Security News

Google patched five critical bugs in its Android operating system as part of its February Security Bulletin. Three additional critical Qualcomm bugs were reported by Google and patched by Qualcomm - part of a separate security bulletin disclosure.

Even with the security updates prompted by the recent SolarWinds Orion supply-chain attack, researchers still found some glaring vulnerabilities affecting the platform, one of them allowing code execution with top privileges. The vulnerabilities have been discovered and reported to SolarWinds by Martin Rakhmanov, Security Research Manager, SpiderLabs at Trustwave, and have proof-of-concept exploit code available.

CI Security announced the launch of the company's Critical Insight Anti-Ransomware solution. The Critical Insight Anti-Ransomware solution includes an integrated suite of services to prepare for, identify, and resolve ransomware attacks.

The Libgcrypt project has rushed out a fix for a critical bug in version 1.9.0 of the free-source cryptographic library. An exploit would allow an attacker to write arbitrary data to a target machine and execute code.

Wind River debuted Wind River Studio, a cloud-native platform for the development, deployment, operations, and servicing of mission-critical intelligent systems where security, safety, and reliability are required. "In order to thrive in a digital- and AI-first world, companies are accelerating their digital transformation plans from years to months. Wind River is committed to realizing the digital future of our customers across the industries we serve," said Kevin Dallas, Wind River president and CEO. "Wind River Studio is the first and only of its kind to deliver one environment for mission-critical intelligent systems across the full product lifecycle. This new platform offers dramatic improvements in productivity, agility, and time-to-market, with seamless technology integration that includes far edge cloud compute, data analytics, system level security, 5G, and AI/ML.".

Apple, rather unusually in today's cybersecurity world, rarely announces that security fixes are on the way. Apple doesn't disclose, discuss or confirm security issues until an investigation has occurred and patches or releases are generally available.

Drupal has released a security update to address a critical vulnerability in a third-party library with documented or deployed exploits available in the wild. "The Drupal project uses the pear Archive Tar library, which has released a security update that impacts Drupal," the Drupal security team said.

Cisco this week released patches to address a significant number of vulnerabilities across its product portfolio, including several critical flaws in SD-WAN products, DNA Center, and Smart Software Manager Satellite. Several command injection bugs addressed in SD-WAN products could allow an attacker to perform actions as root on the affected devices, the most important of which is rated critical severity, featuring a CVSS score of 9.9.

A Russian researcher has made public on GitHub a functional exploit targeting a critical vulnerability that SAP patched in its Solution Manager product in March 2020. Tracked as CVE-2020-6207 and featuring a CVSS score of 10, the security flaw is a missing authorization check in the EEM Manager component of SolMan, which could allow an unauthenticated, remote attacker to execute operating system commands on hosts, as the SMDAgent.

Absolute Software announced customers can now autonomously self-heal more of the critical applications they rely on to secure remote access and communication for their distributed workforces. Using Absolute's Application Persistence service, IT and security administrators can help ensure the Netskope Cloud Access Security Broker and Next-Gen Secure Web Gateway - in addition to more than 40 other leading endpoint security agents and productivity tools - remain installed, healthy, and undeletable.