Security News

More than 80 percent of organizations impacted by CVE-2019-19781, a critical vulnerability in the Citrix Application Delivery Controller and Gateway, have already taken steps to secure their deployments. The security bug impacts multiple versions of Citrix ADC and Gateway, but Citrix has already released permanent patches for all of them, as attacks started to ramp up.

About one in five of the 80,000 companies affected by a critical bug in the Citrix Application Delivery Controller and Citrix Gateway are still at risk from a trivial attack on their internal operations. "The critical information about applications accessible by Citrix can be leaked," he explained.

One of the security flaws that Google addressed with the February 2020 set of Android patches is a critical vulnerability in Bluetooth that could lead to code execution. While no user interaction is required for the attack to be successful, the adversary needs to know the target device's Bluetooth MAC address and Bluetooth has to be enabled.

Researchers on Wednesday disclosed five critical vulnerabilities in Cisco Discovery Protocol, the Cisco Proprietary Layer 2 network protocol that is used to discover information about locally attached Cisco equipment. Every device, Cisco device, sends packets from time to time saying, 'Hi, my IP address is this, My name is this, my operating system is this' and all kinds of information and they collect the Cisco devices' information about one another, about their neighbors.

Cisco is issuing patches for five critical vulnerabilities that have been discovered in Cisco Discovery Protocol, the info-sharing layer that maps all Cisco equipment on a network. CDP is a Cisco proprietary Layer 2 network protocol that is used to discover information about locally attached Cisco equipment.

Google has patched some serious bugs in Android, including a couple of critical flaws that could let hackers run their own code on the mobile operating system. What Google does tell us in its February 2020 advisory is that it lies in the system component of Android, which contains the system apps that ship with the OS. It's a remote code execution bug in the context of a privileged process, giving the attacker a high level of access to the operating system, and it applies to versions 8.0, 8.1, and 9 of the Android Open-Source Project, on which the various phone implementations of Android are based.

Manufacturing facilities and processing centers using AutomationDirect C-more Touch Panels are advised to upgrade their firmware ASAP, as older versions contain a high-risk vulnerability that may allow attackers to get account information such as usernames and passwords, obscure or manipulate process data, and lock out access to the device. Manufactured by US-based AutomationDirect, the vulnerable C-more Touch Panels EA9 series are human-machine interfaces capable of communicating with a wide variety of programmable logic controllers.

Google this week released the February 2020 set of security updates for the Android operating system, which address a total of 25 vulnerabilities, including 2 rated critical severity. Tracked as CVE-2020-0022, the first of these bugs is a remote code execution vulnerability that is considered critical only on Android 8.0, 8.1, and 9 devices.

Google has released a security update for a critical flaw in its Android operating system that allows hackers to execute remote code on affected handsets, potentially allowing an adversary to gain remote access to the device. Part of Google's February Android Security Bulletin, released Monday, also warns of a second critical flaw that could allow a remote hacker to gain access to an Android handset and obtain sensitive data.

Trend Micro, a global leader in cybersecurity solutions, announced that it will collaborate with Baker Hughes' Nexus Controls operational technology security experts through a strategic framework agreement, signed in late 2019. Under the terms of the agreement, Trend Micro and Baker Hughes plan to work together to help mitigate these and other cyber-risks in support of IT and security leaders looking to drive digital transformation success.