Security News > 2020

Microsoft today released updates to fix 113 security vulnerabilities in its various Windows operating systems and related software. Many security news sites are reporting that Microsoft addressed a total of four zero-day flaws this month, but it appears the advisory for a critical Internet Explorer flaw has been revised to indicate Microsoft has not yet received reports of it being used in active attacks.

A fifth flaw, was publicly disclosed but not exploited in the wild. Of more interest are the critical flaws in Hyper-V and VBScript that allow remote code execution via a guest account or a VBScript engine code break.

A new report from BleepingComputer found that cybercriminals are selling and trading the credentials for more than 500,000 Zoom accounts associated with companies like Chase and Citibank as well as schools like Dartmouth College, the University of Florida, and the University of Vermont. Earlier this month, a report from cybersecurity firm IntSights by cyber threat analyst Charity Wright and chief security officer Etay Maor found that there has been increased chatter across the dark web about ways to take advantage of the increased usage of Zoom globally.

Microsoft has released its April 2020 Patch Tuesday security updates, its first big patch update released since the work-from-home era truly got underway. "The primary way would be to socially engineer a user into visiting a website containing the malicious code, whether owned by the attacker, or a compromised website with the malicious code injected into it. An attacker could also socially engineer the user into opening a malicious Microsoft Office document that embeds the malicious code."

For the April 2020 Patch Tuesday, Adobe plugs 5 flaws and Microsoft 113, three of which are currently being exploited by attackers. One of the patches fixes CVE-2020-0968, a RCE in Internet Explorer 11 and 9, which Microsoft initially flagged as being exploited in the wild.

Microsoft's Update Tuesday patches for April 2020 address 113 vulnerabilities, including three Windows flaws that have been exploited in attacks for arbitrary code execution and privilege escalation. Microsoft has patched two actively exploited remote code execution vulnerabilities related to the Adobe Type Manager Library.

This is a current list of where and when I am scheduled to speak: I'm being interviewed on "Hacking in the Public Interest" as part of the Black Hat Webcast Series, on Thursday, April 16, 2020 at...

Adobe released security patches for vulnerabilities in its ColdFusion, After Effects and Digital Editions applications. Overall Adobe patched flaws tied to five CVEs as part of its regularly scheduled security updates, Tuesday.

The TA505 cybercrime group has ramped up its attacks lately, with a set of campaigns bent on spreading the persistent SDBbot remote-access trojan laterally throughout an entire corporate environment, researchers said. SDBbot RAT is a custom job that has been observed in TA505 attacks since at least September 2019; it offers remote-access capabilities and has a few spyware aspects, including the ability to exfiltrate data from the victimized devices and networks.

One tech company is harnessing artificial intelligence, thermal imaging, and real-time surveillance data to mitigate the spread of the coronavirus. As the coronavirus pandemic continues to take its toll on populations and economies around the globe, governments and private industries are harnessing real-time monitoring solutions and artificial intelligence to mitigate the spread. However, these surveillance technologies also bring up a litany of concerns related to privacy, civil liberties, and data collection.