Software giant SAP has released October 2020 Security Patch Day that includes 15 separate security advisories and patches. One of the Critical patches fixes an OS Command Injection Vulnerability CVE-2020-6364 in CA Introscope Enterprise Manager.
The Apache Software Foundation has patched a Tomcat HTTP/2 Request mix-up vulnerability CVE-2020-13943. A cyber attacker could exploit this vulnerability to steal sensitive information.
A WordPress plugin WPBakery Authenticated Stored Cross-Site Scripting (XSS) vulnerability has exposed over 4M sites.
Microsoft has worked with telecommunications providers worldwide to take down TrickBot malware infrastructure.
Advanced persistent threat actors (APTs) are exploiting multiple legacy vulnerabilities in combination with newer "Zerologon" to target government networks, critical infrastructure, and elections organizations.
QNAP Systems has patched two access control vulnerabilities that affect QTS Helpdesk software.
Cisco has patched high risk Webex Teams, video surveillance camera and Identity Services Engine (ISE) vulnerabilities.
Google has released Chrome 86.0.4240.75 security update for Windows, Mac and Linux. An attacker could exploit these vulnerabilities to take control of impacted systems.
A new IoT botnet dubbed Ttint now targets two Tenda router 0-day vulnerabilities to spread a Remote Access Trojan (RAT) based on Mirai botnet source code.
Security experts warned of a new malware variant dubbed SlothfulMedia has been used by a "sophisticated cyber actor."