Patch/Configuration Management, Vulnerability Management

On Patch Tuesday, Microsoft warns of zero-day attacks in IE

June 12, 2012

Separate of the patches it released, Microsoft on Tuesday warned of attacks underway that are targeting a zero-day vulnerability residing in XML Core Services, according to an advisory. The exploits are being launched against Internet Explorer users by tricking them, usually through a legitimate-looking email or instant messenger conversation, to visit a malicious website. Microsoft does not have a patch for the vulnerability, but as part of the advisory, it issued what Microsoft officials call "an effective workaround that stops would-be attackers from taking advantage of the issue via Internet Explorer."

Dan Kaplan

Vulnerability Management

Apple patches TCC bypass vulnerability

SC StaffDecember 19, 2024

The vulnerability, tracked as CVE-2024-44131, was discovered in the FileProvider component and has been fixed in iOS 18, iPadOS 18, and macOS Sequoia 15 through improved validation of symbolic links.

concept of leaky software, data with a tap sticking out.3d illustration

Data Security

Misconfiguration exposes Virtavo security cam user data

SC StaffDecember 18, 2024

Over 8.7 million records, many of which are duplicates, were discovered within the server, including user phone numbers, network information, device identifiers, performance metrics, and other personal details, according to Cybernews researchers.