Security News

A critical privilege-escalation vulnerability affecting Android devices has been found that allows attackers to hijack any app on an infected phone - potentially exposing private SMS messages and photos, login credentials, GPS movements, phone conversations and more. The bug is dubbed the "StrandHogg 2.0" vulnerability by the Promon researchers who found it, due to its similarity to the original StrandHogg bug discovered last year.

Cisco has patched a critical remote code execution hole in Cisco Unified Contact Center Express, its "Contact center in a box" solution, and is urging administrators to upgrade to a fixed software version. "The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user on an affected device," Cisco explained.

Cisco this week released security patches to address several vulnerabilities in its products, including a critical severity bug in its Unified Contact Center Express software. The issue, Cisco explains in an advisory, exists because of the software's insecure deserialization of user supplied content.

Adobe just published a foursome of very tight-lipped security notifications about new patches. The bulletin APSB20-26 actually came out last week, on Patch Tuesday, leaving a gap at -25, suggesting that at least the patch in bulletin APSB20-15 was prepared in time for Patch Tuesday but didn't make the final cut, perhaps to give it time for additional testing or tweaking.

Cisco has hurried out a fix out for a critical remote code-execution flaw in its customer interaction management solution, Cisco Unified Contact Center Express. Cisco's Unified CCX software is touted as a "Contact center in a box" that allows companies to deploy customer-care applications.

The research investigated the cyber resilience of organizations operating in the energy, finance, health, telecommunications, transport and water industries, located in the world's five largest economies: UK, US, Germany, France and Japan. Of the 370 companies surveyed, only 36 percent had achieved a high level of cyber resilience.

Adobe has issued an out-of-band patch for a critical flaw in Adobe Character Animator, its application for creating live motion-capture animation videos. Users are urged to update to version 3.3 for Windows and macOS. While the flaw is critical, the security bulletin is a Priority 3 update, which according to Adobe resolves vulnerabilities in a product that has historically not been a target for attackers.

According to a 2019 survey of cybersecurity professionals, these critical data defenders were burned out. As companies hurdle toward digital transformation, automation, cloud computing, brand reputation, and strategic investments are falling on CISOs' plate.

The latest U.S. sanctions on tech giant Huawei threaten to devastate the company and escalate a feud with China that could disrupt technology industries worldwide. Huawei Technologies Ltd. is one of the biggest makers of smartphones and network equipment, but that $123 billion-a-year business is in jeopardy after Washington announced further restrictions on use of American technology by foreign companies that make its processor chips.

Nutanix, a leader in enterprise cloud computing, announced several new capabilities in its hyperconverged infrastructure software and AHV hypervisor to protect business-critical applications and maintain continuous business operations in the face of a possible disaster. The new capabilities in Nutanix HCI and AHV help enable customers to confidently deliver mission-critical applications with significantly less complexity and lower management overhead. "Maintaining continuous business operations is a high priority for all types of companies and organizations," said Greg Smith, VP of Product Marketing at Nutanix.