Security News

A researcher has stumbled on a big security flaw affecting OpenWrt, an open source operating system used by millions of home and small business routers and embedded devices. OpenWrt has become a popular Linux alternative to the stock software that vendors ship with home routers.

A critical flaw in a web server for the CODESYS automation software for engineering control systems could allow a remote, unauthenticated attacker to crash a server or execute code. In this case, the bug exists in the CODESYS web server, which is used to display CODESYS system visualization screens in a web browser.

Less than 50 percent of organizations can patch vulnerable systems swiftly enough to protect against critical threats and zero-day attacks, and 81 percent have suffered at least one data breach in the last two years, according to Automox. The research surveyed 560 IT operations and security professionals at enterprises with between 500 and 25,000 employees, across more than 15 industries to benchmark the state of endpoint patching and hardening.

"Public clouds are, by and large, homogeneous infrastructures with embedded monitoring capabilities that are ubiquitous and have centralized security administration and threat remediation tools built on top," Konstantas told Help Net Security. "Automation really is central to effective cloud security. Just take the example of data and consider the volume of data flowing into cloud hosted data bases and data warehouses. Classifying the data, identifying PII, PHI, credit cards etc., flagging overly permissioned access, and requiring additional authorization for data removal - all these things have to be automated. Even the remediation, or prevention of access needs to be automated," she noted.

Augury, the world leader in Machine Health Solutions, unveiled new capabilities and enhancements that enable operations and maintenance personnel to remotely monitor, diagnose and share information about the health and performance of the critical machinery that underpins manufacturing processes relied on to produce vital goods, including paper products, bottled water, beer, medicine and more. Augury is also providing increased support for remote on-boarding of new personnel and machines, so companies can be sure all the needed expertise from anywhere in their organization is readily accessible in order to keep all critical machinery running at peak levels, no matter what demands are being placed on it.

Creative Cloud acts as a central console for desktop users to quickly launch, manage and update their Adobe apps, such as Photoshop, Acrobat, Illustrator and more. "Adobe recommends users update their product installations to the latest versions using the instructions referenced in the security bulletin."

A critical vulnerability patched on Tuesday by Adobe in its Creative Cloud desktop application can be exploited by hackers to delete arbitrary files. Adobe Creative Cloud is a set of applications and services used for video editing, graphic design, photography and web development.

A cybersecurity researcher today disclosed technical details and proof-of-concept of a critical remote code execution vulnerability affecting OpenWrt, a widely used Linux-based operating system for routers, residential gateways, and other embedded devices that route network traffic. Tracked as CVE-2020-7982, the vulnerability resides in the OPKG package manager of OpenWrt that exists in the way it performs integrity checking of downloaded packages using the SHA-256 checksums embedded in the signed repository index.

Microsoft is warning of critical zero-day flaws in its Windows operating system that could enable remote code execution. "Microsoft is aware of limited targeted attacks that could leverage unpatched vulnerabilities in the Adobe Type Manager Library, and is providing the following guidance to help reduce customer risk until the security update is released," according to a Monday Microsoft security advisory.

Microsoft is warning of critical zero-day flaws in its Windows operating system that could enable remote code execution. "Microsoft is aware of limited targeted attacks that could leverage unpatched vulnerabilities in the Adobe Type Manager Library, and is providing the following guidance to help reduce customer risk until the security update is released," according to a Monday Microsoft security advisory.