Palo Alto Networks fixes critical flaw in PAN-OS firewall software

Posted by & filed under Ειδοποιήσεις.

Palo Alto Networks has fixed a new critical vulnerability affecting multiple versions of PAN-OS, the operating system affecting its next-generation firewalls. The issue received the identification number CVE-2020-2040 and has a severity score of 9.8 out of 10 and requires no user interaction. An unauthenticated attacker can exploit it by sending a malicious request to specific interfaces…. Read more »

Researchers detail bug in wireless devices impacting critical sectors

Posted by & filed under Ειδοποιήσεις.

A vulnerability affecting components used in millions of critical connected devices in the automotive, energy, telecom, and medical sector could let hackers hijack the device or access the internal network. In some cases, the flaw is remotely exploitable over 3G. Researchers found it in the Cinterion EHS8 M2M module from Thales (formerly from Gemalto, acquired by… Read more »

Cisco fixes critical pre-auth flaws allowing router takeover

Posted by & filed under Ειδοποιήσεις.

Cisco today has released security updates to address critical remote code execution (RCE), authentication bypass, and static default credential vulnerabilities affecting multiple router and firewall devices that could lead to full device takeover. Cisco also issued a security update to patch a privilege escalation vulnerability in the Cisco Prime License Manager software. According to the… Read more »

Adobe fixes critical bugs in Creative Cloud, Media Encoder

Posted by & filed under Ειδοποιήσεις.

Adobe has released security updates to address four critical vulnerabilities that could allow attackers to execute arbitrary code and write arbitrary files on Windows devices running vulnerable versions of Creative Cloud, Adobe Download Manager, and Adobe Media Encoder. The rest of the total of 13 security flaws patched today security issues could lead to privilege escalation via Lack of Exploit Mitigations, insecure file… Read more »

Critical SAP Recon flaw exposes thousands of customers to attacks

Posted by & filed under Ειδοποιήσεις.

SAP patched a critical vulnerability affecting over 40,000 customers and found in the SAP NetWeaver AS JAVA (LM Configuration Wizard) versions 7.30 to 7.50, a core component of several solutions and products deployed in most SAP environments. The RECON (short for Remotely Exploitable Code On NetWeaver) vulnerability is rated with a maximum CVSS score of 10 out… Read more »