Security News

The flaw stems from a NULL Pointer Dereference error and plagues the Windows, macOS, Linux and ChromeOS versions of Adobe Flash Player. Adobe is warning of a critical vulnerability in its Flash Player application for users on Windows, macOS, Linux and ChromeOS operating systems.

Adobe has patched a critical arbitrary code execution vulnerability in Flash Player. "Successful exploitation could lead to an exploitable crash, potentially resulting in arbitrary code execution in the context of the current user," Adobe explained in its advisory.

Adobe has released a security update for a critical remote code execution vulnerability in Adobe Flash Player that could be exploited by simply visiting a website. Adobe Flash has long been a source of security vulnerabilities that allow attackers to install malware, execute commands, and takeover of computers when visiting malicious websites.

A team of researchers has received hundreds of thousands of dollars in bug bounties from Apple for reporting 55 vulnerabilities, including ones that exposed source code, employee and customer apps, warehouse software, and iCloud accounts. Researchers Sam Curry, Brett Buerhaus, Ben Sadeghipour, Samuel Erb and Tanner Barnes decided in early July to take part in Apple's bug bounty program and attempt to find as many vulnerabilities as possible in the tech giant's systems and services.

Microsoft is warning that cybercriminals have started to incorporate exploit code for the ZeroLogon vulnerability in their attacks. Over the years, the actor has been in attacks delivering a wide variety of malware, from backdoors to ransomware.

The investment will be used to significantly scale the company through rapid expansion into the mission-critical SaaS applications market, starting with protection and compliance for Salesforce and SuccessFactors applications. This new support for mission-critical SaaS applications enables Onapsis to execute its vision of protecting the intelligent enterprise and accelerating digital transformation initiatives by delivering cybersecurity and compliance solutions for all mission-critical applications running on-premises and hosted on cloud Infrastructure as a Service, Platform as a Service and Software as a Service, as well as the API-based integrations between them.

Google is rolling out 35 security fixes, and a new password feature, in Chrome 86 versions for Windows, Mac, Android and iOS users. Google's latest version of its browser, Chrome 86, is now being rolled out with 35 security fixes - including a critical bug - and a feature that checks if users have any compromised passwords.

QNAP has addressed two critical security vulnerabilities in the Helpdesk app that could enable potential attackers to take over unpatched QNAP network-attached storage devices. Helpdesk is the built-in app that comes with QNAP's NAS devices and allows admins to submit help requests to the QNAP support team over the Internet.

Researchers discovered several potentially serious vulnerabilities in Pepperl+Fuchs Comtrol's RocketLinx industrial switches, including ones that can be exploited to take complete control of devices. SEC Consult told SecurityWeek that exploitation of the vulnerabilities requires network access to the targeted switch - no permissions are needed on the device itself.

Cybersecurity researchers have found critical security flaws in two popular industrial remote access systems that can be exploited to ban access to industrial production floors, hack into company networks, tamper with data, and even steal sensitive business secrets. The flaws, discovered by Tel Aviv-based OTORIO, were identified in B&R Automation's SiteManager and GateManager, and MB Connect Line's mbCONNECT24, two of the popular remote maintenance tools used in automotive, energy, oil & gas, metal, and packaging sectors to connect to industrial assets from anywhere across the world.