Security News > 2020 > August

This time the problem is in the Citrix Endpoint Management, the product Citrix suggests as an ideal way to securely manage devices and "Let employees work how, when and where they want." The situation is sufficiently serious that Citrix gave advance notice of the bugs to "a number of major CERTs around the world." But it's not explained just what the bugs entail, offering only a list of CVE numbers, and hasn't said which of the five are critical.

JumpCloud announced the release of the JumpCloud App for Windows, the latest update to its patent-pending strategy for enabling secure credential and identity management from an employee's device. The JumpCloud Windows App streamlines credential management workflows and establishes the employee's workstation or laptop as a trusted device.

Nutanix announced general availability of Nutanix Clusters on AWS, extending the flexibility and ease of use of the company's hyperconverged infrastructure software, along with all Nutanix products and services, to bare metal Amazon Elastic Compute Cloud instances on Amazon Web Services. With this announcement, Nutanix delivers hybrid cloud infrastructure - one that allows businesses to accelerate their digital initiatives and optimize spending, priorities further amplified in the age of COVID. Nutanix offers a single stack that integrates compute and storage, provides unified operations across private and public clouds, integrated networking with AWS, and license portability from private to public clouds, thus addressing key technical and operational challenges of the hybrid cloud era.

Since COVID-19 cast its pall in March, the Agent Tesla remote-access trojan has exploited the pandemic and added a raft of functionality that has helped it dominate the enterprise threat scene. Though Agent Tesla first made a splash six years ago, it hasn't lost any momentum - in fact, it is featured in more attacks in the first half of 2020 compared to the infamous TrickBot or Emotet malware, according to SentinelOne's SentinelLabs.

Alcatel-Lucent Enterprise and RingCentral announced that they have entered into a strategic partnership to introduce a new co-branded cloud solution - Rainbow Office powered by RingCentral - making it unique and exclusive for Alcatel-Lucent Enterprise. RingCentral and Alcatel-Lucent Enterprise will jointly develop programs enabling both companies to lead the cloud communications services for the enterprise market.

Patch Tuesday used to be Microsoft's day to release patches. Patch watchers at the Zero Day Initiative said that, including the 120 product security bulletins posted this August, Microsoft is just 11 patches away from surpassing its 2019 full-year total with four months still to go in 2020.

The financing will help support Perimeter 81's rapid growth and accelerate the company's hiring and development, furthering its disruption of the traditional VPN and Firewall markets. "With COVID-19, we witnessed an incredible surge in the demand for our services as the transition to remote work - which occurred virtually overnight - illuminated the need for companies worldwide to depart from their legacy hardware-based security and fully embrace a holistic, cloud edge network," said Perimeter 81 co-founder and CEO, Amit Bareket.

Two Microsoft vulnerabilities are under active attack, according the software giant's August Patch Tuesday Security Updates. "[The] vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer," wrote Microsoft.

Microsoft today released updates to plug at least 120 security holes in its Windows operating systems and supported software, including two newly discovered vulnerabilities that are actively being exploited. Yes, good people of the Windows world, it's time once again to backup and patch up!

Intel is warning of a rare critical-severity vulnerability affecting several of its motherboards, server systems and compute modules. Beyond this critical flaw, Intel also fixed bugs tied to 22 critical-, high-, medium- and low-severity CVEs affecting its server board, systems and compute modules.