Security News

Cisco has patched four vulnerabilities in its Jabber client for Windows, the most critical of which could allow attackers to achieve remote code execution by sending specially crafted chat messages. Cisco Jabber is a video conferencing and instant messaging application that's often used within enterprises for internal communication and collaboration.

A hacking group believed to be linked to the Iranian government was observed targeting a critical vulnerability that F5 Networks addressed in its BIG-IP application delivery controller in early July. Tracked as CVE-2020-5902 and featuring a CVSS score of 10, the vulnerability allows remote attackers to take complete control of a targeted system.

A critical remote-code-execution vulnerability affecting past versions of the Slack desktop app was disclosed on Friday after the software maker fixed its app. Back in January, Oskars Vegeris, a security engineer at Evolution Gaming, privately reported to Slack a remote code execution vulnerability affecting version 4.2 and 4.32 of its desktop apps for Linux, macOS, and Windows via bug bounty program HackerOne.

A security researcher was awarded a $1,750 bug bounty reward for discovering a remote code execution vulnerability in the Slack desktop applications. An attacker could exploit the vulnerability to execute arbitrary code within Slack's desktop apps for macOS, Linux, and Windows.

A critical vulnerability in the popular Slack collaboration app would allow remote code-execution. Attackers could gain full remote control over the Slack desktop app with a successful exploit - and thus access to private channels, conversations, passwords, tokens and keys, and various functions.

You need to recognize the most critical cloud security challenges and develop a strategy for minimizing these risks. With that in mind, let's dive into the five most pressing cloud security challenges faced by modern organizations.

BT Security has announced the key partners that it will work with going forward to provide industry-leading managed security services to customers. "Kevin Brown, Managing Director of BT Security, said:"Our new security partner ecosystem showcases the benefits of BT Security as a Managed Security Services Provider.

The report found that more than three-quarters of respondents are concerned or very concerned about protecting their personal data, with 42 percent of consumers saying they wouldn't share sensitive data with a business for any reason. As data becomes more valuable to combat the pandemic, companies must provide consumers with more background and reasoning as to why they're collecting data - and how they plan to protect it.

Jenkins-a popular open-source automation server software-published an advisory on Monday concerning a critical vulnerability in the Jetty web server that could result in memory corruption and cause confidential information to be disclosed. "Jenkins bundles Winstone-Jetty, a wrapper around Jetty, to act as HTTP and servlet server when started using java -jar jenkins.war. This is how Jenkins is run when using any of the installers or packages, but not when run using servlet containers such as Tomcat," read the advisory.

Cisco patched a critical flaw in its wide area network software solution for enterprises, which if exploited could give remote, unauthenticated attackers administrator privileges. The flaw exists in Cisco Virtual Wide Area Application Services, which is software that Cisco describes as a "WAN optimization solution." It helps manage business applications that are being leveraged in virtual private cloud infrastructure.