Security News

Adobe has released a large Patch Tuesday security update that fixes critical vulnerabilities in Magento and important bugs in Adobe Connect. In total, Adobe fixed 29 vulnerabilities with today's updates.

Industrial control systems vendors and other organizations have published advisories to address a couple of serious denial of service vulnerabilities affecting a widely used licensing and DRM solution made by Germany-based Wibu-Systems. CodeMeter is designed to protect software against piracy and reverse engineering, it offers licensing management capabilities, and it includes security features that provide protection against tampering and other attacks.

Researchers have identified more than a dozen vulnerabilities in the NicheStack TCP/IP stack, which appears to be used by many operational technology vendors. The vulnerabilities are collectively tracked as ??INFRA:HALT. The security holes, discovered by researchers from ??Forescout Research Labs and JFrog Security Research, can be exploited by an attacker for remote code execution, denial-of-service attacks, information leaks, TCP spoofing, and DNS cache poisoning.

Intelligence agencies in Australia, the U.K., and the U.S. issued a joint advisory on Wednesday detailing the most exploited vulnerabilities in 2020 and 2021, once again demonstrating how threat actors are able to swiftly weaponize publicly disclosed flaws to their advantage. "Cyber actors continue to exploit publicly known-and often dated-software vulnerabilities against broad target sets, including public and private sector organizations worldwide," the U.S. Cybersecurity and Infrastructure Security Agency, the Australian Cyber Security Centre, the United Kingdom's National Cyber Security Centre, and the U.S. Federal Bureau of Investigation noted.

Armis researchers have unearthed critical vulnerabilities in Swisslog Healthcare's Translogic pneumatic tube system, which plays a crucial role in patient care in more than 3,000 hospitals worldwide. Attackers exploiting the vulnerabilities could gain complete control over the PTS network, negatively affect the functioning of the system and damage sensitive materials, compromise sensitive information, and interfere with the hospitals' workflows.

IP cameras offered by a dozen vendors are exposed to remote attacks due to several serious vulnerabilities found in the firmware they all share, according to France-based cybersecurity firm RandoriSec. RandoriSec researchers discovered many critical and high-severity vulnerabilities in IP camera firmware made by UDP Technology, a South Korea-based company that provides digital video solutions for the security and IP surveillance industries.

A joint security advisory issued today by several cybersecurity agencies from the US, the UK, and Australia reveals the top 30 most targeted security vulnerabilities of the last two years. "Collaboration is a crucial part of CISA's work and today we partnered with ACSC, NCSC and FBI to highlight cyber vulnerabilities that public and private organization should prioritize for patching to minimize risk of being exploited by malicious actors," said Eric Goldstein, CISA Executive Assistant Director for Cybersecurity.

Industrial automation software provider CODESYS this month informed customers about a dozen vulnerabilities affecting various products. Vulnerabilities in CODESYS software could have serious implications considering that it's used in the industrial control systems made by several major companies.

Vulnerabilities in the Zimbra enterprise webmail solution could allow an attacker to gain unrestricted access to an organization's sent and received email messages, software security firm SonarSource reveals. In June, Zimbra released patches for multiple security issues in the webmail solution, including two bugs identified by Simon Scannell, a security researcher with SonarSource.

Security researchers warn of three new zero-day vulnerabilities in the Kaseya Unitrends service and advise users not to expose the service to the Internet. Kaseya Unitrends is a cloud-based enterprise backup and disaster recovery solution that is offered as a stand-alone solution or as an add-on for the Kaseya VSA remote management platform.