Security News > 2020 > April

Adobe has patched five vulnerabilities in its ColdFusion, After Effects and Digital Editions products, but none of the flaws appears too serious. In ColdFusion 2016 and 2018, Adobe addressed three important-severity vulnerabilities related to insufficient input validation, DLL hijacking, and improper access control.

Cybercriminals aren't sparing medical professionals, hospitals and healthcare orgs on the frontlines of the coronavirus pandemic when it comes to cyberattacks, ransomware attacks and malware. Researchers have shed light on two recently uncovered malware campaigns: one targeting a Canadian government healthcare organization and a Canadian medical research university, and the other hitting medical organizations and medical research facilities worldwide.

Before getting into specifics, it's important to set the context and acknowledge that these recommendations are predicated on the fact that security teams are very familiar with IT networks but not OT networks. OT networks have no modern security controls, which provides an opportunity to build a security program from scratch.

Cyberattackers are disguising themselves as big name brands to execute phishing attacks, a Check Point Research report found. Phishing is known as a social engineering method criminals use to fraudulently steal information, which is then used to gain access to devices or networks, according to TechRepublic's phishing cheat sheet.

Google has decided to keep support for the File Transfer Protocol in Chrome a bit longer, after initially saying it would completely remove it in Chrome 82. Due to the lack of support for secure connections or proxies, the implementation of FTP in Chrome creates security risks for users.

A data set containing 3,954,416 Quidd user credentials was found on a prominent dark web hacking forum, Risk Based Security reports. The data discovered on the dark web, RBS security researchers say, is not up for sale, but access to it is not restricted.

While Zoom Video Communications is trying to change the public's rightful perception that, at least until a few weeks ago, Zoom security and privacy were low on their list of priorities, some users are already abandoning the ship. In the meantime, several governments and prominent companies have prohibited staff and employees from using Zoom for work.

Siemens has released six new advisories for its April 2020 Patch Tuesday updates, including three that inform customers about the impact of the SegmentSmack vulnerability on some of the company's industrial products. Researcher Juha-Matti Tilli discovered in 2018 that the Linux kernel was affected by two vulnerabilities that could be exploited to launch remote denial-of-service attacks by sending specially crafted packets to the targeted system.

OnePlus 7 Pro devices made by China-based smartphone manufacturer OnePlus Technology were affected by a vulnerability that could have been exploited to obtain users' fingerprints. Synopsys will release technical details at a later date, but a brief advisory made public on Tuesday reveals that the vulnerability could have been exploited by a malicious Android application with root privileges on the targeted OnePlus 7 Pro phone to obtain bitmap fingerprint images from the device's trusted execution environment, an area designed to keep sensitive data and code isolated and protected against unauthorized access.

The Wired article argued that it is essential to engineer a way to provide remote access to control system environments for critical infrastructure services such as water, electricity, and fuel refining during the coronavirus crisis. Through server replication, critical infrastructure sites enable 100% real-time visibility into protected networks, 100% protection from remote attacks, with a number of options for truly secure remote access in this time of crisis.