-2018-5391, is a resource exhaustion attack...

Securing IT Assets By Prioritizing Protection And Remediation

As hackers get faster at weaponizing exploits for disclosed bugs, InfoSec teams need — more than ever — automated, continuous and precise IT asset inventorying, vulnerability management, threat prioritization and patch deployment. Critical vulnerabilities that linger unpatched for weeks or months...

WannaCry & The Reality Of Patching

Editors note: For the latest WannaCry information as it relates to Trend Micro products, please read this support article. The WannaCry ransomware variant of 12-May-2017 has been engineered to take advantage of the most common security challenges facing large organizations today. Starting with on...

Rescanning Applications with RIPS

Benefits One of the most important things in modern application development is to think about security in every step of the development lifecycle. Beginning with the start of the development right up until the continued deployment of patches and features - security is important in all stages of a...