Security News

Google on Wednesday announced the availability of the July 2021 security updates for the Android operating system, which include patches for over 40 vulnerabilities. Seventeen of the vulnerabilities were addressed with the 2021-07-01 security patch level.

The U.S. Cybersecurity and Infrastructure Security Agency on Tuesday published an advisory to inform organizations about a total of 15 vulnerabilities affecting Philips Vue healthcare products. The flaws, many of which exist in third-party components, affect several Philips Clinical Collaboration Platform Portal products, including MyVue, Vue Speech and Vue Motion, CISA said.

Several critical and high-severity vulnerabilities have been identified in programmable logic controller and human-machine interface products made by WAGO, a German company specializing in electrical connection and automation solutions. "By chaining the shared memory overflow vulnerability and the out-of-bound read vulnerability, we were able to create a full blown pre-auth remote code execution to take over any WAGO PFC100/200 device remotely," Katz told SecurityWeek.

Netgear has patched serious security vulnerabilities in its DGN2200v1 network router, following the discovery of "Very odd behaviour" by a Microsoft security research team - a somewhat understated way of saying that attackers can gain "Complete control over the router." As a result, it's possible for remote attackers to take over the router at any time - as discovered by members of the Microsoft 365 Defender Research Team.

Netgear has patched serious security vulnerabilities in its DGN2200v1 network router, following the discovery of "Very odd behaviour" by a Microsoft security research team - a somewhat understated way of saying that attackers can gain "Complete control over the router." As a result, it's possible for remote attackers to take over the router at any time - as discovered by members of the Microsoft 365 Defender Research Team.

Germany-based industrial solutions provider Phoenix Contact last week informed customers that a total of 10 vulnerabilities have been identified across several of the company's products. According to advisories published by Phoenix Contact and Germany's , which coordinates cybersecurity issues related to industrial automation, the vulnerabilities were reported to the company by various researchers and companies.

Malvuln has catalogued hundreds of vulnerabilities discovered in malware, and while the project has yet to actually prove useful to anyone, its developer is not discouraged. Malvuln, an interesting project of security researcher John Page, catalogues vulnerabilities discovered in malware and provides information on how those vulnerabilities can be exploited.

As 5G private networks roll out in the coming years, security may be a key issue for enterprises. A survey released at Mobile World Congress on Monday shows that major gaps persist in security capabilities among mobile operators.

A high-severity vulnerability patched recently by Fortinet in its FortiWeb web application firewall can be exploited to execute arbitrary commands. Rey Medov, a researcher at Russian enterprise cybersecurity firm Positive Technologies, discovered that the FortiWeb firewall - specifically its management interface - is affected by a vulnerability that can allow a remote, authenticated attacker to execute commands on the system via the SAML server configuration page.

Pling presents itself as a marketplace for creative folk to upload Linux desktop themes and graphics, among other things, in the hope of making a few quid from supporters. It comes in two parts: code needed to run your own bling bazaar, and an Electron-based app users can install to manage their themes from a Pling souk.