Patch/Configuration Management

SolarWinds patches critical RCE vulnerability in its Web Help Desk

Shaun NicholsAugust 16, 2024

Administrators ready to take an early weekend have been served with what might be the scariest three words in IT: Critical SolarWinds Vulnerability.

Encrypted authentication logs with detection alerts, cybersecurity, detection

Identity

Microsoft Entra ID bug lets attackers impersonate any synched user

Steve ZurierAugust 16, 2024

Security pros say the Entra ID flaw could let attackers impersonate a user with Global Admin privileges, even the CEO.

Vulnerability Management

Patchless patching, IPv6-enabled RCE, room searches at DEF CON, and Moon GPS – ESW #372

August 15, 2024

This week, we discuss a marketing campaign that caught Darwin's eye at the Black Hat expo: patchless patching. Then, Darwin recounts his experiences at the Innovators and Investors Summit. We discuss the potential impact of a critical Windows vulnerability that supposedly allows RCE via IPv6 packets! Microsoft continues to stumble, deepening trus...

A SolarWinds sign sits on top of an office building.

Vulnerability Management

Critical SolarWinds Web Help Desk flaw addressed

SC StaffAugust 15, 2024

All but the latest version of the SolarWinds Web Help Desk software used by healthcare and government organizations, as well as corporations for optimizing help desk tasks are affected by the security issue, tracked as CVE-2024-28986.

Today’s columnist, Ashley Leonard of Syxsense, shares a four-step patching strategy in the wake of the CrowdStrike incident. (Adobe Stock)

Patch/Configuration Management

In the wake of the CrowdStrike outage, here’s a workable four-step patching strategy

Ashley Leonard August 15, 2024

The CrowdStrike incident highlighted the dangers of auto-updates – here’s how to set up a test lab for a patching strategy that will keep the organization safe.

Vulnerability Management

Attacks leveraging Windows SmartScreen bypass flaw deployed since March

SC StaffAugust 14, 2024

Intrusions exploiting the flaw, which has been patched but not detailed as part of the June Patch Tuesday update, could be launched remotely by attackers who have obtained interactions from targeted users, according to Microsoft.

Microsoft is a multinational technology company, known for its software products

Vulnerability Management

Microsoft patches 9 zero-days, 6 exploited in the wild

Steve ZurierAugust 13, 2024

In addition to Microsoft patches, Adobe also addressed 71 CVEs across its products.

Vulnerability Management

DEFCON Hijinx, AMD, Ukraine, FreeBSD, OpenVPN, the Pwnie Awards, Josh Marpet… – SWN #406

August 13, 2024

DEFCON Hijinx, AMD, Ukraine, FreeBSD, OpenVPN, the Pwnie Awards, Josh Marpet, and more, on this Edition of the Security Weekly News.

Patch/Configuration Management

Page 7. Back to first page.

Related Videos

A couple simple steps companies can take to protect their systems from ransomware

SolarWinds patches critical RCE vulnerability in its Web Help Desk

Microsoft Entra ID bug lets attackers impersonate any synched user

Patchless patching, IPv6-enabled RCE, room searches at DEF CON, and Moon GPS – ESW #372

Critical SolarWinds Web Help Desk flaw addressed

In the wake of the CrowdStrike outage, here’s a workable four-step patching strategy

Attacks leveraging Windows SmartScreen bypass flaw deployed since March

Microsoft patches 9 zero-days, 6 exploited in the wild

DEFCON Hijinx, AMD, Ukraine, FreeBSD, OpenVPN, the Pwnie Awards, Josh Marpet… – SWN #406