VMware Releases Security Updates

Original release date: March 29, 2019

VMware has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the VMware Security Advisories VMSA-2019-0004 and VMSA-2019-0005 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Update for Cisco IOS XE

Original release date: March 28, 2019

Cisco has released a security update to address a vulnerability in Cisco IOS XE. An attacker could exploit this vulnerability to obtain sensitive information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Updates for Multiple Products

Original release date: March 27, 2019

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory page and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


How Microsoft found a Huawei driver that opened systems to attack

How Microsoft found a Huawei driver that opened systems to attack

Enlarge (credit: Valentina Palladino)

Huawei MateBook systems that are running the company's PCManager software included a driver that would let unprivileged users create processes with superuser privileges. The insecure driver was discovered by Microsoft using some of the new monitoring features added to Windows version 1809 that are monitored by the company's Microsoft Defender Advanced Threat Protection (ATP) service.

First things first: Huawei fixed the driver and published the safe version in early January, so if you're using a Huawei system and have either updated everything or removed the built-in applications entirely, you should be good to go.

The interesting part of the story is how Microsoft found the bad driver in the first place.

Read 10 remaining paragraphs | Comments