January 2020 - Page 2 of 3

Microsoft issues security advisory and workaround for Critical IE vulnerability (CVE-2020-0674)

Vulnerabilities & Exploits / Frank Crast / January 20, 2020 / CVE-2020-0674, Enhanced Security Configuration, Internet Explorer, Microsoft, Remote Code Execution

Microsoft issued a new security advisory for a Critical Internet Explorer (IE) vulnerability. Attackers could exploit the scripting engine memory corruption vulnerability CVE-2020-0674 in IE and execute arbitrary code.

Microsoft issues security advisory and workaround for Critical IE vulnerability (CVE-2020-0674) Read More »

Google releases Chrome security update (79.0.3945.130)

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / January 18, 2020 / Chrome, CVE-2020-6378

Google has released Chrome 79.0.3945.130 for Windows, Mac and Linux. The update includes 11 security fixes.

Google releases Chrome security update (79.0.3945.130) Read More »

Oracle Critical Patch Update for January 2020

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / January 16, 2020 / CVE-2020-2546, CVE-2020-2551, CVE-2020-2555, Database, Enterprise Manager, Fusion, Java, MySQL, October 2019 CPU, Oracle

Oracle has released its Critical Patch Update for January 2020 to include 334 vulnerability fixes across multiple products. The company also continues to receive reports of remote attackers attempting to maliciously exploit unpatched vulnerabilities.

Oracle Critical Patch Update for January 2020 Read More »

Microsoft January 2020 Security Updates (includes fix for Windows CryptoAPI vulnerability)

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / January 15, 2020 / .NET, ASP.NET, CryptoAPI, Internet Explorer, Microsoft, OneDrive, RDP

Microsoft issued the January 2020 Security Updates that include 49 unique vulnerability fixes, 8 of those rated critical and 29 rated important. One of the patches addresses a CryptoAPI Spoofing vulnerability CVE-2020-0601. DHS CISA also issued an emergency directive with recommendations to patch this Windows CryptoAPI, Windows Remote Desktop Gateway (RD Gateway), and Windows Remote Desktop Client.

Microsoft January 2020 Security Updates (includes fix for Windows CryptoAPI vulnerability) Read More »

VMware patches Workstation Tools vulnerability (CVE-2020-3941)

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / January 15, 2020 / CVE-2020-3941, VMware, Workstation Tools

VMware has released security updates to address a local privilege escalation vulnerability (CVE-2020-3941) in VMware Tools for Windows.

VMware patches Workstation Tools vulnerability (CVE-2020-3941) Read More »

Windows 7 and Windows Server 2008 versions reach end of support

Configuration Management, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / January 14, 2020 / end of service, EOL, EOS, EOSL, Windows 7, Windows Server 2008

The time has finally arrived. Microsoft Windows 7 and multiple versions of Windows Server 2008 have reached end of support today, January 14, 2020. As a result, customers will no longer receive technical support and software updates for those products as of today.

Windows 7 and Windows Server 2008 versions reach end of support Read More »

WannaCry, Petya and Copycat Ransomware Expose Good History Lessons for Small Business and Enterprise Security

Business Continuity & Resiliency, Cybersecurity Articles, Cybersecurity Attacks, Malware / Frank Crast / January 14, 2020 / Backup, encryption, MS17-010, Petya, Ransomware, WannaCry, Windows 7, Windows Server 2008, Windows XP

On May 12, 2017, the now infamous WannaCry ransomware burst onto the worldwide scene. WannaCry infected over 200,000 systems and 150 countries in just 3 days.

WannaCry, Petya and Copycat Ransomware Expose Good History Lessons for Small Business and Enterprise Security Read More »

Cisco security updates for Webex, IOS and other products

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / January 13, 2020 / Cisco, Cisco IOS, CSRF, IP Phone

Cisco has released security updates for Webex, IOS, and other products. Two of the vulnerabilities are rated High severity and should be prioritized.

Cisco security updates for Webex, IOS and other products Read More »

Attackers continue to target unpatched Pulse Secure VPN systems

Network Security, Vulnerabilities & Exploits / Frank Crast / January 11, 2020 / APT, CVE-2019-11510, Juniper, Pulse Security, VPN

The Cybersecurity and Infrastructure Security Agency (CISA) issued a new warning that attackers continue to target unpatched Pulse Secure VPN systems.

Attackers continue to target unpatched Pulse Secure VPN systems Read More »

Juniper Networks security updates for multiple products

Network Security, Vulnerabilities & Exploits / Frank Crast / January 10, 2020 / Juniper

Juniper Networks has released security advisories to fix vulnerabilities on multiple products this week.

Juniper Networks security updates for multiple products Read More »