Candlelites

Everything from Everywhere

amd set to patch 13 vulnerabilities disclosed by cts labs - Search

amd set to patch 13 vulnerabilities disclosed by cts labs Searched between all the resources and sites across the web. To view the full text news click on the links searched. All links are displayed with the source site.



amd set to patch 13 vulnerabilities disclosed by cts labs


after being blindsided by a set of vulnerability reports that were disclosed without giving amd time to analyze, the silicon vendor has now provided a technical assessment.






32 zero-day vulnerabilities disclosed at mobile pwn2own 2017


the second day of this year's mobile pwn2own hacking contest on nov. 2 brought with it more exploits, including the longest exploit chain ever seen at a pwn2own event. mobile pwn2own 2017 ran from nov.1-2 in tokyo and resulted in the disclosure of 32 vulnerabilities involving apple, samsung and huawei mobile devices. by the end of the two-day event, trend micro's zero day initiative (zdi), which runs the pwn2own contest, had awarded a grand total of $515,000 in prize money for the successfully demonstrated exploits. zdi has privately disclosed all of the vulnerabilities to the impacted vendors so the issues can be patched.a highlight of the event was a remarkably sophisticated and elaborate exploit demonstrated by mwr labs against the samsung galaxy s8 and its default internet browser. rat






top five ways critical security flaws remain unpatched in it systems


despite the known risks of software vulnerabilities, most companies have unpatched security flaws in their infrastructure. in its 2017 state of software security report, software testing firm veracode found that only 14 percent of high-severity vulnerabilities are patched in the first month after discovery. more than three-quarters of all applications tested by the firm has at least one vulnerability when initially tested. companies need to focus on tracking the software used in their environment and keep up-to-date on the security risks found in that software, said chris eng, vice president of research for veracode. further reading"software is being built with whatever version is available at the time, and that is not patched until an emergency happens," he said. "there are always going t






google patches 105 vulnerabilities in android march update


google is updating android with its third security patch update for 2017, providing fixes for 105 vulnerabilities. the march 2017 patch count represents a dramatic increase over the 19 flaws that google patched in its android march 2016 update a year ago. to date in 2017, google has provided its android users with patches for 253 vulnerabilities, with 90 in january, 58 in february and now 105 updates in march. looking specifically at the 35 critical updates addressed by google in the march 2017 update, the usual suspects are once again well represented. since google's very first android security update in august 2015, the mediaserver component has been appearing in security updates and the march 2017 update is no exception. nine of the critical flaws in the new update are remote code execu






google patches 105 vulnerabilities in android march update


google is updating android with its third security patch update for 2017, providing fixes for 105 vulnerabilities. the march 2017 patch count represents a dramatic increase over the 19 flaws that google patched in its android march 2016 update a year ago. to date in 2017, google has provided its android users with patches for 253 vulnerabilities, with 90 in january, 58 in february and now 105 updates in march. looking specifically at the 35 critical updates addressed by google in the march 2017 update, the usual suspects are once again well represented. since google's very first android security update in august 2015, the mediaserver component has been appearing in security updates and the march 2017 update is no exception. nine of the critical flaws in the new update are remote code execu






oracle issues its largest critical patch update ever


oracle released its' largest security update ever on april 18, providing fixes for 299 vulnerabilities across oracle's software portfolio. the previous record for oracle vulnerabilities fixed in a single update was 276 patches in the july 2016 critical patch update.  oracle patched 270 vulnerabilities in its january 2017 update, bringing the total number of vulnerabilities patched this year to 569.while the total number of vulnerabilities patched this month is somewhat surprising, there are other surprises as well."the fact that we’re still addressing vulnerabilities associated with struts v1 and apache commons years after the issues were first raised is surprising and troubling," john matthew holt, waratek cto, told eweek. "the struts 2 patch is less surprising since it was just announced






