Security News

Organizations must quickly adopt the zero trust mindset of "Never trust, always verify" to mitigate the spread of breaches, limit access, and prevent lateral movement, according to an Illumio report. Today, a new report from microsegmentation platform Illumio, revealed how organizations approach and incorporate zero trust into business and cybersecurity strategies, as everyone moves deeper into the second half of the new business normal, under COVID-19 restrictions.

The flaws exist in Citrix Endpoint Management, often referred to as XenMobile Server, which enables businesses to manage employees' mobile devices and mobile applications by controlling device security settings and updates. Specifically impacted at a critical level by the dual vulnerabilities is: XenMobile Server 10.12 before RP2, XenMobile Server 10.11 before RP4, XenMobile Server 10.10 before RP6 and XenMobile Server before 10.9 RP5. The remaining three flaws are rated medium- and low-severity.

August 2020 Patch Tuesday was expectedly observed by Microsoft and Adobe, but many other software firms decided to push out security updates as well. The German software corporation known for its enterprise software marked its Security Patch Day with the release of 15 security notes and an update to a previously released one.

We hope you've patched CVE-2020-6262, aka note 2835979, that affects SAP NetWeaver Application Server ABAP, because the folks who found and reported the vulnerability are going public with the details. The infosec biz's Alexander Meier and Fabian Hag found the security hole and reported it to SAP in April.

Intel is warning of a rare critical-severity vulnerability affecting several of its motherboards, server systems and compute modules. Beyond this critical flaw, Intel also fixed bugs tied to 22 critical-, high-, medium- and low-severity CVEs affecting its server board, systems and compute modules.

Adobe has plugged 11 critical security holes in Acrobat and Reader, which if exploited could allow attackers to remotely execute code or sidestep security features in the app. As part of its regularly scheduled security updates, Tuesday, Adobe fixed critical- and important-severity flaws tied to 26 CVEs - all stemming from its popular Acrobat and Reader document-management application - as well as one important-severity CVE in Adobe Lightroom, which is its image manipulation software.

Adobe on Tuesday informed customers that it has patched 26 vulnerabilities in its Acrobat and Reader products, including 11 critical flaws that can be exploited to bypass security features and for arbitrary code execution. The remaining two critical vulnerabilities can allow an attacker to bypass security features.

Four critical-severity flaws were recently disclosed in the Find My Mobile feature of Samsung Galaxy smartphones, which if exploited could allow attackers to force a factory reset on the phones or spy on users. Researchers have disclosed a slew of critical-severity, patched flaws in flagship Samsung smartphones - including the Galaxy S7, S8 and S9 models.

Citrix today released patches for multiple new security vulnerabilities affecting its Citrix Endpoint Management, also known as XenMobile, a product made for enterprises to help companies manage and secure their employees' mobile devices remotely. Citrix Endpoint Management offers businesses mobile device management and mobile application management capabilities.

DEF CON Boeing 747-400s still use floppy disks for loading critical navigation databases, Pen Test Partners has revealed to the infosec community after poking about one of the recently abandoned aircraft. Although airliners are not normally available to curious infosec researchers, a certain UK-based Big Airline's decision to scrap its B747 fleet gave Pen Test Partners a unique opportunity to get aboard one and have a poke about before the scrap merchants set about their grim task.