Security News

Citrix on Tuesday released patches to address multiple vulnerabilities in Citrix Endpoint Management, which allow an attacker to gain administrative privileges on affected systems. The severity of the identified vulnerabilities, which carry the CVE identifiers CVE-2020-8208, CVE-2020-8209, CVE-2020-8210, CVE-2020-8211, and CVE-2020-8212, differs based on the installed version of XenMobile.

Adobe on Tuesday informed customers that it has patched 26 vulnerabilities in its Acrobat and Reader products, including 11 critical flaws that can be exploited to bypass security features and for arbitrary code execution. The remaining two critical vulnerabilities can allow an attacker to bypass security features.

A series of vulnerabilities affecting Samsung's Find My Mobile could have been chained to perform various types of activities on a compromised smartphone, a researcher from Portugal-based cybersecurity services provider Char49 revealed at the DEF CON conference on Friday. Find My Mobile is designed to help users find lost Samsung phones.

Security researchers have identified hundreds of vulnerabilities that expose devices with Qualcomm Snapdragon chips to attacks. The proprietary subsystem is licensed for programming to OEMs and a small number of application developers, and the code running on DSP is signed, but the security researchers have identified ways to bypass Qualcomm's signature and run code on DSP. Vendors can build software for DSP using the Hexagon SDK, and serious security flaws in the development kit itself have resulted in hundreds of vulnerabilities being introduced in code from Qualcomm and partner vendors.

The first entirely virtual edition of the Black Hat cybersecurity conference took place last week and researchers from tens of organizations presented the results of their work from the past year. The Kr00k vulnerability, which allows attackers to decrypt wireless communications, only affects Wi-Fi chips from Broadcom and Cypress, but ESET researchers discovered recently that similar vulnerabilities also exist in chips made by MedaTek and Qualcomm.

Popular video conferencing app Zoom has addressed several security vulnerabilities, two of which affect its Linux client that could have allowed an attacker with access to a compromised system to read and exfiltrate Zoom user data-and even run stealthy malware as a sub-process of a trusted application. After Ahmed privately reported the issues to Zoom in April and subsequently in July, the company issued a fix on August 3.

Researchers have identified more than 30 vulnerabilities across 20 popular content management systems, including Microsoft SharePoint and Atlassian Confluence. "In the most simple attack scenario, the attacker has access to the target CMS applications such as regular Sharepoint users being able to create their own sites and therefore being able to provide their own templates," Muñoz explained.

Vulnerabilities found in protocol gateway devices can facilitate stealthy attacks on industrial systems, enabling threat actors to obtain valuable information and sabotage critical processes. Protocol gateways are small devices designed to ensure that various types of IT and OT devices can communicate with each other even if they use different protocols.

Google on Monday announced the August 2020 security updates for the Android operating system, with patches for a total of more than 50 vulnerabilities. The 2020-08-01 security patch level addresses 14 high-severity vulnerabilities in the Framework, Media Framework, and System components.

Two high-risk vulnerabilities in Meetup, a popular online service that's used to create groups that host local in-person events, allowed attackers to easily take over any Meetup group, access all group functions and assets, and redirect all Meetup payments/financial transactions to their PayPal account. What's more, attackers could create a worm to take over all meetings on the site - including private ones - and do all of these things.