Security News

Industrial giants Siemens and Schneider Electric on Tuesday released a total of two dozen advisories covering roughly 100 vulnerabilities affecting their products. The 18 new advisories prepared by Siemens for the July 2021 Patch Tuesday cover nearly 80 vulnerabilities impacting the company's products.

VMware on Tuesday announced the availability of patches for vulnerabilities impacting its ESXi hypervisor, Cloud Foundation hybrid cloud platform, and ThinApp application virtualization tool. According to VMware, a malicious actor that has network access to port 5989 on ESXi may send a specially crafted request to bypass SFCB authentication.

There is a lot of attention being paid to continuously updating servers to patch security vulnerabilities on Linux servers running in data centers - a basic step underpinning technology infrastructure in every industry. The survey finds 76% are deploying automated patching procedures and that live patching to fix vulnerabilities is commonly used to avoid downtime that is normally associated with patching.

Adobe has released a giant Patch Tuesday security update release that fixes vulnerabilities in Adobe Dimension, Illustrator, Framemaker, Acrobat, Reader, and Bridge. In total, Adobe fixed 28 vulnerabilities with today's updates.

German software maker SAP has released 12 new security notes as part of its July 2021 security patch day, as well as updates for three previously released security notes. The most important of the new security notes deal with two high-severity vulnerabilities in NetWeaver.

Mitsubishi Electric recently patched critical and high-severity vulnerabilities affecting many of its air conditioning products, mainly centralized controllers. Advisories describing the vulnerabilities were published this month by the U.S. Cybersecurity and Infrastructure Security Agency and Mitsubishi Electric.

IT management solutions provider Kaseya has released patches for the vulnerabilities exploited in the recent ransomware attack, and the company has also started restoring SaaS services. Kaseya shut down its VSA remote monitoring and management product on July 2, shortly after learning of a ransomware attack targeting the company and its customers.

Kaseya has released a security update for the VSA zero-day vulnerabilities used by the REvil ransomware gang to attack MSPs and their customers. Kaseya VSA is a remote management and monitoring solution commonly used by managed service providers to support their customers.

Researchers at cybersecurity firm Rapid7 have uncovered several vulnerabilities in the Sage X3 enterprise resource planning product, including flaws that can be exploited remotely without authentication to take complete control of a system. The critical flaw, tracked as CVE-2020-7388, has been described as an unauthenticated remote command execution issue.

Cisco this week released patches for high-severity vulnerabilities in Business Process Automation and Web Security Appliance that expose users to privilege escalation attacks. An authenticated, remote attacker able to exploit these could elevate their privileges to administrator, Cisco warned in an advisory.