oracle patches peoplesoft for critical tuxedo vulnerabilities


oracle generally only issues security patches for its applications as part of a quarterly critical patch update (cpu), but that isn't the case with a set of critical flaws in the tuxedo application. oracle issued an emergency patch for five issues in tuxedo on nov. 14, that abuse the jolt protocol and could leave enterprises at risk.the security issues were first privately disclosed to oracle by security firm erpscan, which only publicly provided the technical details of the flaw in a talk at the deepsec conference in vienna, austria on nov. 16. erpscan has dubbed the flaw, "joltandbleed" as a reference to the openssl heartbleed vulnerability that enabled a similar kind of leakage in encrypted ssl/tls traffic."this security alert addresses cve-2017-10269 and four other vulnerabilities affe






amd hits a snag over patch for chip flaw


days after advanced micro devices inc. amd 1.83% suggested its chips were largely unaffected by significant vulnerabilities found in a variety of processors, the rival to intel corp. intc -1.66% has run into trouble. microsoft corp. on tuesday said some customers found their amd-powered computers were unusable after applying the latest security patches for the windows operating system.on an online support page, microsoft said it would “temporarily pause” sending updates to some devices running amd processors. after investigating, the software giant said it found “some amd chipsets do not conform to the documentation previously provided to microsoft.” intel’s shares sank in the two days after the chip vulnerabilities were disclosed last week, while amd shares are up more than 15% since jan.






amd hits a snag over patch for chip flaw


days after advanced micro devices inc. amd 1.18% suggested its chips were largely unaffected by significant vulnerabilities found in a variety of processors, the rival to intel corp. intc -2.57% has run into trouble. microsoft corp. on tuesday said some customers found their amd-powered computers were unusable after applying the latest security patches for the windows operating system.on an online support page, microsoft said it would “temporarily pause” sending updates to some devices running amd processors. after investigating, the software giant said it found “some amd chipsets do not conform to the documentation previously provided to microsoft.” intel’s shares sank in the two days after the chip vulnerabilities were disclosed last week, while amd shares are up more than 15% since jan.






amd hits a snag over patch for chip flaw


days after advanced micro devices inc. amd 1.78% suggested its chips were largely unaffected by significant vulnerabilities found in a variety of processors, the rival to intel corp. intc -1.23% has run into trouble. microsoft corp. on tuesday said some customers found their amd-powered computers were unusable after applying the latest security patches for the windows operating system.on an online support page, microsoft said it would “temporarily pause” sending updates to some devices running amd processors. after investigating, the software giant said it found “some amd chipsets do not conform to the documentation previously provided to microsoft.” intel’s shares sank in the two days after the chip vulnerabilities were disclosed last week, while amd shares are up more than 15% since jan.






amd hits a snag over patch for chip flaw


days after advanced micro devices inc. amd -3.75% suggested its chips were largely unaffected by significant vulnerabilities found in a variety of processors, the rival to intel corp. intc -2.50% has run into trouble. microsoft corp. on tuesday said some customers found their amd-powered computers were unusable after applying the latest security patches for the windows operating system.on an online support page, microsoft said it would “temporarily pause” sending updates to some devices running amd processors. after investigating, the software giant said it found “some amd chipsets do not conform to the documentation previously provided to microsoft.” intel’s shares sank in the two days after the chip vulnerabilities were disclosed last week, while amd shares are up more than 15% since jan






microsoft adds intel firmware fix to meltdown and spectre patch


microsoft has resumed issuing patches to fix meltdown and spectre cpu vulnerabilities in pc cpus after the software giant and its hardware partners have had time to evaluate the best ways fix what proved to be a complex cyber-security problem.like most major software vendors, microsoft rushed to update its windows operating systems after the software giant was notified of the vulnerabilities in modern-day computer processors.that’s because it was clear after the vulnerabilities were disclosed in early days of 2018 that they can undermine some of the most fundamental data protection mechanisms found in today's cpus, including those from intel, advanced micro devices (amd) and arm.further readingmeltdown and spectre essentially dissolve the barriers that prevent applications and attackers fr






