Two Critical Flaws in Zoom Could've Let Attackers Hack Systems via Chat
If you're using Zoom—especially during this challenging time to cope with your schooling, business, or social engagement—make sure you are running the latest version of the widely popular video conferencing software on your Windows, macOS, or Linux computers.
New Android Malware Steals Banking Passwords, Private Data and Keystrokes
NA new type of mobile banking malware has been discovered abusing Android's accessibility features to exfiltrate sensitive data from financial applications, read user SMS messages, and hijack SMS-based two-factor authentication codes.
Microsoft Issues Patches for 4 Bugs Exploited as Zero-Day in the Wild
It's April 2020 Patch Tuesday, and during these challenging times of coronavirus pandemic, this month's patch management process would not go easy for many organizations where most of the resources are working remotely.
New Zoom Hack Lets Hackers Compromise Windows and Its Login Password
Zoom has been there for nine years, but the immediate requirement of an easy-to-use video conferencing app during the coronavirus pandemic overnight made it one of the most favorite communication tool for millions of people around the globe.
Warning — Two Unpatched Critical 0-Day RCE Flaws Affect All Windows Versions
Microsoft today issued a new security advisory warning billions of Windows users of two new critical, unpatched zero-day vulnerabilities that could let hackers remotely take complete control over targeted computers.
New Android Cookie-Stealing Malware Found Hijacking Facebook Accounts
A new simple but dangerous strain of Android malware has been found in the wild that steals users' authentication cookies from the web browsing and other apps, including Chrome and Facebook, installed on the compromised devices.
Warning — Unpatched Critical 'Wormable' Windows SMBv3 Flaw Disclosed
Shortly after releasing its monthly batch of security updates, Microsoft late yesterday separately issued an advisory warning billions of its Windows users of a new critical, unpatched, and wormable vulnerability affecting Server Message Block 3.0 (SMBv3) network communication protocol.
Microsoft Issues March 2020 Updates to Patch 115 Security Flaws
Microsoft today released security updates to fix a total of 115 new security vulnerabilities in various versions of its Windows operating system and related software—making March 2020 edition the biggest ever Patch Tuesday in the company's history.
Critical PPP Daemon Flaw Opens Most Linux Systems to Remote Hackers
The US-CERT today issued advisory warning users of a new dangerous 17-year-old remote code execution vulnerability affecting the PPP daemon (pppd) software that comes installed on almost all Linux based operating systems, as well as powers the firmware of many other networking devices.
GhostCat: New High-Risk Vulnerability Affects Servers Running Apache Tomcat
If your web server is running on Apache Tomcat, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it.
Adobe Releases First 2020 Patch Tuesday Software Updates
Adobe today released software updates to patch a total of 9 new security vulnerabilities in two of its widely used applications, Adobe Experience Manager and Adobe Illustrator.
It's the first Patch Tuesday for the year 2020 and one of the lightest patch releases in a long time for Adobe users.
Moreover, none of the security vulnerabilities patched this month were either publicly disclosed or found being actively exploited in the wild.
5 of the 9 security vulnerabilities are 'critical' in severity, and all of them affect Adobe Illustrator CC versions 24.0 and earlier, which were reported to the company by Fortinet's FortiGuard Labs researcher Honggang Ren.
According to an advisory published by Adobe, all five critical issues in Adobe Illustrator software are memory corruption bugs that could allow an attacker to execute arbitrary code on targeted systems in the context of the current user.
The rest 4 security vulnerabilities affect Adobe Experience Manager—a comprehensive content management solution for building websites, mobile apps, and forms—none of which are critical in severity but should be patched at your earliest convenience.
That's also because Adobe has marked security updates for Adobe Experience Manager with a priority rating of 2, which means similar flaws have previously been seen exploited in the wild, but for now, the company has found no evidence of any exploitation of these vulnerabilities in the wild.
These reported issues—which include: reflected cross-site scripting, user interface injection, and expression language injection—affect multiple versions of Adobe Experience Manager, all leading to sensitive information disclosure, where three of them are important in severity and one moderate.
Adobe today released Illustrator CC 2019 version 24.0.2 for Windows operating system and patches for Adobe Experience Manager versions 6.3, 6.4, and 6.5.
Adobe recommends end-users and administrators to install the latest security updates as soon as possible to protect their systems and businesses from potential cyber-attacks.