Security News

Cisco is rolling out fixes for critical holes in its lineup of small-business VPN routers. The flaws exist in the web-based management interface of Cisco's small-business lineup of VPN routers.

"A few thousand devices are impacted," SonicWall said in a statement, adding, "SMA 100 firmware prior to 10.x is unaffected by this zero-day vulnerability." On January 22, The Hacker News exclusively revealed that SonicWall had been breached as a consequence of a coordinated attack on its internal systems by exploiting "Probable zero-day vulnerabilities" in its SMA 100 series remote access devices.

Major vulnerabilities have been discovered in the Realtek RTL8195A Wi-Fi module that could have been exploited to gain root access and take complete control of a device's wireless communications. The Realtek RTL8195A module is a standalone, low-power-consumption Wi-Fi hardware module targeted at embedded devices used in several industries such as agriculture, smart home, healthcare, gaming, and automotive sectors.

Cisco has addressed multiple pre-auth remote code execution vulnerabilities affecting several small business VPN routers and allowing attackers to execute arbitrary code as root on successfully exploited devices. The security bugs with a severity rating of 9.8/10 were found in the web-based management interface of Cisco small business routers.

Google patched five critical bugs in its Android operating system as part of its February Security Bulletin. Three additional critical Qualcomm bugs were reported by Google and patched by Qualcomm - part of a separate security bulletin disclosure.

Even with the security updates prompted by the recent SolarWinds Orion supply-chain attack, researchers still found some glaring vulnerabilities affecting the platform, one of them allowing code execution with top privileges. The vulnerabilities have been discovered and reported to SolarWinds by Martin Rakhmanov, Security Research Manager, SpiderLabs at Trustwave, and have proof-of-concept exploit code available.

CI Security announced the launch of the company's Critical Insight Anti-Ransomware solution. The Critical Insight Anti-Ransomware solution includes an integrated suite of services to prepare for, identify, and resolve ransomware attacks.

The Libgcrypt project has rushed out a fix for a critical bug in version 1.9.0 of the free-source cryptographic library. An exploit would allow an attacker to write arbitrary data to a target machine and execute code.

Wind River debuted Wind River Studio, a cloud-native platform for the development, deployment, operations, and servicing of mission-critical intelligent systems where security, safety, and reliability are required. "In order to thrive in a digital- and AI-first world, companies are accelerating their digital transformation plans from years to months. Wind River is committed to realizing the digital future of our customers across the industries we serve," said Kevin Dallas, Wind River president and CEO. "Wind River Studio is the first and only of its kind to deliver one environment for mission-critical intelligent systems across the full product lifecycle. This new platform offers dramatic improvements in productivity, agility, and time-to-market, with seamless technology integration that includes far edge cloud compute, data analytics, system level security, 5G, and AI/ML.".

Apple, rather unusually in today's cybersecurity world, rarely announces that security fixes are on the way. Apple doesn't disclose, discuss or confirm security issues until an investigation has occurred and patches or releases are generally available.