patch management Archives - Page 2 of 3

Pierluigi Paganini September 06, 2015

Fiat Chrysler distributes the fix for flawed Jeep via mailed USB

The decision of Fiat Chrysler for providing a software update via Mailed USB is considered disconcerting for the security industry. Do you remember the hack of the Fiat Chrysler Jeep? In response to the disclosure of the details of the successful attack, the company recalled nearly 1.4 vehicles in the US in order to update the firmware running […]

Pierluigi Paganini March 06, 2015

Cleaning up the Cyber Mess: Adopting Cyber Hygiene principles

The increasing number of cyber incidents along with a significant improvement of TTP adopted by threat actors requests the adoption of a cyber hygiene. The rate of data breaches are increasing drastically throughout the year. Cyber-attacks could cause severe disruption to a company’s business functions or operational supply chain, impact reputation, compromise customer information or […]

Pierluigi Paganini January 14, 2015

Over 930 million Android phones are out of official Google security patch support

Google is not able to direct control the distribution of bug patches for its devices, and 60 percent of Android phones is exposed to security risks. The security expert Todd Bearsley published an interesting blog post on Rapid7 Security Street blog explaining that the Metasploit framework currently includes 11 different exploits for WebView. “WebView is the core component […]

Pierluigi Paganini August 19, 2014

Microsoft confirmed that a faulty patch is causing BlueScreen

Microsoft is investigating on potentially faulty Windows security update that is causing some systems to crash with bluescreen error. Last Friday, Microsoft urged its users to uninstall the latest security updates issued by the company because they are causing the unpleasant bluescreen, also know as “Blue Screens of Death” or BSoD. Microsoft released its usual […]

Pierluigi Paganini June 19, 2014

Security issues found in USCIS RFID Card production system

The system used to produce RFID identification cards including permanent resident IDs by the USCIS has a number of serious security issues. A report from the Office of the Inspector General (OIG) at DHS titled “Radio Frequency Identification Security at USCIS Is Managed Effectively, But Can Be Strengthened” confirms the presence of serious security issues in the […]

Pierluigi Paganini March 29, 2014

Reading the Global Threat Intelligence Report (GTIR)

The Global Threat Intelligence Report (GTIR) addresses the security challenges of organizations globally analyzing 3 billion worldwide attacks occurred in 2013. The NTT Innovation Institute has released the new Global Threat Intelligence Report (GTIR), a document structured to raise awareness of the rapidly evolving global threat landscape. The GTIR was based on threat intelligence and attack data from […]

Pierluigi Paganini March 24, 2014

Cisco on large-scale attacks against unpatched or not updated servers

Cisco observed 400 hosts were infected on daily base and more than 2,700 URLs have been used in a multistage attack against websites running older OS versions. In the last months a growing number of large-scale attacks hit systems all over the world, many of them, like the Snake campaign, are attributable to state-sponsored hackers […]

Pierluigi Paganini February 28, 2014

Secunia analyzed vulnerabilities in the Top 50 portfolio products

Secunia’s Vulnerability Review 2014 provides an interesting analysis of the number of vulnerabilities in the Top 50 portfolio products. The Secunia Vulnerability Review provides a vision on global vulnerability trends, evaluating carefully the 50 most popular programs on private PCs. These programs are practically everywhere, in many cases, they are key application for ordinary IT […]

Pierluigi Paganini February 02, 2014

Critical vulnerabilities in Oracle servers in the wild

Researcher Dana Taylor is warning on the existence of two critical vulnerabilities in Oracle servers in the wild since a long time. Two serious vulnerabilities affect Oracle’s older database packages, allowing an attacker to remotely access a server bypassing authentication mechanism. Exploiting the flaws the attackers can browse the filesystem of the server accessing any files. […]

Pierluigi Paganini January 29, 2014

Discovered a serious vulnerability in Mozilla Thunderbird

A serious vulnerability inside Mozilla Thunderbird Gecko engine allows hackers to insert malicious code into Emails to exploit recipient browser. A critical vulnerability affects the email client Mozilla Thunderbird 17.0.6, the popular application has a validation and filter bypass vulnerability that could be exploited by hackers to bypass the filter that prevents HTML tags from being used in […]