October 2020 - Page 2 of 3

Google releases Chrome security update (86.0.4240.111)

Uncategorized / Frank Crast / October 21, 2020 / browser, Chrome, Google

Google has released Chrome 86.0.4240.111 security update for Windows, Mac and Linux. An attacker could exploit these vulnerabilities to take control of impacted systems.

Google releases Chrome security update (86.0.4240.111) Read More »

Juniper October security updates for Junos, SRX and other network devices

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / October 17, 2020 / CVE-2020-1657, Juniper, Junos, Networking, SRX

Juniper Networks has released 40 security advisories to fix many vulnerabilities on Junos OS, SRX and multiple other network products.

Juniper October security updates for Junos, SRX and other network devices Read More »

Adobe releases security updates for Magento (APSB20-59)

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / October 17, 2020 / APSB20-59, CVE-2020-24400, CVE-2020-24407, eCommerce, Magento, SQLi

Magento has released security updates to address vulnerabilities in Magento Commerce and Magento Open Source.

Adobe releases security updates for Magento (APSB20-59) Read More »

Microsoft October 2020 Security Updates and “Bad Neighbor” RCE fix (updated)

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / October 16, 2020 / .NET, Adobe, codecs, CVE-2020-16898, CVE-2020-16951, CVE-2020-16952, CVE-2020-17022, CVE-2020-17023, Dynamics, Exchange Server, Flash Player, JET Database, Microsoft, Open Source, PowerSHell, Visual Studio, Windows

Microsoft has released the October 2020 Security updates that includes patches for 87 vulnerabilities, 11 of them rated Critical. The update also includes a patch for a Critical “Bad Neighbor” vulnerability and two out-of-band patches.

Microsoft October 2020 Security Updates and “Bad Neighbor” RCE fix (updated) Read More »

SAP October 2020 Security Patch Day includes fix for Critical OS Command Injection vulnerability

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / October 14, 2020 / CVE-2020-6364, SAP

Software giant SAP has released October 2020 Security Patch Day that includes 15 separate security advisories and patches. One of the Critical patches fixes an OS Command Injection Vulnerability CVE-2020-6364 in CA Introscope Enterprise Manager.

SAP October 2020 Security Patch Day includes fix for Critical OS Command Injection vulnerability Read More »

Apache patches Tomcat HTTP/2 Request mix-up vulnerability (CVE-2020-13943)

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / October 14, 2020 / Apache, CVE-2020-13943, HTTP/2, Tomcat

The Apache Software Foundation has patched a Tomcat HTTP/2 Request mix-up vulnerability CVE-2020-13943. A cyber attacker could exploit this vulnerability to steal sensitive information.

Apache patches Tomcat HTTP/2 Request mix-up vulnerability (CVE-2020-13943) Read More »

WordPress plugin WPBakery vulnerability exposed over 4M sites

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / October 13, 2020 / Wordfence, WordPress, WPBakery, XSS

A WordPress plugin WPBakery Authenticated Stored Cross-Site Scripting (XSS) vulnerability has exposed over 4M sites.

WordPress plugin WPBakery vulnerability exposed over 4M sites Read More »

Microsoft takes down TrickBot malware infrastructure

Cybercrime, Cybersecurity Attacks, Malware / Frank Crast / October 12, 2020 / banking, Emotet, malware, Trickbot

Microsoft has worked with telecommunications providers worldwide to take down TrickBot malware infrastructure. TrickBot traces its roots back to 2016 as a modular banking trojan designed to steal information and distribute other malware to infected systems.

Microsoft takes down TrickBot malware infrastructure Read More »

APT actors exploit legacy internet-facing vulnerabilities in combination with Zerologon to target organizations

Cybersecurity Articles, Cybersecurity Attacks, Vulnerabilities & Exploits / Frank Crast / October 10, 2020 / BIG-IP, CISA, Citrix, CVE-2018-13379, CVE-2019-11510, CVE-2019-19781, CVE-2020-1472, CVE-2020-15505, CVE-2020-2021, CVE-2020-5902, F5, FortiGuard, FortiOS, MobileIron, Netscaler, Palo Alto Networks, Pulse Secure, Zerologon

Advanced persistent threat actors (APTs) are exploiting multiple legacy vulnerabilities in combination with newer “Zerologon” to target government networks, critical infrastructure, and elections organizations.

APT actors exploit legacy internet-facing vulnerabilities in combination with Zerologon to target organizations Read More »

QNAP Helpdesk software vulnerabilities

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / October 9, 2020 / CVE-2020-2506, CVE-2020-2507, NAS, QNAP, QSnatch, storage, VPNFilter

QNAP Systems has patched two access control vulnerabilities that affect QTS Helpdesk software.

QNAP Helpdesk software vulnerabilities Read More »