Security News

Google today announced the expansion of the Open Source Vulnerabilities database to include information on bugs identified in Go, Rust, Python, and DWF open source projects. Launched in February 2021 with details on thousands of vulnerabilities from Google's OSS-Fuzz project, the OSV database is meant to provide automated, improved vulnerability triage for both developers and users of open source software.

Germany-based industrial solutions provider Weidmueller on Wednesday informed customers that it has patched a dozen vulnerabilities affecting some of its industrial WLAN devices. Weidmueller provides a wide range of connectivity, electronics, automation, assembly and workplace products to organizations worldwide, particularly in the machinery, energy, device manufacturing, transportation, process, and building infrastructure sectors.

An estimated 30 million Dell computers are affected by several vulnerabilities that may enable an attacker to remotely execute code in the pre-boot environment, Eclypsium researchers have found. The vulnerabilities affect 128 Dell models of consumer and business laptops, desktops, and tablets, including devices protected by Secure Boot and Dell Secured-core PCs. The problem resides in the BIOSConnect feature of Dell SupportAssist, a solution that comes preinstalled on most Windows-based Dell machines and helps users troubleshoot and resolve hardware and software problems.

A BlueVoyant report highlights critical vulnerabilities within the defense supply chain ecosystem. Cybersecurity gaps were identified in the subcontractors' security practices to garner a better understanding of the security posture of less visible members of the complex defense supply chain.

Multiple vulnerabilities recently patched in Zephyr's Bluetooth LE stack could be exploited to cause denial of service conditions, prevent further connections, or even leak sensitive information, according to a warning from researchers at the Synopsys Cybersecurity Research Center. The platform includes support for multiple network protocols, including the full Bluetooth LE stack.

Vulnerabilities in the Zephyr real-time operating system's Bluetooth stack have been identified, leaving a wide variety of Internet of Things devices open to attack - unless upgraded to a patched version of the OS. A security advisory released by Synopsys this afternoon highlights eight key vulnerabilities in Zephyr's Bluetooth Low Energy software stack. The vulnerabilities, discovered through use of Synopsys's Defensics fuzzing software, are exploitable when the devices are in advertising mode and accepting connections from remote devices - putting a wide range of gadgets at risk.

Eight vulnerabilities discovered in the Drawings software development kit made by Open Design Alliance impact products from Siemens and likely other vendors. Dgn design files, is affected by several vulnerabilities that can be exploited by convincing the targeted user to open a specially crafted file.

A researcher has identified several vulnerabilities, including ones that have been rated high severity, in Cisco's Small Business 220 series smart switches. The vulnerabilities were discovered by security researcher Jasper Lievisse Adriaanse, and they impact switches that run firmware versions earlier than 1.2.0.6 and have the web-based management interface enabled - the interface is enabled by default.

Vulnerabilities in firmware are a steadily growing percentage of the new issues added to the NIST National Vulnerability Database: five times as many attacks are happening as only four years ago. All that is why Microsoft is buying ReFirm Labs, home of the open-source Binwalk tool, whose Centrifuge firmware platform automates the process of running static analysis to discover what firmware vulnerabilities you're already exposed to.

Dynatrace announced its new Davis Security Advisor, an AI-powered enhancement to the Dynatrace Application Security Module that automatically surfaces, prioritizes, and details the software libraries and open-source packages representing the greatest risk to an organization. This empowers DevSecOps teams to make more informed, real-time decisions and address the most critical vulnerabilities first, which allows them to reduce the risk facing their organization with greater confidence and efficiency, leaving more time to drive innovation.