In Brief Cisco customers once again find themselves needing to patch critical vulnerabilities in Switchzilla's gear.
The equipment maker has emitted fixes or updates for multiple CVE-listed vulnerabilities in the Treck IP stack (the Ripple20 bugs), Data Center Network Manager, and SD-WAN. Those patches should be applied ASAP.
A high-rated path traversal vulnerability was patched in the Adaptive Security Appliance and Firepower Threat Defense software.
Additionally, there were five high-rated bulletins posted for flaws in Data Center Network Manager, as well as another three for security issues considered to be medium-level risks.
Admins are advised to test and install any applicable patches as soon as possible.
China's got the Pope on the ropes
China is being blamed for a series of attacks on networks at the Vatican.
Analyst house Recorded Future said [PDF] Chinese state-sponsored hacking crews took aim at the Catholic church to gain intel ahead of talks between the Vatican and the Chinese Communist Party (CCP) set to take place this September.
The researchers attributed the attacks to RedDelta, a hacking group assumed to be working on behalf of the Chinese government, armed with hacking and monitoring software that is shared between a number of other state-sponsored hacking operations.
"Due to RedDelta's targeting of organizations that heavily align to Chinese strategic interests, use of shared tooling traditionally used by China-based groups, and overlaps with a suspected Chinese state-sponsored threat activity group, Insikt Group believes that the group likely operates on behalf of the People’s Republic of China (PRC) government," says Recorded Future.
KDE warns of archiving flaw
It may or may not be the year of Linux on the desktop, but it's the week of KDE getting pwned on Linux desktops.
KDE has issued an alert over CVE-2020-16116, an arbitrary file write vulnerability in Ark.
The flaw is due to improper handling of archives and allows for files to be written outside of the extraction directory by malicious archives. In practice, this means a dodgy archive downloaded from the internet could place command scripts in the file system that are automatically run when the user logs in, gaining code execution on the victim's box.
Users are advised to update their copies of Ark to version 20.08.0 or later. A patch for older versions is also available.
Dallas cop caught uploading child abuse images
A Texas police officer has been arrested and charged with sharing child sex abuse images.
35-year-old Daniel Lee Collins, a senior corporal with the Dallas Police Department's auto theft unit, is believed to have used the city's own IT network to upload the explicit images to a pair of accounts he owned.
The images were flagged by Google as child abuse imagery and turned over to investigators, who found that the same accounts were also accessed from Collins' home.
The officer was arrested and charged with one count of transportation of child pornography.
"Law enforcement officers take an oath to protect and serve," US Attorney Erin Nealy Cox said of the case. "This defendant allegedly undermined that vow, preying upon our most vulnerable." ®