Citrix has made available a new permanent fix for a critical vulnerability CVE-2019-19781 in affected versions of Citrix SD-WAN WANOP. The update comes nearly five days after Citrix provided firmware updates for the same vulnerability in Application Delivery Controller (ADC) and Citrix Gateway products. An unathenticated attacker could exploit the vulnerability and execute arbitrary code.
Cisco has patched a high risk vulnerability CVE-2020-3142 in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites. An unauthenticated actor could join a password-protected meeting without inputting the meeting password.
Cisco has patched a critical vulnerability CVE-2019-16028 in the web-based management interface of Cisco Firepower Management Center (FMC). An unauthenticated, remote attacker could bypass authentication and execute arbitrary code on impacted FMC devices.
Security firm Verint analyzed the top 20 vulnerabilities to patch now that are under active attack and exploited by cyber attack groups worldwide. The report is aimed at assisting security teams in prioritizing and enhancing their organization's patch management efforts.
Microsoft issued an out-of-bound security update for a SharePoint Server vulnerability CVE-2019-1491.
The CERT Coordination Center (CERT/CC) has released a security advisory for multiple "SACK Panic" vulnerabilities that impact Linux kernels. To add, a related flaw also impacts FreeBSD.
Mozilla has released Firefox version 67, ESR 60.7 and Thunderbird 60.7 to address multiple vulnerabilities.
Oracle has released its Critical Patch Update for January 2019 to include 284 vulnerability fixes across multiple products. Oracle continues to receive reports of remote attackers attempting to maliciously exploit unpatched vulnerabilities.
Attackers are using a variant of the infamous Mirai IoT botnet dubbed "Miori" to exploit a Remote Code Execution (RCE) vulnerability in ThinkPHP, a free open-source PHP framework.
A security researcher going by the name of SandboxEscaper has published online a new proof-of-concept (POC) for a new zero-day vulnerability that impacts Windows systems.