oracle patches 237 vulnerabilities as cryptocurrency attacks grow


oracle has released its january critical patch update, fixing 237 vulnerabilities across the company's product portfolio. the update, released on jan. 16, comes as cryptocurrency miner attackers take aim at vulnerabilities that oracle patched in its october 2017 cpu.the january 2018 cpu addresses myriad security vulnerabilities, including ones affecting database, middleware, java, peoplesoft, siebel and e-business suite applications. of particular note, oracle's january cpu includes patches for the meltdown (cve-2017-5754) and spectre (cve-2017-5753 and cve-2017-5715) processor vulnerabilities that were disclosed on jan. 3.other issues patched by oracle in the january cpu include a pair of critical vulnerabilities (cve-2018-2655 and cve-2018-2656) in the oracle e-business suite (ebs) that






nvidia ceo clarifies its gpus are ‘absolutely’ immune to meltdown and spectre


nvidia issued a security bulletin on tuesday detailing updates it made to its driver software to address the so-called meltdown cpu vulnerability revealed by google’s project zero. the bulletin was misinterpreted by some outlets as an admission that nvidia’s gpus were also affected.“our gpus are immune, they’re not affected by these security issues,” nvidia ceo jensen huang said during a general press q&a this morning. “what we did is we released driver updates to patch the cpu security vulnerability. we are patching the cpu vulnerability the same way that amazon , the same way that sap, the same way that microsoft, etc are patching, because we have software as well.”huang explained that anyone running any kind of software has to patch that software for the cpu vulnerabilities discovered b






cygilant launches new vulnerability, patch management cloud service


cygilant explains its mission with an unusual name. it is a combination of “cyber” and “vigilant,” so one can ascertain with a fair amount of accuracy what it does.specifically, cygilant provides security as a cloud-based service; it added to its product line oct. 24 by launching a new combined vulnerability and patch management subscription package. this approach—which the company describes as “industry-first”—to vulnerability and patch management is now available to companies that have invested in the qualys, rapid7 or tenable vulnerability management platforms but don’t have the resources to prevent breaches from known exploitable vulnerabilities or unpatched systems.this security issue has been prominent in the news recently. enterprises effectively utilizing vulnerability and patch ma






ibm reports that total number of disclosed vulnerabilities grew in 2016


2016 was a particularly active year for cyber-security —that is if you look at it in terms of breached records and disclosed vulnerabilities. ibm released its x-force threat intelligence index 2017 on march 29, reporting a record high number of disclosed software vulnerabilities and breached data records.since 1997, ibm's x-force vulnerability database has been tracking public disclosures of software vulnerabilities. in 2016, ibm tracked 10,197 software vulnerabilities, marking a new record high and the first time the number has ever exceeded 10,000.adding insult to injury, ibm reported that more than 4 billion data records were lost in data breaches, marking a 566 percent year-over-year in increase in the total number of data record that were compromised.while the number of data records l






what you need to know about amd's vulnerability report


using a computer, you usually expect that threats will come mostly at the software level. it doesn’t even cross our minds to think that the hardware itself can be a conduit to viruses and other sorts of nasty malware.the truth is that hackers will take any chance they can get to infiltrate your system, and cpus can play a role in that. at the beginning of 2018, intel’s cpus were revealed to have a set of vulnerabilities known as meltdown and spectre. just a few months later on march 14 of the same year, another set of vulnerabilities in amd’s latest line of processors was discovered by a company called cts-labs. this time, however, the way the reports were handled was a bit more unorthodox.the vulnerabilitiesthe list of thirteen vulnerabilities discovered by cts-labs can be seen summarized






oracle drops massive 299 vulnerability patch, fixes shadow broker exploit


(image: malwarebytes) oracle has released a patch that fixes a total of 299 vulnerabilities, breaking the firm's previous record in july that resolved a total of 276 security flaws.on wednesday, the software giant issued a security advisory, which documented 299 security fixes for software in most of the company's product families including oracle database server, fusion middleware, enterprise manager base platform, peoplesoft enterprise, and java, among others.the majority of the fixes are for oracle financial services, retail, communications, and mysql software. as noted by qualys, the vulnerabilities found within these families can be exploited remotely via http to completely hijack vulnerable systems.in total, oracle has patched a total of 39 mysql and 39 oracle retail bugs and 47 fina






