Security News

German enterprise software giant SAP has released 19 new and updated security notes, including for nine new vulnerabilities that have been rated critical or high severity. One of the critical vulnerabilities is CVE-2021-33698, an unrestricted file upload issue affecting SAP Business One.

Adobe on Tuesday shipped security updates to remediate multiple critical vulnerabilities in its Magento e-commerce platform that could be abused by an attacker to execute arbitrary code and take control of a vulnerable system. The issues affect 2.3.7, 2.4.2-p1, 2.4.2, and earlier versions of Magento Commerce, and 2.3.7, 2.4.2-p1, and all prior versions of Magento Open Source edition.

Adobe on Tuesday shipped security updates to remediate multiple critical vulnerabilities in its Magento e-commerce platform that could be abused by an attacker to execute arbitrary code and take control of a vulnerable system. The issues affect 2.3.7, 2.4.2-p1, 2.4.2, and earlier versions of Magento Commerce, and 2.3.7, 2.4.2-p1, and all prior versions of Magento Open Source edition.

Adobe has released a large Patch Tuesday security update that fixes critical vulnerabilities in Magento and important bugs in Adobe Connect. In total, Adobe fixed 29 vulnerabilities with today's updates.

Adobe has released security updates to address vulnerabilities in Magento and Adobe Connect. Magento is a popular open-source e-commerce platform.

Software maker Adobe has shipped security patches for flaws in its Adobe Magento and Connect product lines, warning that exploitation could lead to remote code execution attacks. The Adobe Magento patch lists 26 CVEs with severity ratings ranging from critical to important, according to an advisory from San Jose, Calif. Software vendor.

Pulse Secure has shipped a fix for a critical post-authentication remote code execution vulnerability in its Connect Secure virtual private network appliances to address an incomplete patch for an actively exploited flaw it previously resolved in October 2020. "The Pulse Connect Secure appliance suffers from an uncontrolled archive extraction vulnerability which allows an attacker to overwrite arbitrary files, resulting in Remote Code Execution as root," NCC Group's Richard Warren disclosed on Friday.

A critical vulnerability has been disclosed in hardware random number generators used in billions of Internet of Things devices whereby it fails to properly generate random numbers, thus undermining their security and putting them at risk of attacks. "It turns out that these 'randomly' chosen numbers aren't always as random as you'd like when it comes to IoT devices," Bishop Fox researchers Dan Petro and Allan Cecil said in an analysis published last week.

A critical vulnerability has been disclosed in hardware random number generators used in billions of Internet of Things devices whereby it fails to properly generate random numbers, thus undermining their security and putting them at risk of attacks. "It turns out that these 'randomly' chosen numbers aren't always as random as you'd like when it comes to IoT devices," Bishop Fox researchers Dan Petro and Allan Cecil said in an analysis published last week.

A recent spike in large-scale ransomware attacks has highlighted the vulnerabilities in the nation's critical infrastructure and the ease with which their systems can be breached. Cyberattacks and ransomware pose a greater risk to critical infrastructure than a non-digital external threat like a nation-state does, and the size and scale of the infrastructure has little to do with the scope of the risk; ransomware is just as much as threat to a water treatment plant in downtown Smallville, USA, as it is to a large-scale energy grid or gasoline pipeline.