Report: Cyberkriminelle lieben ältere Sicherheitslücken | Security https://www.heise.de/news/Report-Cyberkriminelle-lieben-aeltere-Sicherheitsluecken-9236211.html #CyberCrime #PatchManagement #Patchday

En route pour sécuriser son infrastructure IT avec Rudder ! Notre dernière release introduit de nouvelles fonctionnalités pour le patch management, la conformité et plus encore. Lisez notre article sur les nouveautés et les améliorations apportées par Rudder 7.3 👉  https://www.rudder.io/fr/blog/release-7-3/

#patchmanagement #cybersecurity #ITautomation

Es gibt eine neue Episode von Release.Patch.Repeat! 👉🏼 https://release-patch-repeat.letscast.fm/episode/drpr00009-geschwaetzige-saas-plattformen-schon-wieder-esxi

Die nicht ganz freiwilligen Mitwirkenden dieser Ausgabe sind mitteilungsbedürftige SaaS-Plattformen, Cisco, Zyxel, schon wieder ESXi, diverse Trittbretter wie Microsoft PaperCut Server oder Veeam Backup Software und ein Gen-Sequenzer.

#schwachstellen #vulnerabilities #ransomware #trojans #vulnerabilitymanagement #patchmanagement #cyberhygiene #cyberdefense #itsicherheit #itsecurity

The emergency ditching of an Australian military helicopter in the water just off a beach in New South Wales, has been blamed on the failure to apply a software patch☝️👩‍💻 #vulnerability #patchmanagement

https://www.bitdefender.com/blog/hotforsecurity/army-helicopter-crash-blamed-on-skipped-software-patch/?utm_content=buffera6954&utm_medium=social&utm_source=bufferapp.com&utm_campaign=buffer

#Patchmanagement ist schwer
oder "Never change a flying system"? 😜

Australien: Patch für Militärhubschrauber seit 13 Jahren nicht installiert
https://www.heise.de/news/Australien-Patch-fuer-Militaerhubschrauber-seit-13-Jahren-nicht-installiert-8969691.html?wt_mc=rss.red.ho.ho.atom.beitrag.beitrag

Nach der Osterpause gibt es seit heute wieder eine neue Episode von Release.Patch.Repeat. Die Protagonisten dieser Folge sind unser Lieblingssorgenkind OT, Veritas, Microsoft und USB-Ladebuchsen am Flughafen. Außerdem gibt’s wieder interessante Reports, u. a. von Malwarebytes, Armorblox sowie neue Erkenntnisse zu IPFS Phishing-Kampagnen von Kaspersky

https://release-patch-repeat.letscast.fm/episode/drpr00008-ot-microsoft-und-usb-ladebuchsen

#phishing #vulnerabilities #vulnerabilitymanagement #patching #patchmanagement #itsecurity #cyberhygiene #resilienz

Manage patches for multiple devices and apps from a single console with a centralized patch management system. Improve security, save costs, and ensure compliance. Learn more about the benefits and comparison with decentralized approach with JetPatch. #PatchManagement #ITSecurity https://www.cyber-consult.org/centralized-vs-decentralized-patch-management-benefits-and-comparison/

Hey #fosstodon community, I'm looking for a #foss solution for #patchmanagement on a wide variety of devices (Windows, Linux, iOS, MacOS, Android) that makes sense at the scale of small businesses, anyone have any suggestions?

Attacco ransomware alla Virgin. 10gg senza patch consente a Cl0p di violare 130 organizzazioni

Spesso su queste pagine parliamo di #patchmanagement e di quanto sia importante una sana #adozione di un #processo #militare che sulla base di un preciso controllo degli asset logici e fisici, agisca nel più breve tempo possibile.

In questo articolo scopriremo il perché questo risulta essere essenziale oggi, in quanto la latenza tra la #pubblicazione di un #exploit #PoC di una grave #vulnerabilità e la violazione di una azienda, si riduce sempre di più.

Questa volta si parla di 10 giorni.

#redhotcyber #informationsecurity #ethicalhacking #dataprotection #hacking #cybersecurity #cybercrime #cybersecurityawareness #cybersecuritytraining #cybersecuritynews #privacy #infosecurity

https://www.redhotcyber.com/post/attacco-ransomware-alla-virgin-10gg-senza-patch-consente-a-cl0p-di-violare-130-organizzazioni/

So it looks like #DishNetwork was hit with #Ransomeware. Sounds like a case of poor #patchmanagement with out of date #ESXI servers getting hit. This is why high rated #vulnerabilities need to be fixed or at least remediated ASAP.

