Microsoft has shared more details about the critical elevation of privilege bug found in Microsoft Windows Kerberos Key Distribution Center (CVE-2014-6324) which is being exploited in "limited, targeted attacks" in the wild, and has once again urged admins and users to apply the issued patch.
More than a year and a half after they have been reported to SAP AG, the company has issued a patch for a number of critical exploitable security vulnerabilities in its Governance, Risk and Compliance (GRC) software.
This month Microsoft is publishing 14 bulletins with new versions and patches for its software, operating systems and applications.
Owners of a number of Linksys small office/home office routers have been urged last week to update their device's firmware in order patch two vulnerabilities, one of which could allow a remote, unauthenticated attacker to read or modify sensitive information on the router, and the other could allow a local attacker to read the device's password file.
Administrators of sites that run Drupal 7, and have not yet updated to version 7.32 or have done so later than 7 hours after the public revelation of the highly critical SQL injection vulnerability (CVE-2014-3704) on October 15, are advised to consider their site as potentially compromised and proceed to fix the issue.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.