Security News

VMware on Tuesday advised customers using VMware Tools version 10 for Windows to update their installations to version 11 due to a local privilege escalation vulnerability. According to the virtualization giant, the repair operation in VMware Tools 10.x.y is affected by a race condition that allows an attacker who has access to the guest virtual machine to escalate their privileges.

Adobe's January 2020 Patch Tuesday updates address several vulnerabilities in the company's Illustrator and Experience Manager products. While the vulnerabilities have been assigned a severity rating of critical, their priority rating is 3, which means Adobe does not expect any of them to be exploited in attacks.

The security company Check Point has revealed several vulnerabilities in TikTok, the popular Chinese video app that has raised concerns lately from the U.S. military and lawmakers. Check Point says it reported the issues to TikTok on Nov. 20 and Tiktok fixed them by Dec. 15.

Google on Monday published the first Android security bulletin for 2020, with patches for 40 vulnerabilities, including a critical flaw in the Media framework. The Android Security Bulletin for January 2020 was split into two parts: the first addresses 7 vulnerabilities in Framework, Media framework, and System, while the second includes fixes for 33 security flaws in Kernel, Qualcomm, and Qualcomm closed-source components.

Two high-severity buffer overflow vulnerabilities patched in the OpenCV library could lead to arbitrary code execution. OpenCV is an open source library that contains over 2,500 optimized computer vision and machine learning algorithms and which aims to accelerate the use of machine perception in commercial products.

Cisco on Thursday informed customers that it has released software updates for its Data Center Network Manager product to address several critical and high-severity vulnerabilities. All of the serious vulnerabilities patched in DCNM were reported to Cisco by researcher Steven Seeley of Source Incite.

Multiple critical vulnerabilities in Ruckus Wi-Fi routers used throughout the world were disclosed at the 36th Chaos Communication Congress in Leipzig, Germany, held from December 27-30, 2019. Although the devices examined were from the Ruckus Unleashed stable, Zror told SecurityWeek, "I believe the same issues will affect the Ruckus regular routers and other Ruckus devices. Without pre-authentication," he continued, "I can run my own code on those devices. The implication is that I can upload my own malware into the router, and manipulate all the router activity, as I wish. From there I can access any other network, including the corporate network, that may be connected or may also use Ruckus devices."

Two high-severity vulnerabilities recently addressed in the Big Monitoring Fabric application could allow an attacker to remotely access affected systems. Developed by Big Switch Networks, Big Monitoring Fabric is a hybrid cloud visibility and security solution designed to provide customers with the ability to monitor physical, virtual and cloud environments, all through a single dashboard.

Several critical vulnerabilities found by Cisco Talos researchers in programmable logic controllers (PLCs) made by WAGO can be exploited remotely for arbitrary code execution and denial-of-service...

F-Secure consultants have discovered several exploitable vulnerabilities in Barco’s ClickShare wireless presentation system. Attackers can use the flaws to intercept and manipulate information...