Adobe releases final Flash Player update, warns of 2021 kill switch
www.bleepingcomputer.com/news/software/adobe-releases-final-flash-player-update-warns-of-2021-kill-switch/ After 24 years of fun games and abuse by threat actors, Adobe has released their final Flash Player update and thanked everyone for the fantastic content that they have released over the years. Starting in January 2021, all browser developers will remove Adobe Flash entirely from their browser or have already done so. Once it is removed, there will be no way to install Adobe Flash Player again.
Microsoft Office security updates fix critical SharePoint RCE bugs
www.bleepingcomputer.com/news/security/microsoft-office-security-updates-fix-critical-sharepoint-rce-bugs/ The highlights of this month’s Microsoft Office security updates are without a doubt the two RCE security bugs affecting Microsoft SharePoint. While the first one tracked as CVE-2020-17121 requires attackers to have basic user privileges for exploitation, the second one tracked as CVE-2020-17118 can be exploited remotely without authentication. For successfully exploiting CVE-2020-17118 in low complexity attacks, attackers are also required to trick targets into opening maliciously crafted Office files. Based on the information provided by Microsoft in the security advisory, CVE-2020-17118 proof-of-concept exploit code is also available (although probably shared privately)
Zero-day in WordPress SMTP plugin abused to reset admin account passwords
www.zdnet.com/article/zero-day-in-wordpress-smtp-plugin-abused-to-reset-admin-account-passwords/ A patch has been released earlier this week but many WordPress sites remained unpatched – as usual. The zero-day was used in attacks over the past weeks and was patched on Monday. It impacts Easy WP SMTP, a plugin that lets site owners configure the SMTP settings for their website’s outgoing emails. also:
Following FireEye Hack, Ensure These 16 Bugs Are Patched
www.bankinfosecurity.com/blogs/following-fireeye-hack-ensure-these-16-bugs-are-patched-p-2977 “The stolen tools range from simple scripts used for automating reconnaissance to entire frameworks that are similar to publicly available technologies such as Cobalt Strike and Metasploit, ” FireEye says. “Some of the tools are publicly available tools modified to evade basic security detection mechanisms. Other tools and frameworks were developed in-house for our red team.”
FBI confirms Zodiac Killer’s 340 cipher solved by trio of amateur math and software codebreakers
www.theregister.com/2020/12/12/zodiac_killers_cipher_solved/ A team of code breakers has solved a cipher attributed to the Zodiac Killer, a serial murderer known for a Northern California killing spree in the late 1960s who has still not been identified or apprehended.