Security News

Adobe has fixed critical-severity flaws tied to four CVEs in the Windows and macOS versions of its Acrobat and Reader family of application software services. These critical flaws include a heap-based buffer overflow, out-of-bounds write glitch and two use-after free flaws.

SaltStack, a VMware-owned company, has revealed critical vulnerabilities impacting Salt versions 3002 and prior, with patches available as of today. While the vulnerabilities were disclosed today, it is worth noting that fixes for all three vulnerabilities were committed and disclosed to GitHub much earlier.

While specific details of the flaw were not disclosed, Oracle's alert said it exists in the Console of the Oracle WebLogic Server and can be exploited via the HTTP network protocol. Oracle WebLogic Server is a popular application server used in building and deploying enterprise Java EE applications.

Adobe has released security updates to address critical severity vulnerabilities affecting Adobe Acrobat and Reader for Windows and macOS that could enable attackers to execute arbitrary code on vulnerable devices. Adobe categorized the security updates as priority 2 updates which means that they address vulnerabilities with no public exploits in products that have "Historically been at elevated risk."

Oracle has released an out-of-band security alert for a critical remote code execution vulnerability affecting WebLogic Server. "This Security Alert addresses CVE-2020-14750, a remote code execution vulnerability in Oracle WebLogic Server. [] It is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password," Oracle notes in its advisory.

92 percent of organizations admit that they face a cloud security readiness gap. IoT in all its flavors exposes companies and consumers alike to a wide range of security threats.

Oracle issued an out-of-band security update over the weekend to address a critical remote code execution vulnerability impacting multiple Oracle WebLogic Server versions. Supported Oracle WebLogic Server versions that are affected by CVE-2020-14750 include 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0.

In today's perilous cyber world, companies must carefully check their vendors' cyber posture, and the initial vetting of any third party typically begins with a comprehensive security questionnaire. These can be a headache, because many questionnaires include hundreds of questions, and many of them are irrelevant.

Several vulnerabilities found by researchers in the OpenEMR software can be exploited by remote hackers to obtain medical records and compromise healthcare infrastructure. Researchers at Swiss-based code quality and security solutions provider SonarSource discovered earlier this year that OpenEMR is affected by four types of vulnerabilities that impact servers using the Patient Portal component.

Federal IT leaders across the country voiced the importance of network visibility in managing and securing their agencies' increasingly complex and hybrid networks, according to Riverbed. Of 200 participating federal government IT decision makers and influencers, 90 percent consider their networks to be moderately-to-highly complex, and 32 percent say that increasing network complexity is the greatest challenge an IT professional without visibility faces in their agency when managing the network.