Security News > 2020 > July

A UK man who woke up one morning to discover his bank account being charged for satnav services linked to a car he'd sold months previously has expressed his frustration at Mazda and TomTom over the strange affair. His vehicle included a dashboard-mounted in-car entertainment suite powered by TomTom, which later proved to be the source of some strange goings-on that cost him money and made him fear that his personal data had been saved by the car and was now allowing someone else to bill him for the in-car satnav.

Earlier this week, Citrix released security updates for Citrix Application Delivery Controller, Citrix Gateway, and the Citrix SD-WAN WANOP appliance, and urged admins to apply them as soon as possible to reduce risk. On Thursday SANS ISC's Dr. Johannes Ullrich spotted attackers attempting to exploit two of the Citrix vulnerabilities on his F5 BigIP honeypot.

A zero-day vulnerability has been discovered in Zoom video conferencing software for Windows that could allow an attacker to execute arbitrary code on a victim's computer running Microsoft Windows 7 or older. The vulnerability has been discovered by a researcher who reported it to Acros Security, who then reported the flaw to the Zoom security team earlier today.

Despite these record CVE numbers, the actual number of updates have been down; we haven't seen Exchange or SQL Server updates in a while. Keep your eyes open on Tuesday to see if these CVEs show up in the cumulative monthly update.

Public cloud adoption continues to surge, with roughly 83% of all enterprise workloads expected to be in the cloud by the end of the year. While cloud adoption has transformed the way applications are built and managed, it has also precipitated a radical rethink of how to approach security.

Such techniques and practices form a key part of endpoint security and help protect both computer systems and sensitive data assets from loss, as well as security threats that can be deployed via physical plug-in USB devices. The most authoritarian approach is to block the use of USB devices altogether, either by physically covering endpoint USB ports or by disabling USB adapters throughout the operating system.

Analysis of the overall results, which are some of the first to emerge from the pandemic, found that while companies excelled in the areas of traditional management, technology systems were rated by employees as outdated and inefficient for company performance. Study participants gave their companies high marks in areas of goal setting, alignment, and inspiring performance - meaning that even with the disruption of office closures, workers feel supported by and aligned with their employer while working remotely.

A dozen vulnerabilities have been found in OpenClinic GA, a popular open source hospital management system, including flaws that can be exploited to access sensitive information or install malware on the hosting server. OpenClinic GA is described as an "Integrated hospital information management system covering management of administrative, financial, clinical, lab, x-ray, pharmacy, meals distribution and other data." The product is used worldwide and it has been downloaded nearly 120,000 times from SourceForge.

Alfresco Software, an open source, content services provider announced the availability of Alfresco Policy and Procedures as a Service, a new Content Accelerator hosted in Alfresco Cloud. Alfresco Policy and Procedures as a Service is a no code, tailored solution accelerator using modern search features and reporting tools that enables business users to quickly and easily locate, change, approve, and release both simple business procedures as well as more complex and regulated manufacturing and operations documents.

With this offering, enterprises get the exact same complete set of modern cloud services, APIs, industry-leading SLAs, superior price-performance, and highest levels of security available from Oracle's public cloud regions in their own datacenters. Over the past few years, enterprise adoption of public clouds has gone mainstream as companies took advantage of the pay-as-you-go economics, scale, and agility of cloud computing.