Security News > 2020 > August

The SANS Institute has disclosed a security incident which resulted in 28,000 records of personally identifiable information being forwarded to an unknown email address. During the audit, the company identified a forwarding rule on one email account, meant to forward emails to an unknown external address.

The latest series of Patch Tuesday security updates for Windows 10 includes patches for 17 bugs marked 'Critical' and 97 listed as 'Important'. Microsoft has issued fixes for 120 vulnerabilities - including two zero-day exploits - in its latest Patch Tuesday security update for Windows 10.

Mike Stay broke an old zipfile encryption algorithm to recover $300,000 in bitcoin. DefCon talk here....

August 2020 Patch Tuesday was expectedly observed by Microsoft and Adobe, but many other software firms decided to push out security updates as well. The German software corporation known for its enterprise software marked its Security Patch Day with the release of 15 security notes and an update to a previously released one.

SAP this week announced the release of 15 new Security Notes as part of the August 2020 SAP Security Patch Day, including some that address serious vulnerabilities in NetWeaver. A default component of all SAP Enterprise Portal installations, Knowledge Management allows users to manage data sources in multiple formats, to create and modify content and folders, as well as upload files.

"The better way to protect the user is to provide a more intuitive, more friendly experience and a more secure way through passwordless," Chik says. Remote working is a core scenario for Microsoft customers in enterprise, government and education for the rest of this calendar year, the next 12 months and likely beyond, Chik notes: "71% of employees and managers want to continue to work from home, especially when we don't have COVID vaccination, but even in a post-pandemic world, people want the flexibility of being able to work from home." That's helping to put security, identity and MFA in the top five investment areas for security leaders, although CISOs need to improve security for remote workers without reducing their productivity.

We hope you've patched CVE-2020-6262, aka note 2835979, that affects SAP NetWeaver Application Server ABAP, because the folks who found and reported the vulnerability are going public with the details. The infosec biz's Alexander Meier and Fabian Hag found the security hole and reported it to SAP in April.

Intel informed customers on Tuesday that it has patched many potentially serious privilege escalation vulnerabilities in its Server Board products. One advisory published by the tech giant describes over 20 vulnerabilities affecting Intel Server Boards, Server Systems and Compute Modules.

The Tor Project has confirmed someone, or some group, is in control of a large number of Bitcoin-snaffling exit nodes in its anonymizing network, and it's battling to boot them off. One observer reckons more than 23 per cent of the entire Tor network's exit capacity was under the command of one miscreant, or one group of miscreants, at one point in May, with the end goal being the theft of people's cryptocurrency.

Microsoft earlier today released its August 2020 batch of software security updates for all supported versions of its Windows operating systems and other products. Play a video file - thanks to flaws in Microsoft Media Foundation and Windows Codecs.