Security News

GeoVision, a Taiwanese manufacturer of video surveillance systems and IP cameras, recently patched three of the four critical flaws impacting its card and fingerprint scanners that could've potentially allowed attackers to intercept network traffic and stage man-in-the-middle attacks. The first issue concerns a previously undocumented root password that permits an attacker backdoor access to a device by simply using the default password and remotely log in to the vulnerable device.

A stored cross-site scripting vulnerability in OSIsoft PI System, a product often present in critical infrastructure facilities, can be exploited for phishing, privilege escalation and other purposes. Researchers at industrial cybersecurity company OTORIO discovered that the PI Web API 2019 component of PI System is affected by a stored XSS vulnerability that allows an attacker with limited privileges on the targeted system to conduct various types of activities.

Belden and its Tripwire and Hirschmann brands announced an extended partnership with Forescout to advance cybersecurity for industrial organizations and critical infrastructure. "Network segmentation will be imperative to meet availability requirements for these real-time, next generation industrial automation networks. Belden and Forescout allow operators to begin segmenting their networks today with existing infrastructure, while also providing a trajectory for additional controls as next generation networks are deployed over time."

Adobe Audition, got a fix for two critical CVEs, both of which allowed arbitrary code execution via an out-of-bounds write. The company also fixed three arbitrary code execution CVEs in Adobe Premiere Rush, a tool for creating videos and sharing them via social media.

Adobe patched three flaws in Premiere Pro, another version of Adobe's video editing software that is more advanced than Adobe Premiere Rush. Adobe Premiere Pro versions 14.2 and earlier are affected; users are urged to update to version 14.3.

Adobe announced on Tuesday that it has patched 18 critical code execution vulnerabilities in its After Effects, Illustrator, Premiere Pro, Premiere Rush, and Audition products. Adobe fixed five critical out-of-bounds write, out-of-bounds read and heap overflow vulnerabilities that can be exploited for arbitrary code execution in the context of the targeted user.

D-Link is urging customers to replace its now obsolete line of DIR-865L Wireless Routers in reaction to a recently discovered critical command-injection bug that leaves users open to a denial-of-service attack. "The vulnerabilities were found in the DIR-865L model of D-Link routers, which are meant for home network use," researchers wrote.

D-Link is urging customers to replace its now obsolete line of DIR-865L Wireless Routers in reaction to a recently discovered critical command-injection bug that leaves users open to a denial-of-service attack. "The vulnerabilities were found in the DIR-865L model of D-Link routers, which are meant for home network use," researchers wrote.

Siemens' LOGO! programmable logic controllers are affected by critical vulnerabilities that can be exploited remotely to launch denial-of-service attacks and modify the device's configuration. According to Siemens, the vulnerabilities impact all versions of its LOGO!8 BM devices, which are designed for basic control tasks.

Over 5,000 global firms rely on Everbridge to keep their people safe and organizations running in anticipation of or amid critical events, whether natural, digital, or manmade. The Everbridge CEM solution provides an integrated, end-to-end approach for managing all phases of a critical event, accelerating the time to identify and resolve threats, and providing a unified, organizational view to facilitate more coordinated action.