#VMWare advised customers of this on February 6. Dish network was hit on the 23rd. A little over 2 weeks later.

Obviously, #cybersecurity is a never-ending battle, and it's hard to keep up, but if the door's lock is broken, you probably want to jump on that.

https://blogs.vmware.com/security/2023/02/83330.html

Product developers, do you want to enhance your product's security and customer experience?

Watch this video on improving product security and customer experience with OTA updates.

Our IoT Technology Strategy Leader Gregg explains how over-the-air updates can update your products seamlessly, without disrupting your customers' daily lives.

Watch now: https://youtu.be/pZUlQL60EA4

#productdevelopment #security #customerexperience #OTAupdates #IoT #firmwareupdates #patchmanagement #embeddedsoftware

Wenn die Vermutungen stimmen, dann ist das ein Beispiel, weshalb Patchmanagement so wichtig ist. #ransomware #patches #patchmanagement #cybercrime #cyberattack #esxi #VMware

https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2023/2023-205338-1032.html

Vulnerabilities could be chained to execute code https://www.healthcareinfosecurity.com/openemr-flaws-could-allow-attackers-to-steal-data-more-a-21059 Electronic health record patch fixes 3 security flaws that could allow attackers to steal patient data, compromise org's entire IT i. Marianne McGee #healthcaresecurity #cybersecurity #patchmanagement

[#FYSA] [Vuln] Critical Vulnerabilities in #VMware Aria Operations for Logs: VMware released software to remediate four security vulnerabilities affecting #vRealize Log Insight (aka #AriaOperations for Logs) that could expose users to remote code execution attacks.

Tracked as CVE-2022-31706 and CVE-2022-31704, the directory traversal and broken access control issues could be exploited by a threat actor to achieve remote code execution irrespective of the difference in the attack pathway.

https://thehackernews.com/2023/01/vmware-releases-patches-for-critical.html | #infosec #patchmanagement #patchnow #vulnerabilitymanagement

"High-risk vulnerability" first identified in 2015 https://www.govinfosecurity.com/va-hospital-high-risk-vulnerability-unaddressed-for-years-a-20980 VA Hospital 'High-Risk' Vulnerability Unaddressed for Years. Marianne McGee #cybersecurity #patchmanagement

Patch management is an essential security practice to ensure your organization's systems and data remain secure. #PatchManagement #CyberSecurity #ITSecurity By regularly applying patches to your software and infrastructure, you can prevent malware, reduce the risk of data breaches, and protect your systems from attacks. Don't wait, get informed on the benefits of patch management now! #StaySecure #DataSecurity #CyberAwareness

https://redbeardsec.com/the-benefits-of-patch-management-what-you-need-to-know/

#Git patches two critical remote code execution security flaws
 CVE-2022-41903: Heap overflow in `git archive`, `git log --format` leading to RCE

 CVE-2022-23521: When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge.

#github #patchmanagement #vuln

Back to work - as usual. https://www.healthcareinfosecurity.com/microsofts-first-2023-patch-tuesday-fixes-0-day-98-vulns-a-20906 Microsoft first monthly patch dump of the year includes a fix for an actively exploited zero day vulnerability that allows a local attacker to gain full system privileges. Prajeet Nair #cybersecurity #patchmanagement

💻​From #CISA 💻​

CISA added two new #CVEs to its Known Exploitable Catalog
- CVE-2022-41080: Microsoft Exchange Server Privilege Escalation #Vulnerability

- CVE-2023-21674: Microsoft Windows Advanced Local Procedure Call (ALPC) Privilege Escalation Vulnerability.

CISA also released 2 Industrial Control Systems Advisories:
 ICSA-23-010-01 Black Box KVM
 ICSA-22-298-07 Delta electronics InfraSuite Device Master (Update A).

#infosec #criticalinfrastructure #cybersecurity #patchmanagement #riskmanagement #industrialcontrols #ICSsecurity

🚀​January 2023 Patch Tuesday addresses a massive 98 fixes!! That included 2 #zeroday flaws but only one of them is known to be actively exploited, which is the critical Windows flaw, tracked as CVE-2023-21674. This flaw allows an attacker with local privileges to elevate to system, the highest level of privileges. It has a CVSSv3 severity score of 8.8 out of 10. https://www.zdnet.com/article/microsofts-first-patch-tuesday-of-2023-delivers-a-massive-98-fixes | #infosec #patchtuesday #patchnow #cybersecurity #patchmanagement