February 2020 - Securezoo Blog

Ghostcat: Critical Tomcat vulnerability (CVE-2020-1938)

Post author:Frank Crast
Post published:February 28, 2020
Post category:Security Updates & Patches / Vulnerabilities & Exploits

Security researchers have discovered a serious vulnerability CVE-2020-1938 in Apache Tomcat. A bad actor could read or include any files in Tomcat webapp directories.

Kr00k: Wi-Fi encryption vulnerability impacts billion+ devices

Post author:Frank Crast
Post published:February 27, 2020
Post category:Cryptography / Network Security / Vulnerabilities & Exploits

Security researchers have discovered a new vulnerability dubbed Kr00k (or "KrØØk") that impacts devices with Broadcom and Cypress Wi-Fi chips.

Hackers target PayPal’s Google Pay integration

Post author:Frank Crast
Post published:February 26, 2020
Post category:Application Security / Data Breach / Vulnerabilities & Exploits

Hackers discovered a bug in PayPal's Google Pay integration to perform unauthorized transactions via PayPal accounts.

Chrome patches zero-day exploited in the wild

Post author:Frank Crast
Post published:February 26, 2020
Post category:Security Updates & Patches / Vulnerabilities & Exploits / Zero-days

Google has released security update for Chrome (80.0.3987.122) for Windows, Mac and Linux. The update also patches a zero-day vulnerability CVE-2020-6418 exploited in the wild.

OpenSMTPD security updates for two vulnerabilities

Post author:Frank Crast
Post published:February 25, 2020
Post category:Security Updates & Patches / Vulnerabilities & Exploits

Qualys security researchers have discovered two vulnerabilities in OpenBSD's mail server OpenSMTPD. OpenBSD has provided patches for both vulnerabilities.

Threat actors abuse Google Docs Forms to phish Office 365 credentials

Post author:Frank Crast
Post published:February 24, 2020
Post category:Phishing

Threat actors are abusing Google Docs Forms as part of cyber campaign to steal Office 365 credentials.

Adobe patches critical vulnerabilities in Adobe After Effects and Media Encoder

Post author:Frank Crast
Post published:February 21, 2020
Post category:Uncategorized

Adobe has released security updates for critical vulnerabilities in Adobe After Effects and Media Encoder products.

Google releases Chrome security update (80.0.3987.116)

Post author:Frank Crast
Post published:February 21, 2020
Post category:Security Updates & Patches / Vulnerabilities & Exploits

Google has released Chrome 80.0.3987.116 for Windows, Mac and Linux. The update includes five security fixes.

Cisco patches vulnerabilities in multiple products (one Critical CVE-2020-3158)

Post author:Frank Crast
Post published:February 20, 2020
Post category:Network Security / Security Updates & Patches / Vulnerabilities & Exploits

Cisco has released security updates for multiple products to include IOS, Email Security Appliance, Data Center Network Manager and other products. One of the updates also addresses a critical vulnerability in Cisco's Smart Software Manager On-Prem.

Ransomware attack impacts pipeline operations

Post author:Frank Crast
Post published:February 19, 2020
Post category:Business Continuity & Resiliency / Configuration Management / Cybersecurity Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) issued a security alert of a ransomware attack launched against a pipeline operator. In the cyber attack, actors used spear phishing to gain…