Microsoft September 2020 Patch Tuesday fixes 129 vulnerabilities
www.zdnet.com/article/microsoft-september-2020-patch-tuesday-fixes-129-vulnerabilities/ Twenty critical remote code execution bugs have been patched this month, including in Windows and SharePoint enterprise servers. See also: isc.sans.edu/diary/rss/26544
Critical Adobe Flaws Allow Attackers to Run JavaScript in Browsers
threatpost.com/critical-adobe-flaws-attackers-javascript-browsers/159026/ Adobe patched 11 bugs overall in its Experience Manager; five of those are rated critical severity, and the rest are “important” severity. The critical flaws are all XSS glitches
Intel fixes critical flaw in corporate remote management platform
www.bleepingcomputer.com/news/security/intel-fixes-critical-flaw-in-corporate-remote-management-platform/ Intel today addressed nine security vulnerabilities with the release of the September 2020 Platform Update, one of them being a critical flaw impacting the Active Management Technology (AMT) and Intel Standard Manageability (ISM) platforms. See also:
www.intel.com/content/www/us/en/security-center/default.html
Researcher reveals Google Maps XSS bug, patch bypass
www.zdnet.com/article/researcher-reveals-google-maps-xss-bug-patch-bypass/ The bounty was doubled after the bug bounty hunter realized the original fix had failed.
France, Japan, New Zealand warn of sudden spike in Emotet attacks
www.zdnet.com/article/france-japan-new-zealand-warn-of-sudden-spike-in-emotet-attacks/ N.B. In addition to the countries mentioned in the article Finland and Norway have also released warnings about Emotet activity in recent weeks. NCSC-FI:
www.kyberturvallisuuskeskus.fi/en/emotet-malware-actively-spread-finland. NorCERT:
DoppelPaymer ransomware hits Newcastle University, leaks data
www.bleepingcomputer.com/news/security/doppelpaymer-ransomware-hits-newcastle-university-leaks-data/
Cryptobugs Found in Numerous Google Play Store Apps
threatpost.com/cryptobugs-found-in-numerous-google-play-store-apps/159013/ A new dynamic tool developed by Columbia University researchers flagged cryptography mistakes made in more than 300 popular Android apps. Academics from Columbia University developed a custom tool, CRYLOGGER, that analyzes Android applications for unsafe use of cryptographic code according to 26 basic cryptography rules. Those rules include avoiding the use of: broken hash functions, bad passwords, reusing passwords multiple times, HTTP URL connections or a “badly-derived” key for encryption.