Microsoft has released the October 2020 Security updates that includes patches for 87 vulnerabilities, 11 of them rated Critical. The update also includes a patch for a Critical "Bad Neighbor" vulnerability and two out-of-band patches.
Software giant SAP has released October 2020 Security Patch Day that includes 15 separate security advisories and patches. One of the Critical patches fixes an OS Command Injection Vulnerability CVE-2020-6364 in CA Introscope Enterprise Manager.
The Apache Software Foundation has patched a Tomcat HTTP/2 Request mix-up vulnerability CVE-2020-13943. A cyber attacker could exploit this vulnerability to steal sensitive information.
A WordPress plugin WPBakery Authenticated Stored Cross-Site Scripting (XSS) vulnerability has exposed over 4M sites.
Microsoft has worked with telecommunications providers worldwide to take down TrickBot malware infrastructure. TrickBot traces its roots back to 2016 as a modular banking trojan designed to steal information and distribute other malware to infected systems.
Advanced persistent threat actors (APTs) are exploiting multiple legacy vulnerabilities in combination with newer "Zerologon" to target government networks, critical infrastructure, and elections organizations.
QNAP Systems has patched two access control vulnerabilities that affect QTS Helpdesk software.
Cisco has patched high risk Webex Teams, video surveillance camera and Identity Services Engine (ISE) vulnerabilities.
Google has released Chrome 86.0.4240.75 security update for Windows, Mac and Linux. An attacker could exploit these vulnerabilities to take control of impacted systems.
A new IoT botnet dubbed Ttint now targets two Tenda router 0-day vulnerabilities to spread a Remote Access Trojan (RAT) based on Mirai botnet source code.