Security News > 2020 > June

If you use the Nextcloud mobile app, you'll want to password protect it to ensure you don't leave your sensitive data open for anyone to see.

Zoom's chief executive revealed on Tuesday that free users will not be offered end-to-end encryption as the company wants to assist the FBI and local law enforcement in their investigations. Zoom has promised to take action and it has already started implementing measures that would help it address security and privacy concerns.

A new module for the infamous trojan known as TrickBot has been deployed: A stealthy backdoor that researchers call "BazarBackdoor." Panda Security describes BazarBackdoor as "Enterprise-grade malware," and they linked it back to TrickBot because both pieces of malware share parts of the same code, along with delivery and operation methods.

ASE is used by more than 30,000 organizations globally - including 90 percent of the top banks and security firms worldwide, according to SAP. Researchers disclosed six vulnerabilities that they discovered while conducting security tests for the latest version of the software, ASE 16. While SAP has released patches for both ASE 15.7 and 16.0 in its May 2020 update, researchers disclosed technical details of the flaws on Wednesday, saying "There is no question" that the patches should be applied immediately if they haven't been already.

We couldn't believe it either - it's four weeks since Firefox's last regular security update. If you want to check your version numbers, Firefox 76.0 is now replaced by 77.0; Firefox 68.8.0ESR is now 68.9.0ESR, and the Tor Browser, based on Firefox ESR, is now at version 9.5 and based on 68.9.0ESR. As we've explained before but we'll mention again because it's useful to know, the first two numbers in the ESR version should add up to the leftmost number in the regular release.

If you're the Nextcloud admin for your company or home office, you might want to restrict who has access to the ONLYOFFICE suite of tools. Jack Wallen shows you how.

VMWare's VMware Cloud Director has a security flaw that researchers believe could be exploited to compromise multiple customer accounts using the same cloud infrastructure. A few weeks back, security pen testing company Citadelo chanced upon what looks like a significant vulnerability while it was carrying out an audit for a VMware customer.

Amtrak, the national rail service for the US, has suffered a data breach that may have exposed some customers' logins and other personally identifiable information, the service has disclosed. The rewards program enables customers to earn points - by spending on travel, hotels, car rentals and more - that they can then apply to Amtrak purchases.

Cybersecurity firm Trustwave on Wednesday disclosed the details of several vulnerabilities found by its researchers in SAP Adaptive Server Enterprise. SAP ASE is a relational database management system that is used by many major organizations, particularly in the financial sector.

AppOmni has launched a cloud security posture management product called Enterprise Essentials designed to automate the process of achieving best security practices for all major SaaS platforms, and provide visibility into what is happening to sensitive data in the cloud. He said, "Salesforce is different from ServiceNow in basically every way that matters. The platform is different, the security model is different, trust anchors are different, sharing, data access, provisioning, governance... it's all different. The challenge is that there are so many levers, knobs and switches in each of these SaaS applications that it is really hard to understand where we are in line with best practices, and do we have the right controls in place. The security team, which has more to do than bandwidth to do it, doesn't have time to do six months of training for every SaaS application that their business relies on."