Security News
The US-CERT today issued advisory warning users of a new dangerous 17-year-old remote code execution vulnerability affecting the PPP daemon software that comes installed on almost all Linux based operating systems, as well as powers the firmware of many other networking devices. Discovered by IOActive security researcher Ilja Van Sprundel, the critical issue is a stack buffer overflow vulnerability that exists due to a logical error in the Extensible Authentication Protocol packet parser of the pppd software, an extension that provides support for additional authentication methods in PPP connections.
The US-CERT today issued advisory warning users of a new dangerous 17-year-old remote code execution vulnerability affecting the PPP daemon software that comes installed on almost all Linux based operating systems, as well as powers the firmware of many other networking devices. Discovered by IOActive security researcher Ilja Van Sprundel, the critical issue is a stack buffer overflow vulnerability that exists due to a logical error in the Extensible Authentication Protocol packet parser of the pppd software, an extension that provides support for additional authentication methods in PPP connections.
Google has emitted its latest monthly batch of Android security fixes, addressing a total of 70 CVE-listed vulnerabilities. The documented flaw, CVE-2020-0032, lies within the open-source Android media framework that can be exploited by opening a booby-trapped file that Google is disturbingly vague about.
In today's perilous cyber world, companies must carefully check their vendors' cyber posture, and the initial vetting of any third party typically begins with a comprehensive security questionnaire. These can be a headache, because many questionnaires include hundreds of questions, and many of them are irrelevant.
Appsian, the leader in ERP data security, announced the SAP integration certification of their data security and compliance platform for SAP ERP Central Component and SAP S/4HANA. By integrating attribute-based access controls, fine-grained data security solutions and real-time user behavior analytics, Appsian enables SAP customers to fill many critical governance, risk, and compliance gaps that exist in ERP applications. "When it comes to ERP data access, context is everything," said Piyush Pandey, CEO at Appsian.
Netgear is warning users of a critical remote code execution bug that could allow an unauthenticated attacker to take control of its Wireless AC Router Nighthawk hardware running firmware versions prior to 1.0.2.68. The critical vulnerability, tracked by Netgear as PSV-2019-0076, affects the company's consumer Nighthawk X4S Smart Wi-Fi Router first introduced in 2016 and still available today.
Google's March 2020 security updates for Android include fixes for over 70 vulnerabilities, including a critical flaw in media framework. The critical bug was patched as part of the 2020-03-01 security patch level, which addresses a total of 11 vulnerabilities in framework, media framework, and system.
It's critical to understand the existing gaps and bottlenecks within organizations that make the infrastructure vulnerable to attacks and make detection difficult. Effective ways to align your resources to enhance your incidence response effort;.
After fixing a fat pile of critical security flaws as part of last week's Patch Tuesday update, Adobe has come back with two more that need urgent attention. The second is also an out-of-bounds write weakness, this time in Adobe Media Encoder, affecting Windows and macOS versions 14.02.