Security News

Juniper Networks Patches Critical Vulnerabilities in Firewalls
2020-07-10 14:26

Juniper Networks this week informed customers that it has patched many vulnerabilities in its products, mostly ones that can be exploited for denial-of-service attacks. Over a dozen advisories have been published by the company to describe several vulnerabilities that are specific to Juniper products, as well as tens of flaws impacting third-party components.

Report: Most Popular Home Routers Have ‘Critical’ Flaws
2020-07-10 13:25

A security review of 127 popular home routers found most contained at least one critical security flaw, according to researchers. On average, the routers analyzed-by vendors such as D-Link, Netgear, ASUS, Linksys, TP-Link and Zyxel-were affected by 53 critical-rated vulnerabilities, with even the most "Secure" device of the bunch having 21 CVEs, according to the report.

Unpatched Critical Flaw Disclosed in Zoom Software for Windows 7 or Earlier
2020-07-10 08:51

A zero-day vulnerability has been discovered in Zoom video conferencing software for Windows that could allow an attacker to execute arbitrary code on a victim's computer running Microsoft Windows 7 or older. The vulnerability has been discovered by a researcher who reported it to Acros Security, who then reported the flaw to the Zoom security team earlier today.

Google Patches Critical Android Vulnerabilities With July 2020 Updates
2020-07-08 18:42

Several critical remote code execution vulnerabilities were addressed in Android this week with the release of the July 2020 set of security patches, including three in the media framework and system components. Google addressed two critical flaws in the system component, one impacting Android 8.0 and newer releases, and the other affecting Android 10 only.

Citrix Issues Critical Patches for 11 New Flaws Affecting Multiple Products
2020-07-08 00:43

Citrix yesterday issued new security patches for as many as 11 security flaws that affect its Citrix Application Delivery Controller, Gateway, and SD-WAN WAN Optimization edition networking products. Successful exploitation of these critical flaws could let unauthenticated attackers perform code injection, information disclosure, and even denial-of-service attacks against the gateway or the authentication virtual servers.

Critical Apache Guacamole Flaws Put Remote Desktops at Risk of Hacking
2020-07-08 00:01

A new research has uncovered multiple critical reverse RDP vulnerabilities in Apache Guacamole, a popular remote desktop application used by system administrators to access and manage Windows and Linux machines remotely. The reported flaws could potentially let bad actors achieve full control over the Guacamole server, intercept, and control all other connected sessions.

Admins Urged to Patch Critical F5 Flaw Under Active Attack
2020-07-06 19:06

Security experts are urging companies to deploy an urgent patch for a critical vulnerability in F5 Networks' networking devices, which is being actively exploited by attackers to scrape credentials, launch malware and more. Last week, F5 Networks issued urgent patches for the critical remote code-execution flaw, which has a CVSS score of 10 out of 10.

F5 emits fixes for critical flaws in BIG-IP gear: Hopefully yours aren't internet-facing while you ready a patch
2020-07-03 00:36

Network administrators are urged to patch their F5 BIG-IP application delivery controllers following the disclosure of a pair of critical remote takeover bugs. The flaws in question, CVE-2020-5902 and CVE-2020-5903, lie within in a configuration tool known as the Traffic Management User Interface.

Microsoft issues critical fixes for booby-trapped images – update now!
2020-07-01 18:26

Microsoft has just released emergency patches for two critical security holes in the Windows Codecs Library. The security challenge here is that the -dec part of any codec - for example, the software that converts JPG files that are downloaded as part of a web page so your browser can display them - can't blindly assume that the co- part of the process was trustworthy.

Microsoft Releases Urgent Windows Update to Patch Two Critical Flaws
2020-07-01 05:25

Microsoft yesterday quietly released out-of-band software updates to patch two high-risk security vulnerabilities affecting hundreds of millions of Windows 10 and Server editions' users. The two newly disclosed security vulnerabilities, assigned CVE-2020-1425 and CVE-2020-1457, are both remote code execution bugs that could allow an attacker to execute arbitrary code and control the compromised Windows computer.