Citrix has made available a new permanent fix for a critical vulnerability CVE-2019-19781 in affected versions of Citrix SD-WAN WANOP. The update comes nearly five days after Citrix provided firmware updates for the same vulnerability in Application Delivery Controller (ADC) and Citrix Gateway products. An unathenticated attacker could exploit the vulnerability and execute arbitrary code.
Cisco has patched a high risk vulnerability CVE-2020-3142 in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites. An unauthenticated actor could join a password-protected meeting without inputting the meeting password.
Cisco has patched a critical vulnerability CVE-2019-16028 in the web-based management interface of Cisco Firepower Management Center (FMC). An unauthenticated, remote attacker could bypass authentication and execute arbitrary code on impacted FMC devices.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new warning of increased Emotet malware attacks.
Samba has released software updates for three security vulnerabilities that impact Samba products. A remote attacker could take advantage of these bugs and exploit unpatched systems.
Microsoft has introduced a new source code analyzer tool dubbed Microsoft Application Inspector. The tool is designed to "identify interesting features in source code" and can help enable developers understand software components your apps use.
Microsoft issued a new security advisory for a Critical Internet Explorer (IE) vulnerability. Attackers could exploit the scripting engine memory corruption vulnerability CVE-2020-0674 in IE and execute arbitrary code.
Google has released Chrome 79.0.3945.130 for Windows, Mac and Linux. The update includes 11 security fixes.
Oracle has released its Critical Patch Update for January 2020 to include 334 vulnerability fixes across multiple products. The company also continues to receive reports of remote attackers attempting to maliciously exploit unpatched vulnerabilities.
Microsoft issued the January 2020 Security Updates that include 49 unique vulnerability fixes, 8 of those rated critical and 29 rated important. One of the patches addresses a CryptoAPI Spoofing vulnerability CVE-2020-0601. DHS CISA also issued an emergency directive with recommendations to patch this Windows CryptoAPI, Windows Remote Desktop Gateway (RD Gateway), and Windows Remote Desktop Client.