oracle drops massive 299 vulnerability patch, fixes shadow broker exploit


malwarebytes oracle has released a patch which fixes a total of 299 vulnerabilities, breaking the firm's previous record in july which resolved a total of 276 security flaws.on wednesday, the software giant issued a security advisory which documented 299 security fixes for software in most of the company's product families including oracle database server, fusion middleware, enterprise manager base platform, peoplesoft enterprise and java, among others.the majority of the fixes are for oracle financial services, retail, communications, and mysql software. as noted by qualys, the vulnerabilities found within these families can be exploited remotely via http to completely hijack vulnerable systems.in total, oracle has patched a total of 39 mysql and 39 oracle retail bugs, 47 financial servic






amd investigating report alleging 13 critical cpu vulnerabilities


security researchers from cts labs released a report on march 13 that claims advanced micro devices cpus are at risk from 13 critical flaws that can endanger users and organizations.the flaws impact amd's epyc, ryzen, ryzen pro and ryzen mobile processors and have been dubbed ryzenfall, masterkey, fallout and chimera by cts labs. there currently are no publicly available patches for the issues, due in part to the fact that cts labs provided little time for amd to respond. meanwhile, some security researchers are disputing the severity of the flaws, given that they require administrative access to systems."at amd, security is a top priority and we are continually working to ensure the safety of our users as new risks arise," amd wrote in a statement sent to eweek. "we are investigating this






patching could have stopped most breaches, study finds


approximately 80 percent of companies that had either a breach or a failed audit could have prevented the issue with a software patch or a configuration change, according to a security-automation survey of 318 firms. the survey, conducted by research firm voke media in late 2016, found that 27 percent of companies reported a failed audit in the prior 18 months, of which 81 percent could have been prevented with a patch or configuration change. similarly, 26 percent reported a breach, of which 79 percent could have been prevented with those two measures. nearly half—46 percent—of companies took longer than 10 days to remediate vulnerabilities and apply patches. those patch or configuration-change backlogs are a critical issue for businesses, said theresa lanowitz, the founder and ceo of vok






patching could have stopped most breaches, study finds


approximately 80 percent of companies that had either a breach or a failed audit could have prevented the issue with a software patch or a configuration change, according to a security-automation survey of 318 firms.the survey, conducted by research firm voke media in late 2016, found that 27 percent of companies reported a failed audit in the prior 18 months, of which 81 percent could have been prevented with a patch or configuration change. similarly, 26 percent reported a breach, of which 79 percent could have been prevented with those two measures.nearly half—46 percent—of companies took longer than 10 days to remediate vulnerabilities and apply patches. those patch or configuration-change backlogs are a critical issue for businesses, said theresa lanowitz, the founder and ceo of voke.






malware samples for meltdown, spectre vulnerabilities continue to grow


the meltdown and spectre cpu vulnerabilities were first publicly disclosed four weeks ago on jan. 3, triggering a panicked volume of patching by both silicon and software vendors. but what actually is the risk and are there any known malware attacks that are exploiting the meltdown and spectre vulnerabilities today?first the bad news, there are in fact publicly reported instances of malware samples that attempt to exploit the meltdown and spectre vulnerabilities. security testing firm av-test reported on feb. 1 that to date it has seen 139 malware samples related to meltdown and spectre.the good news though is that there currently are not any widespread publicly disclosed malware attack campaigns that are using the meltdown or spectre vulnerabilities and multiple security vendors have acti






zealot attack uses apache struts, nsa exploits to mine crypto-currency


network security vendor f5 has discovered a new attack that makes use of known vulnerabilities including the same apache struts vulnerability linked to the equifax breach to mine the monero cryptocurrency.f5's threat researchers have dubbed the campaign "zealot", which is also the name of a file that is part of multi-stage attack. the zealot files include python scripts that trigger the eternalblue and eternal synergy exploits that were first publicly disclosed by the shadow brokers hacking group and were allegedly first created by the u.s. national security agency (nsa) linked equation group."the number of infected machines isn’t known, but any machine vulnerable to apache struts 2 jakarta multipart parser flaw (cve-2017-5638) can potentially be infected," liron segal, f5 labs researcher,






