Security News > 2020 > March

A vulnerability in the popular Apache Tomcat web server is ripe for active attack, thanks to a proof-of-concept exploit making an appearance on GitHub. The Apache Tomcat open-source web server supports various JavaScript-based technologies, including the Apache JServ Protocol interface, which is where the vulnerability resides.

Multiple zero-day vulnerabilities were actively being exploited in CCTV security cameras manufactured by Taiwan-based LILIN, researchers found. The company, an IP video solution provider, was being targeted by hackers hijacking the company's DVR hardware.

Multiple zero-day vulnerabilities were actively being exploited in CCTV security cameras manufactured by Taiwan-based LILIN, researchers found. The company, an IP video solution provider, was being targeted by hackers hijacking the company's DVR hardware.

Hackers are commandeering victims' Windows PCs by exploiting at least one remote-code-execution flaw in the Adobe Type Manager Library included with the Microsoft operating system. Redmond today warned of two flaws, not yet assigned CVE numbers, present in the font parser - and at least one has been exploited in a "Limited number of attacks" to hijack vulnerable computers.

The story concluded that this dubious service had been scamming people and companies for more than a decade, and promised a Part II to explore who was behind Web Listings. Since at least 2007, Web Listings Inc. has been sending snail mail letters to domain registrants around the world.

Called MalwareBazaar, the service is provided for free for both commercial and non-commercial usage, and only collects known malware samples, which are then shared with the community. Using the service, anyone can download as many malware samples as they like, search for samples by malware family name, fuzzy hashing and tags, and access additional information about malware samples distributed via email by using spamtrap data.

The home confinement of hundreds of millions of people worldwide to halt coronavirus contagion has presented intelligence services with a challenge: monitoring an explosion in internet traffic, above board and not, even as their own capacity is reduced. In a bid to curb virus contagion among their ranks, intelligence services are alternating teams at the office, like many other essential businesses and services continuing to function amid the unprecedented global lockdown.

Microsoft informed customers on Monday that it's working on patches for two Windows zero-day vulnerabilities that can be exploited for remote code execution. According to Microsoft, the vulnerabilities exist due to the way the Windows Adobe Type Manager library handles a "Specially-crafted multi-master font - Adobe Type 1 PostScript format."

Attackers are exploiting two new zero-days in the Windows Adobe Type Manager Library to achieve remote code execution on targeted Windows systems, Microsoft warns. "There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane," the company shared, and said that the Outlook Preview Pane is not an attack vector for this vulnerability.

Microsoft is warning of critical zero-day flaws in its Windows operating system that could enable remote code execution. "Microsoft is aware of limited targeted attacks that could leverage unpatched vulnerabilities in the Adobe Type Manager Library, and is providing the following guidance to help reduce customer risk until the security update is released," according to a Monday Microsoft security advisory.