Security News
Zyxel's network storage boxes, business VPN gateways, firewalls, and, er, security scanners can be remotely hijacked by any miscreant, due to a devastating security hole in the firmware. If a miscreant can't directly connect to a vulnerable Zyxel device, "There are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable device," noted Carnegie Mellon's CERT Coordination Center in its advisory on the matter.
Less than a month after the patching of a critical RCE flaw in OpenSMTPD, OpenBSD's mail server, comes another call to upgrade to the latest version, as two additional security holes have been plugged. CVE-2020-8794 is an out-of-bounds read flaw introduced in December 2015 and can - depending on the vulnerable OpenSMTPD version - lead to the execution of arbitrary shell commands either as root or as any non-root user.
Google yesterday released a new critical software update for its Chrome web browser for desktops that will be rolled out to Windows, Mac, and Linux users over the next few days. The latest Chrome 80.0.3987.122 includes security fixes for three new vulnerabilities, all of which have been marked 'HIGH' in severity, including one that has been reportedly exploited in the wild.
The fix is part of the February Patch Tuesday update that features a record 99 security vulnerabilities including 12 marked as 'critical' and 87 'important'. The first indication of the IE zero-day, now identified as CVE-2020-0674, appeared when Mozilla fixed a very similar issue in Firefox on 8 January, less than two days after the appearance of version 72.
The company released three new High priority Security Notes and 10 Medium priority notes this month. The Hot News Security Note is an update for the supported Chromium version in SAP Business Client, which was initially released on April 2018 Patch Day.
Microsoft today released updates to plug nearly 100 security holes in various versions of its Windows operating system and related software, including a zero-day vulnerability in Internet Explorer that is actively being exploited. A dozen of the vulnerabilities Microsoft patched today are rated "Critical," meaning malware or miscreants could exploit them remotely to gain complete control over an affected system with little to no help from the user.
To mark the occasion, Microsoft has released fixes for 99 vulnerabilities - 12 critical, one of which is being exploited in the wild - and Adobe 42, most of which are critical and none actively exploited. Microsoft fixed nearly 100 vulnerabilities this Tuesday, interspersed through a number of products: Windows, Edge, IE, SQL Server, Exchange Server, Office, and more.
A few hours after Adobe today released security updates for five of its widely-distributed software, Microsoft also issued its February 2020 Patch Tuesday edition with patches for a total of 99 new vulnerabilities. All supported versions of Microsoft Windows also contain a critical RCE flaw that an attacker with a domain user account can exploit to execute arbitrary code on the targeted system with elevated permissions.
A few hours after Adobe today released security updates for five of its widely-distributed software, Microsoft also issued its February 2020 Patch Tuesday edition with patches for a total of 99 new vulnerabilities. All supported versions of Microsoft Windows also contain a critical RCE flaw that an attacker with a domain user account can exploit to execute arbitrary code on the targeted system with elevated permissions.
Wuhan coronavirus exploited to deliver malware, phishing, hoaxesThe Wuhan coronavirus continues to spread and create anxiety across the globe, allowing malicious individuals and groups to exploit the situation to spread fake news, malware and phishing emails. USB armory Mk II: A secure computer on a USB stick featuring open source hardware designThe hardware security professionals at F-Secure have created a new version of the USB armory - a computer on a USB stick built from the ground up to be secure.