malware samples for meltdown, spectre vulnerabilities continue to grow


the meltdown and spectre cpu vulnerabilities were first publicly disclosed four weeks ago on jan. 3, triggering a panicked volume of patching by both silicon and software vendors. but what actually is the risk and are there in fact malware attacks that are using the meltdown and spectre vulnerabilities today?first the bad news, there are in fact publicly reported instances of malware samples that attempt to exploit the meltdown and spectre vulnerabilities. security testing firm av-test reported on feb. 1 that to date it has seen 139 malware samples related to meltdown and spectre.the good news though is that there currently are not any widespread publicly disclosed malware attack campaigns that are using the meltdown or spectre vulnerabilities and multiple security vendors have active dete






microsoft says users are protected from alleged nsa malware


paris — up-to-date microsoft customers are safe from the purported national security agency spying tools dumped online, the software company said saturday, tamping down fears that the digital arsenal was poised to wreak havoc across the internet.in a blog post , microsoft security manager phillip misner said that the software giant had already built defenses against nine of the 12 tools disclosed by theshadowbrokers, a mysterious group that has repeatedly published nsa code . the three others affected old, unsupported products.“most of the exploits are already patched,” misner said.the post tamped down fears expressed by some researchers that the digital espionage toolkit made public by theshadowbrokers took advantage of undisclosed vulnerabilities in microsoft’s code. that would have been






microsoft says users are protected from alleged nsa malware


paris (ap) — up-to-date microsoft customers are safe from the purported national security agency spying tools dumped online, the software company said saturday, tamping down fears that the digital arsenal was poised to wreak havoc across the internet .in a blog post , microsoft corp. security manager phillip misner said that the software giant had already built defenses against nine of the 12 tools disclosed by theshadowbrokers, a mysterious group that has repeatedly published nsa code . the three others affected old, unsupported products.“most of the exploits are already patched,” misner said.the post tamped down fears expressed by some researchers that the digital espionage toolkit made public by theshadowbrokers took advantage of undisclosed vulnerabilities in microsoft’s code. that wou






microsoft says users are protected from alleged nsa malware


paris — up-to-date microsoft customers are safe from the purported national security agency spying tools dumped online, the software company said saturday, tamping down fears that the digital arsenal was poised to wreak havoc across the internet .in a blog post , microsoft corp. security manager phillip misner said that the software giant had already built defenses against nine of the 12 tools disclosed by theshadowbrokers, a mysterious group that has repeatedly published nsa code . the three others affected old, unsupported products."most of the exploits are already patched," misner said.the post tamped down fears expressed by some researchers that the digital espionage toolkit made public by theshadowbrokers took advantage of undisclosed vulnerabilities in microsoft's code. that would ha






telepresence robot patched after rapid7 discloses iot security risks


once again, the security risks associated with internet of things (iot) connected devices are being scrutinized, as rapid7 has publicly disclosed multiple vulnerabilities in double robotics devices. double robotics, a vendor of mobile telepresence robots that help to enable people to communicate in an innovative way, has already patched two out of the three security issues that rapid7 has responsibly disclosed. rapid7 first reported the vulnerabilities to double robotics on jan. 9. to its credit, double robotics moved rapidly to address the vulnerabilities and had patches out on jan. 16. "even though these issues are fixed, we disclose issues like these primarily so other developers out there can learn about common gotchas that might be relevant to their projects," deral heiland, iot resea






