Security News

Cisco is issuing patches for five critical vulnerabilities that have been discovered in Cisco Discovery Protocol, the info-sharing layer that maps all Cisco equipment on a network. CDP is a Cisco proprietary Layer 2 network protocol that is used to discover information about locally attached Cisco equipment.

Google has patched some serious bugs in Android, including a couple of critical flaws that could let hackers run their own code on the mobile operating system. What Google does tell us in its February 2020 advisory is that it lies in the system component of Android, which contains the system apps that ship with the OS. It's a remote code execution bug in the context of a privileged process, giving the attacker a high level of access to the operating system, and it applies to versions 8.0, 8.1, and 9 of the Android Open-Source Project, on which the various phone implementations of Android are based.

Manufacturing facilities and processing centers using AutomationDirect C-more Touch Panels are advised to upgrade their firmware ASAP, as older versions contain a high-risk vulnerability that may allow attackers to get account information such as usernames and passwords, obscure or manipulate process data, and lock out access to the device. Manufactured by US-based AutomationDirect, the vulnerable C-more Touch Panels EA9 series are human-machine interfaces capable of communicating with a wide variety of programmable logic controllers.

Google this week released the February 2020 set of security updates for the Android operating system, which address a total of 25 vulnerabilities, including 2 rated critical severity. Tracked as CVE-2020-0022, the first of these bugs is a remote code execution vulnerability that is considered critical only on Android 8.0, 8.1, and 9 devices.

Google has released a security update for a critical flaw in its Android operating system that allows hackers to execute remote code on affected handsets, potentially allowing an adversary to gain remote access to the device. Part of Google's February Android Security Bulletin, released Monday, also warns of a second critical flaw that could allow a remote hacker to gain access to an Android handset and obtain sensitive data.

Trend Micro, a global leader in cybersecurity solutions, announced that it will collaborate with Baker Hughes' Nexus Controls operational technology security experts through a strategic framework agreement, signed in late 2019. Under the terms of the agreement, Trend Micro and Baker Hughes plan to work together to help mitigate these and other cyber-risks in support of IT and security leaders looking to drive digital transformation success.

Keysight Technologies, a leading technology company that helps enterprises, service providers and governments accelerate innovation to connect and secure the world, announced a new PROPSIM channel emulation solution that enables the aerospace industry to efficiently verify radio links critical to satellite communications, earth observation, security surveillance, mapping and navigation. Keysight's new channel emulation capabilities address a rapidly expanding satellite market projected to generate more than $2B by 2030, according to a report published in July 2019 by BIS Research.

Adobe-owned Magento has plugged multiple critical vulnerabilities in its eponymous content management system, the most severe of which could be exploited by attackers to achieve arbitrary code execution. According to the newest Magento-themed security bulletin, three of the six fixed flaws are critical and three are important.

Cybersecurity researchers have discovered a new critical vulnerability in the OpenSMTPD email server that could allow remote attackers to take complete control over BSD and many Linux based servers. OpenSMTPD is an open-source implementation of the server-side SMTP protocol that was initially developed as part of the OpenBSD project but now comes pre-installed on many UNIX-based systems.

Apple has just announced its latest round of security updates. There are plenty of critical holes patched in this raft of updates - so we strongly advise you to patch right away, before anyone figures out how to abuse these newly-documented holes for fun or profit.