Frank Crast

Frank Crast

Microsoft May 2020 Security Updates (16 Critical vulnerabilities fixed)

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / May 13, 2020 / .NET, .NET Core, Autodesk, ChakraCore, CVE-2020-1023, CVE-2020-1024, CVE-2020-1028, CVE-2020-1037, CVE-2020-1062, CVE-2020-1064, CVE-2020-1065, CVE-2020-1069, CVE-2020-1093, CVE-2020-1102, CVE-2020-1117, CVE-2020-1126, CVE-2020-1136, CVE-2020-1153, Edge, Internet Explorer, Microsoft Dynamics, OpenSSL, Power BI, Visual Studio, Windows Defender

Microsoft released the May 2020 Security Updates that includes 111 unique vulnerability fixes, 16 of those rated critical.

Microsoft May 2020 Security Updates (16 Critical vulnerabilities fixed) Read More »

Frank Crast

SaltStack, multiple vendors fix Critical vulnerabilities in Salt

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / May 12, 2020 / CVE-2020-11651, CVE-2020-11652, Debian, F-Secure, OpenSUSE, Salt, Salt Stack, VMware

In case you missed it last week, SaltStack released security updates to fix two critical Salt vulnerabilities. Multiple vendors that integrate Salt into their products have also released patches or workarounds to address the flaws.

SaltStack, multiple vendors fix Critical vulnerabilities in Salt Read More »

Frank Crast

vBulletin patches Critical ‘incorrect access control’ vulnerability

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / May 11, 2020 / CVE-2020-12720, Palo Alto Networks, vBulletin

Popular internet forum software maker vBulletin has patched a Critical vulnerability that affects multiple vBulletin 5 versions.

vBulletin patches Critical ‘incorrect access control’ vulnerability Read More »

Frank Crast

Snake ransomware campaign targets healthcare companies

Cybersecurity Attacks, Malware / Frank Crast / May 8, 2020 / Ekans, Europe, Fresenius, healthcare, Ransomware, Snake

A large Snake ransomware campaign has targeted healthcare companies worldwide. One of the victims include Fresenius, Europe’s largest private hospital operator and leading healthcare company based out of Germany.

Snake ransomware campaign targets healthcare companies Read More »

Frank Crast

Cisco releases 12 High severity advisories for multiple products

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / May 8, 2020 / ASA, Cisco, CVE-2020-3125, CVE-2020-3179, CVE-2020-3187, CVE-2020-3189, CVE-2020-3191, CVE-2020-3195, CVE-2020-3196, CVE-2020-3254, CVE-2020-3255, CVE-2020-3259, CVE-2020-3283, CVE-2020-3298, Firepower, FTD

Cisco has released 12 High severity security advisories for Cisco Adaptive Security Appliance (ASA) Software and Firepower products. In addition, a security fix was also released to address a Snort HTTP detection engine file policy bypass Vulnerability.

Cisco releases 12 High severity advisories for multiple products Read More »

Frank Crast

Mozilla releases Firefox 76 with new account password protections and security updates

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / May 6, 2020 / CVE-2020-12387, CVE-2020-12388, CVE-2020-12395, Firefox, Firefox 76, Mozilla

The Mozilla Foundation has released Firefox 76 with new security protections for online account logins and passwords. The update also includes fixes for multiple vulnerabilities.

Mozilla releases Firefox 76 with new account password protections and security updates Read More »

Frank Crast

Google releases Chrome security update (81.0.4044.138)

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / May 6, 2020 / Android, Chrome, Chrome 81, CVE-2020-6464, CVE-2020-6831

Google has released Chrome 81.0.4044.138 for Windows, Mac and Linux. An attacker could exploit these vulnerabilities to take control of impacted systems.

Google releases Chrome security update (81.0.4044.138) Read More »

Frank Crast

Microsoft releases Zero Trust guidance for Azure AD

Cloud Security, Cybersecurity Articles, Identity & Access Management / Frank Crast / May 3, 2020 / Active Directory, Azure, Zero Trust

Microsoft has released new Zero Trust guidance for Azure Active Directory (Azure AD). The guidance is part of a broader “Zero Trust Security Strategy” to help organizations provide more secure access to corporate resources.

Microsoft releases Zero Trust guidance for Azure AD Read More »

Frank Crast

Alert: Weblogic vulnerability exploited in the wild (apply April CPUs without delay)

Cybersecurity Attacks, Vulnerabilities & Exploits / Frank Crast / May 3, 2020 / CVE-2020-2883, Fusion, Oracle, WebLogic

Oracle released a new warning that a previously patched Weblogic vulnerability CVE-2020-2883 is being exploited in the wild. The company further urged organizations should apply April CPUs without delay.

Alert: Weblogic vulnerability exploited in the wild (apply April CPUs without delay) Read More »

Frank Crast

Cisco patches IOS XE SD-WAN software command injection vulnerability

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / May 1, 2020 / Cisco, CVE-2019-16009, CVE-2019-16011, iOS, IOS XE, Networking, SD-WAN

Cisco has released a High severity security update that fixes an IOS XE SD-WAN software command injection vulnerability CVE-2019-16011.

Cisco patches IOS XE SD-WAN software command injection vulnerability Read More »