Experimental News Clipping Site

Tag: patches

  • The Register: February’s Patch Tuesday sees Microsoft offer just 63 fixes

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/02/12/patch_tuesday_february_2025/ Source: The Register Title: February’s Patch Tuesday sees Microsoft offer just 63 fixes Feedly Summary: Don’t relax just yet: Redmond has made some certificate-handling changes that could trip unprepared admins Patch Tuesday Microsoft’s February patch collection is mercifully smaller than January’s mega-dump. But don’t get too relaxed – some deserve close attention,…

  • The Register: Apple warns ‘extremely sophisticated attack’ may be targeting iThings

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/02/11/apple_ios_ipados_patches/ Source: The Register Title: Apple warns ‘extremely sophisticated attack’ may be targeting iThings Feedly Summary: Cupertino mostly uses bland language when talking security, so this sounds nasty Apple has warned that some iPhones and iPads may have been targeted by an “extremely sophisticated attack” and has posted patches that hopefully prevent it.……

  • The Register: Cisco patches two critical Identity Services Engine flaws

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/02/05/cisco_plugs_two_critical_ise_bugs/ Source: The Register Title: Cisco patches two critical Identity Services Engine flaws Feedly Summary: One gives root access, the other lets you steal info and reconfig nodes, in the right (or should that be wrong) circumstances Cisco has fixed two critical vulnerabilities in its Identity Services Engine (ISE) that could allow an…

  • Hacker News: Securing edge device systems, including firewalls, routers, and VPN gateways

    by

    Kurt Seifried
    in

    Source URL: https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/4052657/joint-publications-focus-on-mitigation-strategies-for-edge-devices/ Source: Hacker News Title: Securing edge device systems, including firewalls, routers, and VPN gateways Feedly Summary: Comments AI Summary and Description: Yes Summary: The NSA, in collaboration with various international cybersecurity agencies, has published three comprehensive guides focusing on mitigation strategies for edge devices. These guides aim to enhance network security and…

  • The Register: Google: How to make any AMD Zen CPU always generate 4 as a random number

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/02/04/google_amd_microcode/ Source: The Register Title: Google: How to make any AMD Zen CPU always generate 4 as a random number Feedly Summary: Malicious microcode vulnerability discovered, fixes rolling out for Epycs at least Googlers have not only figured out how to break AMD’s security – allowing them to load unofficial microcode into its…

  • The Register: Google patches odd Android kernel security bug amid signs of targeted exploitation

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/02/04/google_android_patch_netgear/ Source: The Register Title: Google patches odd Android kernel security bug amid signs of targeted exploitation Feedly Summary: Also, Netgear fixes critical router, access point vulnerabilities Google has released its February Android security updates, including a fix for a high-severity kernel-level vulnerability, which is suspected to be in use by targeted exploits.……

  • Hacker News: AMD: Microcode Signature Verification Vulnerability

    by

    Kurt Seifried
    in

    Source URL: https://github.com/google/security-research/security/advisories/GHSA-4xq7-4mgh-gp6w Source: Hacker News Title: AMD: Microcode Signature Verification Vulnerability Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses a security vulnerability in AMD Zen-based CPUs identified by Google’s Security Team, which allows local administrator-level attacks on the microcode verification process. This is significant for professionals in infrastructure and hardware…

  • Bulletins: Vulnerability Summary for the Week of January 27, 2025

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/bulletins/sb25-034 Source: Bulletins Title: Vulnerability Summary for the Week of January 27, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 0xPolygonZero–plonky2  Plonky2 is a SNARK implementation based on techniques from PLONK and FRI. Lookup tables, whose length is not divisible by 26 = floor(num_routed_wires / 3) always…

  • The Register: Medical monitoring machines spotted stealing patient data, users warned to pull the plug ASAP

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/02/03/backdoored_contec_patient_monitors_leak_data/ Source: The Register Title: Medical monitoring machines spotted stealing patient data, users warned to pull the plug ASAP Feedly Summary: PLUS: MGM settles breach suits; AWS doesn’t trust you with security defaults; A new .NET backdoor; and more Infosec in brief The United States Food and Drug Administration has told medical facilities…