Researchers have disclosed details of three new security vulnerabilities affecting operational technology (OT) products from CODESYS and Festo that could lead to source code tampering and denial-of-service (DoS). The vulnerabilities, reported by Forescout Vedere Labs, are the latest in a long list of flaws collectively tracked under the name OT:ICEFALL. "These issues exemplify … [Read more...] about 3 New Vulnerabilities Affect OT Products from German Festo and CODESYS Companies
Products
SonicWall Issues Patch for Critical Bug Affecting its Analytics and GMS Products
Network security company SonicWall on Friday rolled out fixes to mitigate a critical SQL injection (SQLi) vulnerability affecting its Analytics On-Prem and Global Management System (GMS) products. The vulnerability, tracked as CVE-2022-22280, is rated 9.4 for severity on the CVSS scoring system and stems from what the company describes is an "improper neutralization of special … [Read more...] about SonicWall Issues Patch for Critical Bug Affecting its Analytics and GMS Products
128 vulnerabilities in Microsoft products
In a traditional patch Tuesday update, Microsoft fixed a total of 128 vulnerabilities in various products and components. Of those, at least 10 are critical, at least two were known before the release of the patches and at least one of them was already actively exploited by unknown attackers. This is why it is a good idea update the operating system and other products as soon … [Read more...] about 128 vulnerabilities in Microsoft products
Secret Backdoor Account Found in Several Zyxel Firewall, VPN Products
Zyxel has released a patch to address a critical vulnerability in its firmware concerning a hardcoded undocumented secret account that could be abused by an attacker to login with administrative privileges and compromise its networking devices. The flaw, tracked as CVE-2020-29583 (CVSS score 7.8), affects version 4.60 present in wide-range of Zyxel devices, including Unified … [Read more...] about Secret Backdoor Account Found in Several Zyxel Firewall, VPN Products
Critical Unpatched VMware Flaw Affects Multiple Corporates Products
VMware has released temporary workarounds to address a critical vulnerability in its products that could be exploited by an attacker to take control of an affected system. "A malicious actor with network access to the administrative configurator on port 8443 and a valid password for the configurator admin account can execute commands with unrestricted privileges on the … [Read more...] about Critical Unpatched VMware Flaw Affects Multiple Corporates Products
SMB Cybersecurity: More products, more problems?
The importance of a simplified approach to security As cybercriminals continue to find new ways to breach security defenses, keeping your organization secure may start to feel overwhelming. Security teams are constantly striving to stay ahead, but it can be difficult to decide what to prioritize. So, in a sea of new security products and recommendations, how can small and … [Read more...] about SMB Cybersecurity: More products, more problems?
Citrix Issues Critical Patches for 11 New Flaws Affecting Multiple Products
Citrix yesterday issued new security patches for as many as 11 security flaws that affect its Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WAN Optimization edition (WANOP) networking products.Successful exploitation of these critical flaws could let unauthenticated attackers perform code injection, information disclosure, and even denial-of-service attacks … [Read more...] about Citrix Issues Critical Patches for 11 New Flaws Affecting Multiple Products
WebAuthn Passwordless Authentication Now Available for Atlassian Products
Atlassian solutions are widely used in the software development industry. Many teams practicing agile software development rely on these applications to manage their projects.Issue-tracking application Jira, Git repository BitBucket, continuous integration and deployment server Bamboo, and team collaboration platform Confluence are all considered to be proven agile … [Read more...] about WebAuthn Passwordless Authentication Now Available for Atlassian Products