telepresence robot patched after rapid7 discloses iot security risks


once again, the security risks associated with internet of things (iot) connected devices are being scrutinized, as rapid7 has publicly disclosed multiple vulnerabilities in double robotics devices.double robotics, a vendor of mobile telepresence robots that help to enable people to communicate in an innovative way, has already patched two out of the three security issues that rapid7 has responsibly disclosed. rapid7 first reported the vulnerabilities to double robotics on jan. 9. to its credit, double robotics moved rapidly to address the vulnerabilities and had patches out on jan. 16."even though these issues are fixed, we disclose issues like these primarily so other developers out there can learn about common gotchas that might be relevant to their projects," deral heiland, iot researc






outdated operating systems, browsers put many organizations at risk


the easiest way to improve a device's security is to make sure it's using the latest version of its operating system, browser, and other software. updates often patch known vulnerabilities or bolster an app's defenses. but a new report from bitsight, the self-described "standard in security ratings," shows that many organizations don't update the operating systems or browsers of the many devices they have to manage.bitsight said it analyzed "more than 35,000 companies from industries across the globe over the last year" to "better understand the usage of outdated computer operating systems and internet browsers, the time to it took to update operating systems once a new release was made available, and how these practices correlate to data breaches." it learned that many organizations fail






sap releases 25 new security notes to fix vulnerabilities


enterprise software giant sap released its monthly patch update for march this week, providing users with 25 new security notes in addition to updates for two existing notes. in sap's nomenclature, a security note is what most other vendors refer to as a security advisory, with added information for risk mitigation.among the standout issues this month are multiple vulnerabilities in the sap hana database system. in fact, the highest severity issue this month, identified as security note 2424173, is a self service issue in sap hana that has a common vulnerability scoring system (cvss) score of 9.8. as it turns out, all of the sap hana vulnerabilities were reported by a single security research firm, onapsis.security note 2424173 actually comprises 10 related vulnerabilities in the sap hana






microsoft’s delay of this month’s security patch bundle makes little sense


microsoft delayed the whole february patch bundle until march, leaving windows users vulnerable to potentially dozens of security vulnerabilities that could have been fixed this month.






adobe patch of 59 flaws in april update includes pwn2own disclosures


on april 11, adobe released its monthly patch tuesday update, providing patches for 59 vulnerabilities across its software application product portfolio, fixing multiple issues first revealed at the pwn2own 2017 hacking contest in march.the adobe updates include seven security vulnerabilities in flash player (cve-2017-3058, cve-2017-3059, cve-2017-3060, cve-2017-3061, cve-2017-3062, cve-2017-3063, cve-2017-3064), one in adobe campaign (cve-2017-2989), two in photoshop (cve-2017-3004, cve-2017-3005) and two in the creative cloud desktop application (cve-2017-3006, cve-2017-3007). in addition, there were 47 cves patched in the adobe reader pdf application this month.looking specifically at the adobe flash advisory, brian gorenc, senior manager of vulnerability research at trend micro, noted






microsoft users with updated systems are safe from alleged nsa malware, company


by raphael satter, the associated pressparis — up-to-date microsoft customers are safe from the purported national security agency spying tools dumped online, the software company said saturday, tamping down fears that the digital arsenal was poised to wreak havoc across the internet .in a blog post , microsoft corp. security manager phillip misner said that the software giant had already built defenses against nine of the 12 tools disclosed by theshadowbrokers, a mysterious group that has repeatedly published nsa code . the three others affected old, unsupported products.“most of the exploits are already patched,” misner said.the post knocked back warnings from some researchers that the digital espionage toolkit made public by theshadowbrokers took advantage of undisclosed vulnerabilities






microsoft silently rolls out the mega-security patch it skipped in february


microsoft released the march patch tuesday security updates, including the ones it completely skipped in february. the 17 security bulletins contain 134 vulnerabilities, many of which are remote code execution bugs currently exploited in the wild.






city traffic control


city traffic control is a one tap game where you must add certain number of cars to road. all cars will follow each other. you will challenge with different problems in every level. cartoon style design and easy gameplay makes this game simple in eyes but yet very addictive. the game benefits are: beautiful cartoon design. easy one tap control. interesting levels. google play games integrationif you have any recommendation or problem with game, don't hesitate to contact me with provided email below.