Urgent Adobe Update

Adobe Releases Critical Updates for Reader and Acrobat Two out-of-band security updates have been released by Adobe, patching critical vulnerabilities in Acrobat and Reader. These updates effect both the Windows and macOS operating systems. The first vulnerability, CVE-2018-16011, is a use-after-free problem which can lead to arbitrary code execution if exploited could permit the execution…

Emergency Fix for IE Zero Day

Microsoft Releases Patch to Address Active Exploit After learning about it from Google, Microsoft has moved to fix CVE-2018-8653. This flaw in Internet Explorer is being actively exploited in the wild. According to the Microsoft release, this remote code execution issue “could corrupt memory in such a way that an attacker could execute arbitrary code…

Google’s Project Zero Discloses Logitech Vulnerability

Logitech’s Logic Called Into Question On December 11, Google’s Project Zero disclosed a vulnerability in Logitech’s Options application. It seems that the application opened a port (10134) to simplify client-server communication. However, this also means that authentication steps would be skipped, creating possible security risks. The researcher who discovered the vulnerability, Tavis Ormandy, suggests that…

Microsoft Re-Releases Windows 10 v1809

Issue-Plagued October Update is Available…again. After being publicly pulled twice, Microsoft is tentatively releasing Windows 10 version 1809 again. To be able to deploy this update now, one would have to manually check systems through Windows Update. It will not be automatically pushed to any devices. Of the 7 issues Microsoft has been tracking, 3…

Equifax Blames One IT Guy for Not Patching

Former Equifax CEO Blames One Employee for Massive Hack After over a year of investigation, the U.S. House of Representatives Oversight and Government Reform Committee have released their report on the Equifax data breach. Their report is scathing, drawing immediate attention to massive failures. The report calls the hack “entirely preventable” and states that there…

December Patch Tuesday: Disclosed & Exploited

Patch Tuesday Release: The Latest News Microsoft has released half the updates they released last month: 39 security patches total. Thee cover Internet Explorer (IE), Edge, ChakraCore, Hyper-V, Exchange, Windows components, .NET Core, SQL Server, and Microsoft Office.  9 of these are listed as Critical with the remaining 30 as Important. Adobe Fixes Many Vulnerabilities…

Prepare for Patch Tuesday!

Do you have a patching strategy? It should include turning off Automatic Windows update. Patch Tuesday is here. To avoid the usual splitting headache, we recommend disabling automatic updates for Windows and implementing a reliable patch strategy. Windows 10 updates whether you want it to or not…unless you know the trick. While we recommend that…

Critical 9.9 Zoom Vulnerability

Exploit Could Install Malware on Desktops Research done by Tenable®, Inc. has revealed a critical vulnerability in Zoom’s Desktop Conferencing Application. Over 750,000 companies use Zoom as their conferencing and webinar platform. This exploit could be leveraged to spoof chat messages, remove and lock out conference attendees, and even bypass screen control permissions to execute…

December Third-Party Security Updates

Business Evolves with Technology Recently, Forbes outlined 5 ways retail is attempting to redefine itself. Overall, businesses are experimenting with new technologies, utilizing IoT devices to craft a more engaging shopping experience. But are they exposing themselves to security risks? “Smart IoT devices such as beacons and smart shelves offer retail companies the efficiency to…