Security News

Cisco this week released patches for high-severity vulnerabilities in Business Process Automation and Web Security Appliance that expose users to privilege escalation attacks. An authenticated, remote attacker able to exploit these could elevate their privileges to administrator, Cisco warned in an advisory.

Google on Wednesday announced the availability of the July 2021 security updates for the Android operating system, which include patches for over 40 vulnerabilities. Seventeen of the vulnerabilities were addressed with the 2021-07-01 security patch level.

The U.S. Cybersecurity and Infrastructure Security Agency on Tuesday published an advisory to inform organizations about a total of 15 vulnerabilities affecting Philips Vue healthcare products. The flaws, many of which exist in third-party components, affect several Philips Clinical Collaboration Platform Portal products, including MyVue, Vue Speech and Vue Motion, CISA said.

Several critical and high-severity vulnerabilities have been identified in programmable logic controller and human-machine interface products made by WAGO, a German company specializing in electrical connection and automation solutions. "By chaining the shared memory overflow vulnerability and the out-of-bound read vulnerability, we were able to create a full blown pre-auth remote code execution to take over any WAGO PFC100/200 device remotely," Katz told SecurityWeek.

Netgear has patched serious security vulnerabilities in its DGN2200v1 network router, following the discovery of "Very odd behaviour" by a Microsoft security research team - a somewhat understated way of saying that attackers can gain "Complete control over the router." As a result, it's possible for remote attackers to take over the router at any time - as discovered by members of the Microsoft 365 Defender Research Team.

Netgear has patched serious security vulnerabilities in its DGN2200v1 network router, following the discovery of "Very odd behaviour" by a Microsoft security research team - a somewhat understated way of saying that attackers can gain "Complete control over the router." As a result, it's possible for remote attackers to take over the router at any time - as discovered by members of the Microsoft 365 Defender Research Team.

Germany-based industrial solutions provider Phoenix Contact last week informed customers that a total of 10 vulnerabilities have been identified across several of the company's products. According to advisories published by Phoenix Contact and Germany's , which coordinates cybersecurity issues related to industrial automation, the vulnerabilities were reported to the company by various researchers and companies.

Malvuln has catalogued hundreds of vulnerabilities discovered in malware, and while the project has yet to actually prove useful to anyone, its developer is not discouraged. Malvuln, an interesting project of security researcher John Page, catalogues vulnerabilities discovered in malware and provides information on how those vulnerabilities can be exploited.

As 5G private networks roll out in the coming years, security may be a key issue for enterprises. A survey released at Mobile World Congress on Monday shows that major gaps persist in security capabilities among mobile operators.

A high-severity vulnerability patched recently by Fortinet in its FortiWeb web application firewall can be exploited to execute arbitrary commands. Rey Medov, a researcher at Russian enterprise cybersecurity firm Positive Technologies, discovered that the FortiWeb firewall - specifically its management interface - is affected by a vulnerability that can allow a remote, authenticated attacker to execute commands on the system via the SAML server configuration page.