Security News

The bug is in Hyper-V's network switch driver and affects Windows 10 and Windows Server 2012 through 2019. The two researchers found the bug together and disclosed it privately to Microsoft.

I was fortunate to be in Military/Federal Government service for over 30 years spending the last 17 years working in the Cybersecurity and Infrastructure Security Agency whose central mission is the security of our nation's critical infrastructure and working with other critical Departments and Agencies that share a similar mission such as the Department of Energy, Department of Defense, Transportation Administration, and Health and Human Services to name a few. Our Nation's cyber and physical infrastructure underpins our national and economic security, public health, and safety, and provides the critical functions our citizens depend on in their everyday lives.

An unauthenticated OS command injection vulnerability in the Sunhillo SureLine application could allow an attacker to execute arbitrary commands with root privileges, according to security researchers with the NCC Group. Sunhillo is an established name in aerial vehicle surveillance and tracking, and SureLine represents the core software that powers the company's surveillance tools and products.

The U.S. House of Representatives this week passed several cybersecurity bills, including ones related to critical infrastructure, industrial control systems, and grants for state and local governments. One of the bills focusing on critical infrastructure is the Cybersecurity Vulnerability Remediation Act, which aims to authorize the DHS's Cybersecurity and Infrastructure Security Agency to assist owners and operators of critical infrastructure with mitigation strategies against serious vulnerabilities.

Atlassian has dropped a patch for a critical vulnerability in many versions of its Jira Data Center and Jira Service Management Data Center products, which can lead to arbitrary code execution. Atlassian is a platform that's used by 180,000 customers to engineer software and manage projects, and Jira is its proprietary bug-tracking and agile project-management tool.

Software development and collaboration solutions provider Atlassian on Wednesday informed customers that it has patched a critical code execution vulnerability affecting some of its Jira products. According to Atlassian, security researcher Harrison Neal discovered that Jira Data Center - including Software Data Center and Core Data Center - and Jira Service Management Data Center software development products are affected by a critical flaw related to missing authentication for the Ehcache RMI network service.

Needless to say, Geyer has a lot to say about the threat ransomware poses to OT, ICS and critical infrastructure. How to prepare for the future of ransomware risk management.

Patches released this week by Dell for its OpenManage Enterprise product address multiple critical-severity vulnerabilities. A systems management and monitoring application, Dell OpenManage Enterprise provides administrators with a comprehensive view of Dell EMC servers, network switches, and storage in their environment.

Atlassian is prompting its enterprise customers to patch a critical vulnerability in many versions of its Jira Data Center and Jira Service Management Data Center products. The vulnerability tracked as CVE-2020-36239 can give remote attackers arbitrary code execution abilities, due to a missing authentication flaw in Jira's implementation of Ehcache, an open-source component.

Oracle on Tuesday released its quarterly Critical Patch Update for July 2021 with 342 fixes spanning across multiple products, some of which could be exploited by a remote attacker to take control of an affected system. Chief among them is CVE-2019-2729, a critical deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services that's remotely exploitable without authentication.