Security News

Google has emitted its latest monthly batch of Android security fixes, addressing a total of 70 CVE-listed vulnerabilities. The documented flaw, CVE-2020-0032, lies within the open-source Android media framework that can be exploited by opening a booby-trapped file that Google is disturbingly vague about.

In today's perilous cyber world, companies must carefully check their vendors' cyber posture, and the initial vetting of any third party typically begins with a comprehensive security questionnaire. These can be a headache, because many questionnaires include hundreds of questions, and many of them are irrelevant.

Appsian, the leader in ERP data security, announced the SAP integration certification of their data security and compliance platform for SAP ERP Central Component and SAP S/4HANA. By integrating attribute-based access controls, fine-grained data security solutions and real-time user behavior analytics, Appsian enables SAP customers to fill many critical governance, risk, and compliance gaps that exist in ERP applications. "When it comes to ERP data access, context is everything," said Piyush Pandey, CEO at Appsian.

Netgear is warning users of a critical remote code execution bug that could allow an unauthenticated attacker to take control of its Wireless AC Router Nighthawk hardware running firmware versions prior to 1.0.2.68. The critical vulnerability, tracked by Netgear as PSV-2019-0076, affects the company's consumer Nighthawk X4S Smart Wi-Fi Router first introduced in 2016 and still available today.

Google's March 2020 security updates for Android include fixes for over 70 vulnerabilities, including a critical flaw in media framework. The critical bug was patched as part of the 2020-03-01 security patch level, which addresses a total of 11 vulnerabilities in framework, media framework, and system.

It's critical to understand the existing gaps and bottlenecks within organizations that make the infrastructure vulnerable to attacks and make detection difficult. Effective ways to align your resources to enhance your incidence response effort;.

After fixing a fat pile of critical security flaws as part of last week's Patch Tuesday update, Adobe has come back with two more that need urgent attention. The second is also an out-of-bounds write weakness, this time in Adobe Media Encoder, affecting Windows and macOS versions 14.02.

Cisco has released patches for sixteen vulnerabilities across its products, including one rated critical, six high severity, and nine medium risk. The critical vulnerability impacts Cisco's Smart Software Manager On-Prem licensing solution and could allow a remote, unauthenticated attacker to access system data with high privileges.

A critical flaw in the High Availability service of Cisco Smart Software Manager On-Prem Base has been uncovered, which would open the door to remote attackers thanks to its use of a static, default password, even if the platform isn't directly connected to the internet. Cisco Smart Software Manager On-Prem Base is used to manage a customer or partner's product licenses, providing near real-time visibility and reporting of the Cisco licenses that an organization purchases and consumes.