Security Patch Management
- March 25, 2015
Secunia's 2015 Vulnerability Report shows that better vulnerability reporting and awareness of flaws doesn't necessarily mean vendors offer more patches or focus on the most critical issues.
- March 16, 2015
Update: Microsoft has re-released Enhanced Mitigation Experience Toolkit version 5.2 to correct a bug involving IE 11.
- March 10, 2015
Microsoft's March 2015 Patch Tuesday bulletins include a fix for the FREAK vulnerability, as well as five critical fixes, but surprisingly, an expert says one of the fixes deemed non-critical actually demands immediate attention.
- March 05, 2015
The serious HTTPS FREAK exploit was thought to only affect Android, iOS, and MacOS, but Microsoft has confirmed that it also affects all supported versions of Windows.
- February 25, 2015
Google's Project Zero has added more leeway to its vulnerability disclosure policy, but industry observers are split on whether 90 days is enough time to fix software flaws, or not enough time to manage a sensitive, resource-intensive process.
- February 10, 2015
Microsoft's February 2015 Patch Tuesday release offers three critical fixes, including one for a dangerous Group Policy vulnerability, but does not patch a recently revealed IE XSS zero-day flaw.
- February 06, 2015
News roundup: With the proposed 2016 federal budget and push for a national data breach law, Washington may finally care about cybersecurity. Plus: Coviello to retire; Flash patched again; Sony Pictures breached by Russians and loses its co-chair.
- February 02, 2015
Trend Micro discovered a new zero-day bug in Adobe Flash that is being actively exploited in the wild. Adobe promises a patch for the vulnerability this week.
- January 30, 2015
News roundup: YouTube announced it has stopped using Flash by default in favor of HTML5. Is this the long-awaited end for Flash? Plus: Java was the riskiest software in 2014; BEC scam cost $215 last year; NFL data interceptions.
- January 26, 2015
Adobe's latest Flash zero day patch came Saturday, just two days after reports that the vulnerability was being exploited by drive-by-download attacks.