Security News

The company released three new High priority Security Notes and 10 Medium priority notes this month. The Hot News Security Note is an update for the supported Chromium version in SAP Business Client, which was initially released on April 2018 Patch Day.

Microsoft today released updates to plug nearly 100 security holes in various versions of its Windows operating system and related software, including a zero-day vulnerability in Internet Explorer that is actively being exploited. A dozen of the vulnerabilities Microsoft patched today are rated "Critical," meaning malware or miscreants could exploit them remotely to gain complete control over an affected system with little to no help from the user.

To mark the occasion, Microsoft has released fixes for 99 vulnerabilities - 12 critical, one of which is being exploited in the wild - and Adobe 42, most of which are critical and none actively exploited. Microsoft fixed nearly 100 vulnerabilities this Tuesday, interspersed through a number of products: Windows, Edge, IE, SQL Server, Exchange Server, Office, and more.

A few hours after Adobe today released security updates for five of its widely-distributed software, Microsoft also issued its February 2020 Patch Tuesday edition with patches for a total of 99 new vulnerabilities. All supported versions of Microsoft Windows also contain a critical RCE flaw that an attacker with a domain user account can exploit to execute arbitrary code on the targeted system with elevated permissions.

A few hours after Adobe today released security updates for five of its widely-distributed software, Microsoft also issued its February 2020 Patch Tuesday edition with patches for a total of 99 new vulnerabilities. All supported versions of Microsoft Windows also contain a critical RCE flaw that an attacker with a domain user account can exploit to execute arbitrary code on the targeted system with elevated permissions.

Wuhan coronavirus exploited to deliver malware, phishing, hoaxesThe Wuhan coronavirus continues to spread and create anxiety across the globe, allowing malicious individuals and groups to exploit the situation to spread fake news, malware and phishing emails. USB armory Mk II: A secure computer on a USB stick featuring open source hardware designThe hardware security professionals at F-Secure have created a new version of the USB armory - a computer on a USB stick built from the ground up to be secure.

More than 80 percent of organizations impacted by CVE-2019-19781, a critical vulnerability in the Citrix Application Delivery Controller and Gateway, have already taken steps to secure their deployments. The security bug impacts multiple versions of Citrix ADC and Gateway, but Citrix has already released permanent patches for all of them, as attacks started to ramp up.

Originally planned for Q4 2019, Microsoft has pushed the first part of this update out to March 2020. As explained in the advisory, the "Windows Updates in March 2020 add new audit events, additional logging, and a remapping of Group Policy values that will enable hardening LDAP Channel Binding and LDAP Signing."

Roughly a fifth of the public-facing Citrix devices vulnerable to the CVE-2019-19781 remote-hijacking flaw, aka Shitrix, remain unpatched and open to remote attack. Positive Technologies today estimated that thousands of companies remain open to the takeover vulnerability in Citrix ADC and Gateway.

US-based cyber hygiene and patch management company Automox this week announced that it has raised $30 million in a Series B funding round, which brings the total raised by the firm to $42 million. Automox says it will use the money to improve its platform and expand sales and marketing teams.