PaperCut, maker of print management solutions, has urged product users to update as soon as possible. A security vulnerability which exploits unpatched servers has been seen in the wild, with serious ramifications for any organisation impacted. Two specific vulnerabilities are at the heart of this alert, and are ranked with severity scores of 9.8 (criti

It’s time for a reminder to ensure all of your WordPress plugins are fully up to date (or removed, if you don't need them). Bleeping Computer reports that as many as 75,000 WordPress sites may be open to several flaws in a plugin called LearnPress. Worse, the update tally for users of the plugin isn't doing particularly well, with a big slice of site o

Popular game developer Riot Games brings word of a system compromise which may cause issues for updates to well known titles, although for the time being it seems as though customer data isn't affected. A social engineering development Making the notification via Twitter late last week, we’re still waiting on the full story as an investigation tak

A fix for a critical issue in OpenSSL is on the way, announced in advance of its release on November 1, 2022, in a four hour window between 13:00 UTC and 17:00 UTC. The release, version 3.0.7, will address a critical vulnerability for all versions of the software starting with a 3. Versions starting with a 1 are unaffected. A separate release for that branch

In the cybersecurity field, large databases of known threats and vulnerabilities have often been an essential resource. These catalogs show you where to focus your efforts. They’re also a good tool for prioritizing patches to increase security and mitigate the risk of disaster. As a result, these databases need to be reliable and up-to-date and use th

Small businesses and startups are known to face some extra challenges when it comes to cybersecurity. Because they don’t have the size or budget to have a fully-fledged dedicated security team, it often comes down to a smaller staff that doesn’t have the time to do everything that is recommended or even required. Often security issues are just dealt with whe

p>GitLab has issued several critical security updates, with users of the version control software urged to upgrade their installations as soon as possible. One of the fixes is for a hard coded password issue. What is distributed version control? Distributed version control is a way for an organisation’s codebase to be mirrored on the devices of anyone

If you’re running Windows 10, it’s time to stop delaying those patches and bring your systems up to date as soon as possible. Bleeping Computer reports that a researcher has come up with a bypass for an older bug, which could serve up some major headaches if left to fester. Those headaches will take the form of unauthorised admin privileges in Windows 10,

In 2017, the largest ransomware attack ever recorded hit the world, infecting more than 230,000 computers across more than 150 countries in just 24 hours. And it could have been solved with a patch that was released nearly two months prior. This was the WannaCry ransomware attack, and its final, economic impact—in ransoms paid but also in downtime and rec

byPaul DucklinSoftware patches are sometimes a bit like buses.You don’t get one for a while, and then three come at once.For buses on busy urban routes, at least, the explanation of the phenomenon goes something like this.If three buses start out travelling the same route together in a nicely spaced sequence, then the first one is most likely to be the

Last week we wrote about PrintNightmare, a vulnerability that was supposed to be patched but wasn’t. After June’s Patch Tuesday, researchers found that the patch did not work in every case, most notably on modern domain controllers. Yesterday, Microsoft issued a set of out-of-band patches that sets that aims to set that right by fixing the Window

byPaul DucklinWe’ve seen several news stories talking up some great new features in Apple’s latest software update for iOS, which was released yesterday.However, we’re much more interested in the security patches that arrived in the update to iOS 14.6, because Apple fixed 38 significant bugs, covered by 43 different CVE bug numbers.For what

byPaul DucklinAlmost exactly a month ago, or a couple of days under an average month given that February was the short one, we warned of a zero-day bug in Google’s Chromium browser code.Patch now, we said.And we’re saying it again, following Google’s otherwise cheery release of version 89.0.4389.72:The Chrome team is delighted to announce t

This is the story of a vulnerability that was brought about by the incorrect use of an encryption technique. After it was discovered by researchers, the vulnerability was patched and that should have been the end of the story. Unfortunately the patch caused problems of its own, which made it very unpopular. Cybercriminals seized the opportunity to use the vu

In a fast-changing world, stopping to assess your success isn’t really an option anymore. It is increasingly important that security teams are constantly proving their worth and tracking their successes with a view to constantly improving so as to not to get caught behind the times and therefore exposed.How to Make Sure You’ve Got the Momentum You NeedI’d li