Security News

Google this week announced the release of patches for 37 vulnerabilities as part of the Android security updates for March 2021, including a fix for a critical flaw in the System component. Tracked as CVE-2021-0397 and affecting Android 8.1, 9, 10, and 11 releases, the security issue could allow an attacker to execute code remotely on a vulnerable device.

The latest version of the Unc0ver jailbreak leverages a vulnerability that Apple said had been exploited before it released a patch in January. Jailbreaks remove restrictions and give users greater control over their iPhone or iPad. The developers of the jailbreak named Unc0ver recently announced the availability of version 6.0.0, which they claim works on all versions of iOS between 11.0 and 14.3 on many iPhones and iPads, including the iPhone 12 Pro launched a few months ago.

A critical vulnerability discovered in a firewall appliance made by Germany-based cybersecurity company Genua could be useful to threat actors once they've gained access to an organization's network, according to Austrian cybersecurity consultancy SEC Consult. Genua Genugate is a firewall designed for protecting internal networks against external threats, segmenting internal networks, and protecting machine-to-machine communications.

Just one day after VMware announced the availability of patches for a critical vulnerability affecting vCenter Server, hackers have started scanning the internet for vulnerable servers. The flaw, tracked as CVE-2021-21972, affects the vSphere Client component of vCenter Server and it can be exploited by a remote, unauthenticated attacker to execute arbitrary commands with elevated privileges on the operating system that hosts vCenter Server.

Google's cybersecurity research unit Project Zero on Wednesday disclosed the details of a recently patched Windows vulnerability that can be exploited for remote code execution. Dominik Röttsches of Google and Mateusz Jurczyk of Google Project Zero have been credited for reporting the issue to Microsoft.

Cisco has addressed a maximum severity authentication bypass vulnerability found in the API endpoint of the Cisco ACI Multi-Site Orchestrator installed on the Application Services Engine. "A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device," Cisco explained.

Researchers found, and Microsoft has patched, a vulnerability in Windows Defender that has been around for twelve years. There is no evidence that anyone has used the vulnerability during that time.

A heavily downloaded Node.js library has a high severity command injection vulnerability revealed this month. Put simply, "Systeminformation" is a lightweight Node.js library that developers can include in their project to retrieve system information related to CPU, hardware, battery, network, services, and system processes.

Ep, all-in-one, risk-based vulnerability management platform designed to scale as dynamic compute requirements change. Ep combines the company's products - Tenable.io Vulnerability Management, Tenable.io Web Application Scanning, Tenable.io Container Security and Tenable Lumin - into one platform, enabling customers to see all of their assets and vulnerabilities in a single dashboard alongside key threat, exploit and prioritization metrics.

Today, developers at small or large companies use package managers to download and import libraries that are then assembled together using build tools to create a final app. For these apps, companies will often use private libraries that they store inside a private package repository, hosted inside the company's own network.