Security News

Cisco has patched two vulnerabilities in its Cisco Security Manager solution, both of which could allow unauthenticated, remote attackers to gain access to sensitive information on an affected system. Those are part of a batch of twelve vulnerabilities flagged in July 2020 by Florian Hauser, a security researcher and red teamer at Code White.

Cisco has published multiple security advisories concerning critical flaws in Cisco Security Manager a week after the networking equipment maker quietly released patches with version 4.22 of the platform. The flaws were responsibly reported to Cisco's Product Security Incident Response Team three months ago, on July 13.

Training people to fill cybersecurity jobs is important, but teaching everyone safe practices is also essential. Karen Roby: While it may seem I think obvious to why a real focus on STEM should be involved when it comes to cybersecurity, it also seems some government agencies are resistant, hesitant, to adopt new cybersecurity methods.

Two security vulnerabilities in Schneider Electric's programmable logic controllers could allow attackers to compromise a PLC and move on to more sophisticated critical infrastructure attacks. There are two types of application protection available: Read protection protects the controller's application from being read by any unauthorized personnel at the engineering workstation; and the write protection protects the controller's application from unauthorized changes.

SAP's security updates for November 2020 patch several critical vulnerabilities affecting the company's Solution Manager, Data Services, ABAP, S4/HANA, and NetWeaver products. One of the hot news patches resolves a total of four vulnerabilities related to missing authentication checks in SolMan, which provides a central management interface for SAP and non-SAP systems.

Datadog announced new capabilities for monitoring DNS. These new features allow engineers to troubleshoot DNS issues that affect the performance and availability of web applications and backend microservices. Datadog's DNS monitoring capabilities now allow customers to monitor key performance metrics about both internal and external DNS resolution to maintain efficient service networking and availability.

This week Samsung has started rolling out Android's November security updates to mobile devices to patch critical security vulnerabilities in the operating system and enhance overall features on the devices. This comes after Android had published their November 2020 security updates bulletin, which includes patches for critical vulnerabilities impacting the latest devices.

Microsoft formally released fixes for 112 newly discovered security vulnerabilities as part of its November 2020 Patch Tuesday, including an actively exploited zero-day flaw disclosed by Google's security team last week. Outside of the zero-day, the update fixes a number of remote code execution vulnerabilities impacting Exchange Server, Network File System, and Microsoft Teams, as well as a security bypass flaw in Windows Hyper-V virtualization software.

Microsoft's November Patch Tuesday roundup of security fixes tackled an unusually large crop of remote code execution bugs. Twelve of Microsoft's 17 critical patches were tied to RCE bugs.

A massive Intel security update this month addresses flaws across a myriad of products - most notably, critical bugs that can be exploited by unauthenticated cybercriminals in order to gain escalated privileges. These critical flaws exist in products related to Wireless Bluetooth - including various Intel Wi-Fi modules and wireless network adapters - as well as in its remote out-of-band management tool, Active Management Technology.