NCSC-FI News followup

Daily NCSC-FI news followup 2020-09-08

Microsoft September 2020 Patch Tuesday fixes 129 vulnerabilities Twenty critical remote code execution bugs have been patched this month, including in Windows and SharePoint enterprise servers. See also:

Critical Adobe Flaws Allow Attackers to Run JavaScript in Browsers Adobe patched 11 bugs overall in its Experience Manager; five of those are rated critical severity, and the rest are “important” severity. The critical flaws are all XSS glitches

Intel fixes critical flaw in corporate remote management platform Intel today addressed nine security vulnerabilities with the release of the September 2020 Platform Update, one of them being a critical flaw impacting the Active Management Technology (AMT) and Intel Standard Manageability (ISM) platforms. See also:

Researcher reveals Google Maps XSS bug, patch bypass The bounty was doubled after the bug bounty hunter realized the original fix had failed.

France, Japan, New Zealand warn of sudden spike in Emotet attacks N.B. In addition to the countries mentioned in the article Finland and Norway have also released warnings about Emotet activity in recent weeks. NCSC-FI: NorCERT:

DoppelPaymer ransomware hits Newcastle University, leaks data

Cryptobugs Found in Numerous Google Play Store Apps A new dynamic tool developed by Columbia University researchers flagged cryptography mistakes made in more than 300 popular Android apps. Academics from Columbia University developed a custom tool, CRYLOGGER, that analyzes Android applications for unsafe use of cryptographic code according to 26 basic cryptography rules. Those rules include avoiding the use of: broken hash functions, bad passwords, reusing passwords multiple times, HTTP URL connections or a “badly-derived” key for encryption.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.