Security News

During the audit, Kudelski was given access to the source code of Boxcryptor for Windows and to the internal documentation. The goal of the audit was to give all interested parties an indirect insight into the software so that they can be sure that no backdoors or security holes are found in the code.

Palo Alto Networks has patched a critical and easily exploitable vulnerability affecting PAN-OS, the custom operating system running on its next generation firewalls and enterprise VPN appliances, and is urging users to update to a fixed version as soon as possible. Affected PAN-OS versions include versions earlier than PAN-OS 9.1.3; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15, and all versions of PAN-OS 8.0.

Futurex's VirtuCrypt financial cloud HSM service supports financial services organizations' critical payment systems cryptography and key management needs in the cloud. VirtuCrypt cloud HSMs are the industry's first financial cloud cryptographic solution with native Amazon Web Services support.

GeoVision, a Taiwanese manufacturer of video surveillance systems and IP cameras, recently patched three of the four critical flaws impacting its card and fingerprint scanners that could've potentially allowed attackers to intercept network traffic and stage man-in-the-middle attacks. The first issue concerns a previously undocumented root password that permits an attacker backdoor access to a device by simply using the default password and remotely log in to the vulnerable device.

A stored cross-site scripting vulnerability in OSIsoft PI System, a product often present in critical infrastructure facilities, can be exploited for phishing, privilege escalation and other purposes. Researchers at industrial cybersecurity company OTORIO discovered that the PI Web API 2019 component of PI System is affected by a stored XSS vulnerability that allows an attacker with limited privileges on the targeted system to conduct various types of activities.

Belden and its Tripwire and Hirschmann brands announced an extended partnership with Forescout to advance cybersecurity for industrial organizations and critical infrastructure. "Network segmentation will be imperative to meet availability requirements for these real-time, next generation industrial automation networks. Belden and Forescout allow operators to begin segmenting their networks today with existing infrastructure, while also providing a trajectory for additional controls as next generation networks are deployed over time."

Adobe Audition, got a fix for two critical CVEs, both of which allowed arbitrary code execution via an out-of-bounds write. The company also fixed three arbitrary code execution CVEs in Adobe Premiere Rush, a tool for creating videos and sharing them via social media.

Adobe patched three flaws in Premiere Pro, another version of Adobe's video editing software that is more advanced than Adobe Premiere Rush. Adobe Premiere Pro versions 14.2 and earlier are affected; users are urged to update to version 14.3.

Adobe announced on Tuesday that it has patched 18 critical code execution vulnerabilities in its After Effects, Illustrator, Premiere Pro, Premiere Rush, and Audition products. Adobe fixed five critical out-of-bounds write, out-of-bounds read and heap overflow vulnerabilities that can be exploited for arbitrary code execution in the context of the targeted user.

D-Link is urging customers to replace its now obsolete line of DIR-865L Wireless Routers in reaction to a recently discovered critical command-injection bug that leaves users open to a denial-of-service attack. "The vulnerabilities were found in the DIR-865L model of D-Link routers, which are meant for home network use," researchers wrote.