Security News

Snyk has announced the significant enhancements to its prioritization capabilities, helping security and development teams automatically identify and fix the most critical vulnerabilities. By giving developers the immediate priority scoring, deep application context, customizable security policies, and Snyk's automated fix PRs, security teams can ensure their developers are fixing the most important open source and container vulnerabilities, as quickly as possible.

Tracked as CVE-2020-1147 and considered critical severity, the bug occurs when the software doesn't check the source markup of XML file input. "The vulnerability is found in the DataSet and DataTable types which are.NET components used to manage data sets," the software giant revealed in an advisory published last week.

A week after July's Patch Tuesday, Adobe has released out-of-band security updates for vulnerabilities in four of its products - and most of them are considered to be critical in severity. The patch batch includes five critical bugs in Photoshop for both Windows and macOS allowing for code execution.

Adobe informed customers on Tuesday that it has patched several critical code execution vulnerabilities in its Bridge, Photoshop and Prelude products. In the Windows and macOS versions of Bridge, Adobe fixed three critical out-of-bounds read and out-of-bounds write vulnerabilities that can be exploited by an attacker to execute arbitrary code in the context of the targeted user.

Adobe released a slew of patches for critical vulnerabilities Tuesday that were part of an out-of-band security update. Several of the critical flaws are tied to Adobe's popular Photoshop photo-editing software and allow adversaries to execute arbitrary code on targeted Windows devices.

Last week, a "Wormable" remote code execution flaw in the Windows DNS Server service temporarily overshadowed all the other flaws patched by Microsoft on July 2020 Patch Tuesday, but CVE-2020-1147, a RCE affecting Microsoft SharePoint, was also singled out as critical and requiring a speedy fix. Implementing the offered security updates has since become even more urgent, as more exploitation details and a PoC have been released on Monday.

Cisco has fixed 33 CVE-numbered flaws in a variety of its devices, including five critical ones affecting RV-series VPN routers and firewalls and Cisco Prime License Manager, which is used by enterprises to manage user-based licensing. Cisco Small Business RV110W Wireless-N VPN Firewalls with firmware releases prior to v1.2.2.8 can be taken over by attackers via a system account has a default and static password.

Cisco on Wednesday released security advisories to inform customers of several critical vulnerabilities that can be exploited remotely to hack small business routers and firewalls that are no longer being sold. One of the critical flaws, which is tracked as CVE-2020-3330 and has a CVSS score of 9.8, affects Cisco Small Business RV110W Wireless-N VPN firewalls and it allows a remote and unauthenticated attacker to take full control of a device by connecting to it using a default and static password.

Cisco has emitted 33 security bug fixes in its latest crop of software updates, five of those deemed critical. Affected devices include multiple RV-series routers, the RV110W series VPN Firewall, and the Cisco Prime License Manager.

Cybersecurity researchers today issued a security advisory warning enterprises and governments across the globe to immediately patch a highly-critical remote code execution vulnerability affecting F5's BIG-IP networking devices running application security servers. According to Mikhail Klyuchnikov, a security researcher at Positive Technologies who discovered the flaw and reported it to F5 Networks, the issue resides in a configuration utility called Traffic Management User Interface for BIG-IP application delivery controller.