patch
-
Blog
CrushFTP warns users to patch unauthenticated access flaw immediately
CrushFTP warned customers of an unauthenticated HTTP(S) port access vulnerability and urged them to patch their servers immediately. As the company also explained in an email sent to customers on Friday (seen by BleepingComputer), the security flaw enables attackers to gain unauthenticated access to unpatched servers if they are exposed on the Internet over HTTP(S). “Please take immediate action to…
Read More » -
Blog
Veeam RCE bug lets domain users hack backup servers, patch now
Veeam has patched a critical remote code execution vulnerability tracked as CVE-2025-23120 in its Backup & Replication software that impacts domain-joined installations. The flaw was disclosed yesterday and affects Veeam Backup & Replication version 12.3.0.310 and all earlier version 12 builds. The company fixed it in version 12.3.1 (build 12.3.1.1139), which was released yesterday. According to a technical writeup by watchTowr Labs, who…
Read More » -
Blog
For March’s Patch Tuesday, 57 fixes — and 7 zero-days
For so few patches from Microsoft this month (57), we have seven zero-days to manage (with a “Patch Now” recommendation for Windows) and standard release schedules for Microsoft Office, Microsoft browsers (Edge) and Visual Studio. Adobe is back with a critical update for Reader, but it’s not been paired (at least for now) with a Microsoft patch. To navigate what’s…
Read More » -
Blog
Apple Has Issued a Security Patch in Response to an ‘Extremely Sophisticated Attack’
Breaking news: Apple has released another security update, and you should install it right away. While it seems like there’s always a new update for us Apple users to install on our devices, this one is a bit more exciting than usual, targeting what the company has described as “an extremely sophisticated attack.” Apple’s latest security patch On Tuesday, March…
Read More » -
Blog
Nakivo backup flaw still present on some systems months after firms’ ‘silent patch’, researchers claim
Over 200 vulnerable internet-facing Nakivo backup and replication instances have been identified months after the firm silently patched a security flaw without publicly disclosing the issue. Security researchers at watchTowr recently published a report detailing their discovery of an arbitrary file read vulnerability in Nakivo’s central management solution. The report noted that, if exploited, the flaw could enable an attacker…
Read More » -
Blog
For February’s Patch Tuesday, Microsoft rolls out 63 updates – Computerworld
Networking and Remote Desktop services Winsock: Microsoft advises that a multipoint socket (type c_root) is created and employed with the following operations: bind, connect, and listen. The socket should close successfully. DHCP: Create test scenarios to validate Windows DHCP client operations (discover, offer, request, and acknowledgment (ACK)). RDP: Ensure that you can configure Microsoft RRAS servers through netsh commands. ICS: Ensure that Internet Connection Sharing (ICS) can…
Read More » -
Blog
Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws
The monthly report is relatively lightweight, with some mobile updates or fixes that have already been performed server-side and shouldn’t be a concern to admins, said Tyler Reguly, associate director of security R&D at global cybersecurity software and services provider Fortra. Another vulnerability impacts only Microsoft Surface hardware. February update patches two exploited vulnerabilities The two exploited vulnerabilities are: CVE-2025-21391,…
Read More » -
Blog
Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws
Today is Microsoft’s February 2025 Patch Tuesday, which includes security updates for 55 flaws, including four zero-day vulnerabilities, with two actively exploited in attacks. This Patch Tuesday also fixes three “Critical” vulnerabilities, all remote code execution vulnerabilities. The number of bugs in each vulnerability category is listed below: 19 Elevation of Privilege Vulnerabilities 2 Security Feature Bypass Vulnerabilities 22…
Read More » -
Blog
CISA orders agencies to patch Linux kernel bug exploited in attacks
CISA has ordered federal agencies to secure their systems within three weeks against a high-severity Linux kernel flaw actively exploited in attacks. Tracked as CVE-2024-53104, the security bug was first introduced in kernel version 2.6.26 and was patched by Google for Android users on Monday. “There are indications that CVE-2024-53104 may be under limited, targeted exploitation,” the Android February 2025…
Read More » -
Blog
Zyxel won’t patch newly exploited flaws in end-of-life routers
Zyxel has issued a security advisory about actively exploited flaws in CPE Series devices, warning that it has no plans to issue fixing patches and urging users to move to actively supported models. VulnCheck discovered the two flaws in July 2024, but last week, GreyNoise reported having seen exploitation attempts in the wild. According to network scanning engines FOFA and…
Read More »