Security News

Apple, rather unusually in today's cybersecurity world, rarely announces that security fixes are on the way. Apple doesn't disclose, discuss or confirm security issues until an investigation has occurred and patches or releases are generally available.

Drupal has released a security update to address a critical vulnerability in a third-party library with documented or deployed exploits available in the wild. "The Drupal project uses the pear Archive Tar library, which has released a security update that impacts Drupal," the Drupal security team said.

Cisco this week released patches to address a significant number of vulnerabilities across its product portfolio, including several critical flaws in SD-WAN products, DNA Center, and Smart Software Manager Satellite. Several command injection bugs addressed in SD-WAN products could allow an attacker to perform actions as root on the affected devices, the most important of which is rated critical severity, featuring a CVSS score of 9.9.

A Russian researcher has made public on GitHub a functional exploit targeting a critical vulnerability that SAP patched in its Solution Manager product in March 2020. Tracked as CVE-2020-6207 and featuring a CVSS score of 10, the security flaw is a missing authorization check in the EEM Manager component of SolMan, which could allow an unauthenticated, remote attacker to execute operating system commands on hosts, as the SMDAgent.

Absolute Software announced customers can now autonomously self-heal more of the critical applications they rely on to secure remote access and communication for their distributed workforces. Using Absolute's Application Persistence service, IT and security administrators can help ensure the Netskope Cloud Access Security Broker and Next-Gen Secure Web Gateway - in addition to more than 40 other leading endpoint security agents and productivity tools - remain installed, healthy, and undeletable.

Cisco is warning of multiple, critical vulnerabilities in its software-defined networking for wide-area networks solutions for business users. Three critical flaws were found in Cisco smart software manager satellite, which offers businesses real-time visibility and reporting of their Cisco licenses.

Cisco has released security updates to address pre-auth remote code execution vulnerabilities affecting multiple SD-WAN products and the Cisco Smart Software Manager software. Unauthenticated attackers can remotely exploit buffer overflow and command injection bugs to execute arbitrary code or to run arbitrary commands on the underlying operating system of devices running vulnerable releases of SD-WAN and Cisco Smart Software Manager Satellite software.

Google has released Chrome 88 to the stable channel with several security improvements inside, including patches for 36 vulnerabilities, one of which is rated critical severity, and dropped support for Adobe Flash. Chrome 88 also arrived with improved password protections, including a check that helps users identify weak passwords and immediately act upon the issue, to ensure better protection of their accounts.

An active malicious campaign is currently targeting Linux devices running software with critical vulnerabilities that is powering network-attached storage devices or for developing web applications and portals. The purpose is to infect machines with vulnerable versions of the popular TerraMaster operating system, the Zend Framework, or Liferay Portal with FreakOut malware, which can help deploy a wide variety of cyberattacks.

My Office Apps announced the availability of Kechie 2021 Enterprise Resource Planning software, a cloud-based solution, enabling quick access to business-critical information in real time. With over thirty years of business solutions, Kechie is a proven leader in business transformation software with the use of one or more of its software packages - inventory and warehouse management, manufacturing, finance - or a fully configured ERP system to include all the available modules.