Security News > 2020 > April

Microsoft is thinking a lot about how to protect machine learning systems. As the paper points out, a lot of work has been done in finding ways to attack machine learning, but not much on how to defend it.

Adobe has pushed out security updates fixing critical flaws in Magento Commerce, Open Source Enterprise and Community editions, Adobe Illustrator 2020 for Windows, and Adobe Bridge for Windows. The Adobe Illustrator vector graphics editor has been updated to close five critical memory corruption vulnerabilities that could be exploited for arbitrary code execution.

An EU-sponsored GDPR advice website run by Proton Technologies had a vulnerability that let anyone clone it and extract a MySQL database username and password. "The irony of a EU-funded website about GDPR having security issues isn't lost on us," mused the security consultancy.

Updates released by Adobe on Tuesday for the Magento Commerce and Open Source editions address multiple critical severity vulnerabilities that could lead to arbitrary code execution. A total of six critical vulnerabilities were patched in the popular e-commerce platform, none of which requires authentication for a successful exploitation.

While RSA Conference USA - the largest information security conference in the world - managed to take place mere weeks before the World Health Organization declared COVID-19 a pandemic, European countries started closing borders and airlines started suspending routes and grounding planes, most infosec and tech events scheduled to take place after it were doomed. "We have found that immersive, live virtual event platforms, offer the opportunity for interacting with exhibitors, solution providers and peer-to-peer networking. Surprisingly, with respect to otherwise introverted attendees, we've found they're more likely to reach out for networking than at a physical event. While the 'happy hour' might not be quite the same, virtual event platforms have thought through almost every facet of the physical event experience."

While the rate of fraud for ACH payments is relatively low, there is always a risk of bad actors whenever money is moving. When it comes to securing your money transfers, here is everything you need to know about assessing the risks involved in ACH payments.

"The goal of the survey was to take the pulse of the cybersecurity community as many of their organizations began to shift their employee bases and operations to remote work setups in March and April," said Wesley Simpson, COO of². 96% of respondents' organizations have closed their physical work environments and moved to remote work-from-home policies for employees; nearly half said this was the case for all employees, while 49% indicated that at least some employees are working remotely.

Adobe on Tuesday announced that the latest updates for its Bridge and Illustrator products patch 22 vulnerabilities, including many that have been rated critical. A total of 17 vulnerabilities have been fixed with the release of Adobe Bridge 10.0.4 for Windows and macOS. The critical flaws have been described as stack-based buffer overflow, heap overflow, out-of-bounds write, use-after-free, and other memory corruption issues that can lead to arbitrary code execution.

Giving users of smart assistants the option to adjust settings for privacy or content delivery, or both, doesn't necessarily increase their trust in the platform, according to a team of Penn State researchers. Trust in Amazon Alexa went up for regular users who were given the option to adjust their privacy and content settings, the researchers found in a recent study.

Earlier in the quarter, there was a sharp decline in human-driven attacks originating from low-cost 'sweatshop' resources. Automated attacks are easier to scale up quickly, allowing fraudsters to quickly take advantage of the changing digital landscape.