A group of hackers have been using compromised websites to launch watering hole attacks against iPhone users who visit the websites. The attacks also use five different exploit chains and exploit 0-day vulnerabilities that don't require any user interaction.
Apple released security updates and emergency patch for iOS and macOS (CVE-2019-8605). In all, the company released iOS 12.4.1, macOS Mohave 10.14.6, watchOS 5.3.1 and tvOS 12.4.1.
Google has released a new security update for Chrome browser 76.0.3809.132 for Windows, Mac and Linux.
Hackers are targeting vulnerable VPN products from Pulse Secure and Fortinet that pose risks to enterprise networks.
Cisco has released security updates to patch critical vulnerabilities in Cisco Integrated Management Controller (IMC) Supervisor, Unified Computing System (UCS) Director, and UCS Director Express for Big Data.
UK's cybersecurity organization NCSC issued a warning that Python 2 is fast approaching its end-of-life (EOL) on January 1, 2020. After that time, organizations will no longer be able to get bug fixes or security patches.
A security researcher discovered a backdoor in the popular web-based utility used to remotely manage Unix-based servers, to include Linux, FreeBSD and OpenBSD systems.
Security researchers have identified a security vulnerability related to encryption on Bluetooth BR/EDR connections. As a result, an unauthenticated attacker near the vulnerable device could exploit the issue and escalate privileges or steal information.
Microsoft issued the August 2019 Security Updates on Tuesday that include 93 unique vulnerability fixes, 29 of those rated critical. In addition, two of the patches address two critical Remote Code Execution (RCE) "wormable" vulnerabilities (CVE-2019-1181 and CVE-2019-1182) in Remote Desktop Services.
Adobe has released security updates for multiple products to include Adobe Acrobat and Reader, Photoshop CC, Creative Cloud Desktop Application and others.