Security News > 2020 > March

The Cyberspace Solarium Commission is a modern iteration of Eisenhower's original 1953 Project Solarium. "Technological change is outpacing the U.S. government's ability to adapt," notes the CSC. As Tom Gann, chief public policy officer at McAfee comments, "Cybersecurity is everyone's responsibility. No one industry, sector, government or individual can adequately address the cyber challenges we face from nation-state actors and other adversaries. The Solarium Commission rightly notes that turning the tide on cyber threats must involve federal, state, local and tribal governments as well as industry, academia and individuals."

Threat intelligence provider Sixgill has announced a new product that allows organizations to integrate a real-time, actionable dark web data feed into any security platform. The newly introduced Darkfeed contains a list of malicious indicators of compromise such as domains, file hashes, and IP addresses that have been extracted from the dark web.

Security updates released this week by Adobe address numerous critical and important vulnerabilities in Genuine Integrity Service, Acrobat and Reader, Photoshop, Experience Manager, ColdFusion, and Bridge. A total of 13 flaws were patched in Acrobat and Reader for Windows and macOS, nine of which are rated critical severity, leading to arbitrary code execution in the context of the current user.

VMware announced on Tuesday that it has patched a serious privilege escalation vulnerability that can be exploited on Mac systems where Fusion, Remote Console or Horizon Client are installed. The vulnerability, tracked as CVE-2020-3950 and classified as high severity, is related to the improper use of setuid binaries, and it impacts Fusion 11.x, VMRC 11.x and prior, and Horizon Client 5.x and prior.

Do you know what information you share within the Google ecosystem? You can easily control what is visible or hidden, from with your Android device. Did you know that you are actually in control of what personal information people see when you create or share content within the Google ecosystem, such as YouTube and Google Drive? If you're serious about your privacy, this is something you should certainly want to take control of.

Despite all the new technologies, strategies, and artificial intelligence being employed by security experts and threat actors alike, one thing remains constant: the human element. Most organizations continue to invest the largest chunk of their security budget on protecting the network perimeter rather than focusing on security controls which can protect against the leading attack vector: privileged access abuse.

Adobe failed to release security updates on March 2020 Patch Tuesday, but has pushed them out this Tuesday, for Acrobat and Reader, Photoshop, ColdFusion, Experience Manager, Bridge, and Genuine Integrity Service. The heftiest updates are those for Photoshop and Acrobat and Reader for Windows and macOS. The Photoshop updates fix 16 vulnerabilities that could be exploited for arbitrary code execution in the context of the current user and 6 that could lead to disclosure of information.

There are ways to protect yourself from this type of malware, as described by Cybereason. In a blog post published on Wednesday entitled "Just Because You're Home Doesn't Mean You're Safe," Cybereason discussed the different types of coronavirus-themed malware and how and where they're being used.

Most ransomware is deployed after hours, and usually several days after the initial compromise, newly published research from FireEye reveals. While performing an analysis of dozens of incidents between 2017 and 2019, FireEye discovered common characteristics related to infection vectors, dwell time, and time of day of ransomware deployment, while also identifying innovations that operators adopted to maximize profits.

Adobe has released out-of-band updates addressing critical vulnerabilities in its Photoshop and Acrobat Reader products, which if exploited could allow arbitrary code-execution. In this most recent group, Adobe Photoshop had the most vulnerabilities fixed, with 22 CVEs addressed overall, 16 of which were critical: "Adobe has released updates for Photoshop for Windows and macOS. These updates resolve multiple critical and important vulnerabilities," according to Adobe's advisory.