Security News

Critical Golang XML parser bugs can cause SAML authentication bypass
2020-12-14 20:23

This week, Mattermost, in coordination with Golang has disclosed 3 critical vulnerabilities within Go language's XML parser. The XML round-trip vulnerabilities listed below lurk in Golang's XML language parser encoding/xml which doesn't return reliable results when encoding and decoding XML input.

Samsung fixes critical Android bugs in December 2020 updates
2020-12-11 13:08

This week Samsung has started rolling out Android's December security updates to mobile devices to patch critical security vulnerabilities in the operating system and related components. This comes after Android had published their December 2020 security updates bulletin, which includes patches for critical vulnerabilities impacting the latest devices.

Microsoft Office security updates fix critical SharePoint RCE bugs
2020-12-11 12:39

Microsoft has addressed critical remote code execution vulnerabilities in multiple SharePoint versions with this month's Office security updates. Redmond also issued the December 2020 Patch Tuesday security updates, with security updates for 58 vulnerabilities, nine of them rated as Critical.

Critical Steam Flaws Could Let Gamers Crash Opponents’ Computers
2020-12-10 11:00

Valve fixed critical bugs in its Steam gaming client, which is a platform for popular video games like Counter Strike: Global Offensive, Dota2 and Half Life. Game developer Valve has fixed critical four bugs in its popular Steam online game platform.

Cisco fixes new Jabber for Windows critical code execution bug
2020-12-10 11:00

Cisco has addressed a new critical severity remote code execution vulnerability affecting several versions of Cisco Jabber for Windows, macOS, and mobile platforms after patching a related security bug in September. Cisco released security updates in September to address a critical RCE security vulnerability tracked as CVE-2020-3495 stemming from a Cross-Site Scripting bug in Cisco Jabber.

Cisco Reissues Patches for Critical Bugs in Jabber Video Conferencing Software
2020-12-10 08:37

Cisco has once again fixed four previously disclosed critical bugs in its Jabber video conferencing and messaging app that were inadequately addressed, leaving its users susceptible to remote attacks. The new flaws, which were uncovered after one of its clients requested a verification audit of the patch, affects all currently supported versions of the Cisco Jabber client.

Amnesia:33 — Critical TCP/IP Flaws Affect Millions of IoT Devices
2020-12-10 08:36

Cybersecurity researchers disclosed a dozen new flaws in multiple widely-used embedded TCP/IP stacks impacting millions of devices ranging from networking equipment and medical devices to industrial control systems that could be exploited by an attacker to take control of a vulnerable system. Collectively called "AMNESIA:33" by Forescout researchers, it is a set of 33 vulnerabilities that impact four open-source TCP/IP protocol stacks - uIP, FNET, picoTCP, and Nut/Net - that are commonly used in Internet-of-Things and embedded devices.

Adobe fixes critical security vulnerabilities in Lightroom, Prelude
2020-12-09 09:26

Adobe has released security updates to address critical severity security bugs affecting Windows and macOS versions of Adobe Lightroom and Adobe Prelude. In total, the company addressed four security vulnerabilities affecting three products, three of them rated as critical and one as an important severity bug in Adobe Experience Manager and the AEM Forms add-on package.

Google Patches Critical Wi-Fi and Audio Bugs in Android Handsets
2020-12-08 22:52

Google patched ten critical bugs as part of its December Android Security Bulletin. The worst of the bugs was tied to the Android media framework component and gives attacker remote control of vulnerable handsets.

Microsoft Patches Critical SharePoint, Exchange Security Holes
2020-12-08 18:52

Microsoft's final batch of security patches for 2020 shipped today with fixes for at least 58 documented vulnerabilities affecting a wide range of OS and software products. The December security updates include fixes for code execution vulnerabilities in the company's flagship Windows operating system and serious problems in Microsoft Sharepoint, Microsoft Exchange, HyperV, and a Kerberos security feature bypass.