Security News

Some of the world's most popular communication apps are using an open-source library riddled with newfound security holes. The library, PJSIP - an open-source multimedia communication library - is used by Asterisk.

WhatsApp and BlueJeans are just two of the world's most popular communication apps that are using an open-source library riddled with newfound security holes. On Monday, devops platform provider JFrog Security disclosed five memory-corruption vulnerabilities in PJSIP, which supplies an API that can be used by IP telephony applications such as voice-over-IP phones and conference apps.

The UK's NHS Digital agency is warning organizations to apply new security updates for a remote code execution vulnerability in the Windows client for the Okta Advanced Server Access authentication management platform. "NHS Digital is the national digital, data and technology delivery partner for the NHS and social care system," explains the website for NHS Digital.

Adobe on Thursday updated its advisory for an actively exploited zero-day affecting Adobe Commerce and Magento Open Source to patch a newly discovered flaw that could be weaponized to achieve arbitrary code execution. "We have discovered additional security protections necessary for CVE-2022-24086 and have released an update to address them," the company said in a revised bulletin.

Another zero-day bug has been discovered in the Magento Open Source and Adobe Commerce platforms, while researchers have created a working proof-of-concept exploit for the recently patched CVE-2022-24086 vulnerability that came under active attack and forced Adobe to push out an emergency patch last weekend. The new flaw, detailed on Thursday, has the same level of severity assigned to its predecessor, which Adobe patched on Feb. 13.

Researchers have shared details about a now-patched, high-severity security bug in the Apache Cassandra open-source NoSQL distributed database that's easy to exploit and, if left unpatched, could enable attackers to gain remote code execution. In a Tuesday writeup, JFrog security researcher Omer Kaspi said that on the upside, the only Cassandra systems that are vulnerable to the flaw are those with a particular, non-standard and, specifically, not recommended configuration.

Researchers have revealed details of a now-patched high-severity security vulnerability in Apache Cassandra that, if left unaddressed, could be abused to gain remote code execution on affected installations. "This Apache security vulnerability is easy to exploit and has the potential to wreak havoc on systems, but luckily only manifests in non-default configurations of Cassandra," Omer Kaspi, security researcher at DevOps firm JFrog, said in a technical write-up published Tuesday.

A zero-day remote code-execution bug in the Magento 2 and Adobe Commerce platforms has been actively exploited in the wild, Adobe said - prompting an emergency patch to roll out over the weekend. If you are running Magento 2.3 or 2.4, install the custom patch from Adobe ASAP, ideally within the next few hours;.

The MXview software uses the MQTT server to distribute most of its IPC/RPC messages, they added, and most of the MXview APIs use the MQTT protocol to receive and handle requests. Mosquitto enables MQTT over Websockets, so that users can receive MQTT data via a web browser.

Tens of thousands of WordPress sites are at risk from critical vulnerabilities in a widely used plug-in that facilitates the use of PHP code on a site. The plug-in does precisely what its name suggests, allowing WordPress site developers to put PHP code in various components of a site, including pages, posts and sidebars.