Security News

A critical zero-day security vulnerability in Pulse Secure VPN devices has been exploited by nation-state actors to launch cyberattacks against U.S. defense, finance and government targets, as well as victims in Europe, researchers said. Pulse Secure said that the zero-day will be patched in early May; but in the meantime, the company worked with Ivanti to release both mitigations and the Pulse Connect Secure Integrity Tool, to help determine if systems have been impacted.

As organizations shifted focus to support remote work and business continuity amid the challenges of 2020, web application security suffered, according to an Invicti Security report. Medium-severity vulnerabilities such as denial-of-service, host header injection, and directory listing, remained present in 63% of web apps in 2020, holding flat from 2019.

A critical vulnerability patched recently by networking and cybersecurity solutions provider Juniper Networks could allow an attacker to remotely hijack or disrupt affected devices. In a security advisory published this week, Juniper said the vulnerability can be exploited by a remote, unauthenticated attacker for arbitrary code execution or to trigger a partial denial of service condition on the targeted device.

One of these updates refers to a vulnerability that impacts SAP Business Client, a user interface that acts as an entry point to various SAP business applications. SAP also delivered an update that fixes a remote code execution bug in SAP Commerce used to organize product information for distribution across multiple communication channels.

Whether you're writing corporate policies for business workers or university policies for faculty and staff, crafting an effective IT policy can be a daunting and expensive task. For less than what it would cost to create a single policy, TechRepublic Premium subscribers get access to over 100 ready-made IT policies.

On Tuesday, as part of its April 2021 Security Patch Day, SAP announced the release of 14 new security notes and 5 updates to previously released notes. The only new Hot News note released with this round of patches addresses a critical vulnerability in SAP Commerce.

April showers bring hours of patches as Microsoft delivers its Patch Tuesday fun-fest consisting of over a hundred CVEs, including four Exchange Server vulnerabilities reported to the company by the US National Security Agency. "This month's release includes a number of critical vulnerabilities that we recommend you prioritize, including updates to protect against new vulnerabilities in on-premise Exchange Servers," Microsoft said in its blog post.

Microsoft today has released security updates for Exchange Server that address a set of four vulnerabilities with severity scores ranging from high to critical. The flaws affect on-premise Exchange Server versions 2013 through 2019 and while there is no evidence of being exploited in the wild, Microsoft assesses that threat actors are likely to leverage them as soon as they create an exploit.

Just weeks after a wave of major in-the-wild zero-day attacks against Exchange Server installations globally, Microsoft is raising a fresh alarm for four new critical security flaws that expose businesses to remote code execution attacks. The four new Exchange Server vulnerabilities were fixed as part of this month's Patch Tuesday bundle and because of the severity of these issues, Microsoft has joined with the U.S. National Security Agency to urge the immediate deployment of the new fixes.

Adobe on Tuesday announced patches for vulnerabilities in four of its products, including critical code execution flaws affecting Photoshop and Bridge. In Photoshop, the company fixed two critical buffer overflow bugs that can be exploited for arbitrary code execution in the context of the targeted user.