Security news aggregator

Latest coverage for Patch

Patch management fixes known software flaws before attackers exploit them, reducing intrusion risk; prioritize critical systems and verify deployment.

20 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Patch is a software, firmware, or configuration update that fixes a defect, including a vulnerability an attacker could use to gain access, execute code, escalate privileges, or expose data. Patching reduces the exploitable attack surface across operating systems, applications, network devices, and embedded systems; it does not remove risk from unsupported or misconfigured assets, and updates can sometimes introduce compatibility or availability problems.

Effective patch management starts with an accurate inventory and vulnerability assessment, then prioritizes internet-facing systems, high-impact assets, and flaws known to be exploited. Organizations should test updates where practical, deploy them within defined time limits, verify installation, and retain rollback or compensating controls when immediate patching is unsafe. Monitoring vendor advisories and threat intelligence can identify urgent fixes, while documenting exceptions and coverage supports vulnerability management and audit requirements.

Showing 20 most recent headlines Filtered view
Bank Info Security 2 years, 1 month ago

Surge in Attacks Against Edge and Infrastructure Devices

Increase in Known Vulnerabilities and Zero-Days Is Fueling Mass Hacking CampaignsAttackers are increasingly targeting cybersecurity devices deployed on the network edge to pivot into enterprise environments, as they take advantage of a surge in zero-day and known vulnerabilities in such devices, which organizations can take months to patch.

Ivanti Faces Another SQL Injection Flaw in Popular Endpoint Manager ProductSecurity researchers have discovered another major vulnerability in Ivanti’s widely-used endpoint management system that can allow hackers to gain remote access for multiple devices at the same time, just months after the company patched a separate SQL injection flaw in the same product.

Bank Info Security 2 years, 1 month ago

Breach Roundup: US Federal Cyber Incidents Go Up

Also: Ukraine Arrests Alleged Ransomware Developer; Patches Galore; and BurnoutThis week, feds counted cyber incidents; Ukraine made arrest; BlackBasta seemed to exploit flaw; 51 flaws in Patch Tuesday; SolarWinds, JetBrains patched flaws; Alan Turning Institute debunked paper on AI; Santander wants password changes; Christie's spoke of data breach and cyber pros face burnout.

Redmond splats dozens of bugs as does Adobe while Arm drivers and PHP under active attack Patch Tuesday Microsoft kicked off our summer season with a relatively light June Patch Tuesday, releasing updates for 49 CVE-tagged security flaws in its products – including one bug deemed critical, a fairly terrifying one in wireless networking, and one listed as publicly disclosed.…

Bank Info Security 2 years, 1 month ago

Ransomware Gang TellYouThePass Exploits PHP Vulnerability

Flaw Allows Unauthenticated Attackers to Execute Arbitrary CodeA ransomware operation with a history of exploiting widespread internet vulnerabilities lost little time in making use of a critical severity vulnerability in scripting language PHP. The TellYouThePass ransomware group sees opportunity whenever system administrators must scramble to patch systems.

Bank Info Security 2 years, 1 month ago

Dutch Agency Renews Warning of Chinese Fortigate Campaign

Chinese Cyber Espionage Campiagn Is 'Much Larger Than Previously Known'Chinese hackers breached thousands of vulnerable Fortigate network security appliances in a cyber-espionage campaign "much larger than previously known," a Dutch cybersecurity agency warned Tuesday. Even fully patched FortiGate devices may still be infected.

Krebs on Security 2 years, 1 month ago

Patch Tuesday, June 2024 “Recall” Edition

Microsoft today released updates to fix more than 50 security vulnerabilities in Windows and related software, a relatively light Patch Tuesday this month for Windows administrators. The software giant also responded to a torrent of negative feedback on a new feature of Redmond's flagship operating system that constantly takes screenshots of whatever users are doing on their computers, saying the feature would no longer be enabled by default.