Are your VMware machines up to date?

Until now, virtualization hadn’t been targeted by cyber attackers with the same vigor as other small- and medium-sized business IT solutions. Whether it was because of the inherent security of virtualization or because of the relatively narrow scope of its adoption, this is no longer the case. VMware, one of the leading virtualization software vendors, […]

WatchGuard Security Week in Review: Episode 60 – Oracle CPU

During a week of such tragedy, it’s hard to give much thought to network and information security (InfoSec). Yet, we must stay vigilant, lest abhorrent cyber criminals leverage such tragedies against us in social networking campaigns.

WatchGuard Security Week in Review: Episode 59 – Android PlaneSploit

Though I’m traveling in Singapore for a security conference, I still found a few spare minutes for my weekly InfoSec news summary. This week I cover some Bitcoin mining malware, CISPA returning from the ashes, some game related network attacks, and most interestingly, an Android smartphone hacking an airplane. For the details, watch the video below.

Adobe Patch Day: Patches for Flash, Shockwave, and ColdFusion

Today, Adobe released three security bulletins describing vulnerabilities in Flash Player, Shockwave Player, and ColdFusion. A remote attacker could exploit the worst of these flaws to gain complete control of your computer. The summary below details some of the vulnerabilities in these popular software packages.

SharePoint Suffers from XSS and Information Disclosure Flaws

Today, Microsoft released two Office-related security bulletins describing vulnerabilities found in SharePoint, SharePoint Foundation, Groove, Office Web Apps, and InfoPath — all part of Microsoft’s Office family of products. Microsoft rates both bulletins as Important. We summarize them below:

Windows Updates Fix Critical RDC Flaw, and More

Today, Microsoft released six security bulletins that describe around ten vulnerabilities affecting Windows or components related to it, such as Remote Desktop Client, Active Directory, and the Antimalware client (part of Windows Defender in Windows 8). Each of these vulnerabilities affect different versions of Windows to varying degrees. A remote attacker could exploit the worst of these flaws to gain complete control of your Windows PC. We recommend you download, test, and deploy these updates – especially the critical ones – as quickly as possible.

“Use After Free” Flaws: A New Theme for IE Vulnerability

As part of today’s Patch Day, Microsoft released a security bulletin describing two new security vulnerabilities affecting Internet Explorer (IE). Similar to the flaws in last month’s update, both of these vulnerabilities are what developers call “use after free” vulnerabilities – a type of memory corruption flaw that attackers can leverage to execute arbitrary code.

Remote Desktop and IE Updates Top April’s Patch Day List

Unless you’re new to IT, you’re probably aware that today—the second Tuesday of the month—is Microsoft Patch Day. As expected, Microsoft released nine security bulletins today, fixing 13 vulnerabilities across products like Internet Explorer (IE), Windows and its components, Sharepoint Server, and a few other Office server products. The worst two, Critical-rated updates fix security problems in IE and the Remote Desktop Client (RDC) that ships with Windows (specifically, its ActiveX control).