Microsoft issued the February 2020 Security Updates that include 101 unique vulnerability fixes, 13 of those rated critical. The update also includes a patch for an IE zero-day scripting engine vulnerability CVE-2020-0674 disclosed in January.
The National Security Agency (NSA) has released guidelines to help organizations mitigate cloud vulnerabilities. The NSA document includes four classes of vulnerabilities at most risk to threat actors.
The Australian Cyber Security Centre (ACSC) has released a security advisory and guidance on Mailto ransomware incidents. Mailto, also known as Kazakavkovkiz, belongs to the KoKo ransomware family.
Google has released Chrome 80 (version 80.0.3987.87) for Windows, Mac and Linux. The update includes a number of fixes and improvements in the popular browser. The company also added a Chrome browser update for Android.
Security experts from Microsoft have revealed threat actors are increasingly using web shell attacks in their campaigns. Microsoft's investigation revealed actors such as ZINC, KRYPTON, and GALLIUM, exploit known vulnerabilities to implant web shells on internet-facing web servers.
Cybercriminals are launching new ransomware attacks against industrial control systems (ICS). The ransomware dubbed Ekans features new functionality designed to stop critical processes related to ICS operations.
Microsoft issued a new security advisory for Intel microcode updates for Windows 10 versions 1903 and 1909. The updates also address a known vulnerability behind a Zombieload attack. In addition, a targeted update for Windows Server 2019 version 1903 was also available.
The FBI has issued a new warning on Magecart e-skimming attacks, used by cybercriminals to steal your credit card or payment card information.
Adobe has released security updates that fix multiple vulnerabilities in Magento Commerce and Open Source editions.
Security researchers have discovered a new vulnerability in OpenBSD's OpenSMTPD mail server. An attacker could exploit the remote code execution vulnerability CVE-2020-7247 and execute arbitrary shell commands with elevated privileges.