Security News

The highlight of this month's Microsoft Office security updates is without a doubt CVE-2020-16947, a remote code execution vulnerability that leads to remote code execution when previewing or opening maliciously crafted emails with a vulnerable Microsoft Outlook version. CVE-2020-16947 affects several Office products including Microsoft Outlook 2016 and Microsoft Office 2019, as well as Microsoft 365 Apps for Enterprise.

Microsoft has pushed out fixes for 87 security vulnerabilities in October - 11 of them critical - and one of those is potentially wormable. "Coming in at 53 of the 87 vulnerabilities, patching the OS knocks out 60 percent of the vulnerabilities listed, along with over half of the critical RCE vulnerabilities resolved today."

The flaw stems from a NULL Pointer Dereference error and plagues the Windows, macOS, Linux and ChromeOS versions of Adobe Flash Player. Adobe is warning of a critical vulnerability in its Flash Player application for users on Windows, macOS, Linux and ChromeOS operating systems.

Adobe has patched a critical arbitrary code execution vulnerability in Flash Player. "Successful exploitation could lead to an exploitable crash, potentially resulting in arbitrary code execution in the context of the current user," Adobe explained in its advisory.

Adobe has released a security update for a critical remote code execution vulnerability in Adobe Flash Player that could be exploited by simply visiting a website. Adobe Flash has long been a source of security vulnerabilities that allow attackers to install malware, execute commands, and takeover of computers when visiting malicious websites.

A team of researchers has received hundreds of thousands of dollars in bug bounties from Apple for reporting 55 vulnerabilities, including ones that exposed source code, employee and customer apps, warehouse software, and iCloud accounts. Researchers Sam Curry, Brett Buerhaus, Ben Sadeghipour, Samuel Erb and Tanner Barnes decided in early July to take part in Apple's bug bounty program and attempt to find as many vulnerabilities as possible in the tech giant's systems and services.

Microsoft is warning that cybercriminals have started to incorporate exploit code for the ZeroLogon vulnerability in their attacks. Over the years, the actor has been in attacks delivering a wide variety of malware, from backdoors to ransomware.

The investment will be used to significantly scale the company through rapid expansion into the mission-critical SaaS applications market, starting with protection and compliance for Salesforce and SuccessFactors applications. This new support for mission-critical SaaS applications enables Onapsis to execute its vision of protecting the intelligent enterprise and accelerating digital transformation initiatives by delivering cybersecurity and compliance solutions for all mission-critical applications running on-premises and hosted on cloud Infrastructure as a Service, Platform as a Service and Software as a Service, as well as the API-based integrations between them.

Google is rolling out 35 security fixes, and a new password feature, in Chrome 86 versions for Windows, Mac, Android and iOS users. Google's latest version of its browser, Chrome 86, is now being rolled out with 35 security fixes - including a critical bug - and a feature that checks if users have any compromised passwords.

QNAP has addressed two critical security vulnerabilities in the Helpdesk app that could enable potential attackers to take over unpatched QNAP network-attached storage devices. Helpdesk is the built-in app that comes with QNAP's NAS devices and allows admins to submit help requests to the QNAP support team over the Internet.