Security News

Google kicked off its first Android Security Bulletin of 2020 patching a critical flaw in its Android operating system, which if exploited could allow a remote attacker to execute code. Google said its' critical vulnerability exists in Android's Media framework, which includes support for playing a variety of common media types, so that users can easily utilize audio, video and images.

The immediate priority should be cleaning up CVE-201915975, CVE-201915976, and CVE-201915975, a trio of authentication bypass bugs that can be exploited remotely without authentication. CVE-2019-15976 describes the same issue via the SOAP API, while CVE-2019-15977 describes static credentials that only allow access to "Certain confidential information," but that infomation could be used for other attacks.

Cisco Systems has issued patches for three critical vulnerabilities impacting a key tool for managing its network platform and switches. The bugs could allow an unauthenticated, remote attacker to bypass endpoint authentication and execute arbitrary actions with administrative privileges on targeted devices, the vendor said.

Multiple critical vulnerabilities in Ruckus Wi-Fi routers used throughout the world were disclosed at the 36th Chaos Communication Congress in Leipzig, Germany, held from December 27-30, 2019. Although the devices examined were from the Ruckus Unleashed stable, Zror told SecurityWeek, "I believe the same issues will affect the Ruckus regular routers and other Ruckus devices. Without pre-authentication," he continued, "I can run my own code on those devices. The implication is that I can upload my own malware into the router, and manipulate all the router activity, as I wish. From there I can access any other network, including the corporate network, that may be connected or may also use Ruckus devices."

The flaw resides in the Citrix Application Delivery Controller and Gateway.

If you haven't recently updated your Drupal-based blog or business website to the latest available versions, it's the time. Drupal development team yesterday released important security updates...

Several critical vulnerabilities found by Cisco Talos researchers in programmable logic controllers (PLCs) made by WAGO can be exploited remotely for arbitrary code execution and denial-of-service...

One flaw found in WordPress plugins Ultimate Addons for Beaver Builder and Ultimate Addons for Elementor is actively being exploited.

Seventeen bugs could be exploited to stop electrical generation and cause malfunctions at power plants.

Google this week released Chrome 79 to the stable channel with a total of 51 security fixes, including 37 reported by external researchers, two of which are considered critical severity. read more