Monthly Archives: July 2020

Headmade Materials completes €1.9 million funding round

Left to right: Christian Staudigel and Christian Fischer, co-founders and Managing Directors of Headmade Materials (Courtesy Headmade Materials GmbH) Headmade Materials GmbH, Würzburg, Germany, a developer of Cold Fusion metal Additive Manufacturing technology, reports that it has completed a €1.9 million funding round thanks to Industrial Technologies Fund of btov Partners, a European venture capital firm.  Headmade Materials was  founded in 2019 as a spin-off from the Würzburg-based polymer research institute SKZ, and its sinter-based Cold FusionAM technology was developed for the serial production of metal parts using an existing ecosystem of machines and processes in Additive Manufacturing and Powder Metallurgy.  Headmade Materials… Source link

Read More »

Week in review: Counterfeit Cisco switches, hijacked Twitter accounts, vulnerable SAP applications

Here’s an overview of some of last week’s most interesting news and articles: New wave of attacks aiming to rope home routers into IoT botnetsA Trend Micro research is warning consumers of a major new wave of attacks attempting to compromise their home routers for use in IoT botnets. High-profile Twitter accounts hijacked to push Bitcoin scam. How did it happen?The Twittersphere went into overdrive as a bunch of prominent, verified Twitter accounts were hijacked and started promoting a COVID-19 cryptocurrency giveaway scam. Critical flaw gives attackers control of vulnerable SAP business applicationsSAP has issued patches to fix a critical vulnerability (CVE-2020-6287) that can lead to total compromise of vulnerable SAP installations by a remote, unauthenticated attacker.

Read More »

Twitter’s bad, no good Wednesday. US has been on the offense in cyberspace. Cozy Bear targets COVID-19 vaccine research.

By the CyberWire staff Twitter’s bad, no good Wednesday. Twitter sustained a major hack Wednesday afternoon in which a number of high-profile, verified Twitter accounts began posting bitcoin scams. The accounts affected included those belonging to Joe Biden, Barack Obama, Elon Musk, Jeff Bezos, Bill Gates, Apple, Uber, Kanye West, Kim Kardashian, Warren Buffet, and Michael Bloomberg, as well as the Twitter accounts used by major cryptocurrency exchanges and sites (Gemini, Coinbase, Binance, KuCoin, TRON Foundation, CoinDesk). Twitter said the attack was the result of “what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.” In response, the social media platform restricted the… Source link

Read More »

Adobe eliminates four critical bugs

Adobe Systems on Patch Tuesday issued fixes for 13 vulnerabilities — four critical — spread out among five products, including Download Manager, ColdFusion, Genuine Service, Media Encoder and the Creative Cloud Desktop Application. Download Manager 2.0.0.518 for Windows contains a command injection flaw (CVE-2020-9688), that can cause arbitrary code execution. Discovered by researcher Dhiraj Mishra, the bug has been repaired with the release of version 2.0.0.529. Two more critical vulnerabilities that can result in arbitrary code execution were found in Media Encoder 14.2 and earlier versions for Windows. Discovered by the Trend Micro Zero Day Initiative and fixed in version 14.3, the bugs (CVE-2020-9650, CVE-2020-9646) are caused by an out-of-bounds write… Source link

Read More »

July 2020 Patch Tuesday: Microsoft plugs wormable Windows DNS Server RCE flaw

On this July 2020 Patch Tuesday, Microsoft has plugged 18 critical and 105 high-severity flaws, Adobe has delivered security updates for ColdFusion, Adobe Genuine Service, Adobe Download Manager, Adobe Media Encoder and Adobe Creative Cloud Desktop Application, and Oracle is set to deliver fixes for 433 vulnerabilities. Microsoft’s updates For the fifth month in a row, Microsoft has fixed over 100 CVE-numbered vulnerabilities: 123, to be precise. First and foremost, one of the fixed vulnerabilities has been especially singled out: CVE-2020-1350, a “wormable” remote code execution flaw in the Windows DNS Server service that affects all Windows Server versions. The vulnerability could be exploited to achieve unauthenticated code execution at the level of Local System… Source link

Read More »

Microsoft July 2020 Patch Tuesday: 123 vulnerabilities, 18 Critical!

Tag CVE ID CVE Title Severity .NET Framework CVE-2020-1147 .NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability Critical Azure DevOps CVE-2020-1326 Azure DevOps Server Cross-site Scripting Vulnerability Important Internet Explorer CVE-2020-1432 Skype for Business via Internet Explorer Information Disclosure Vulnerability Important Microsoft Edge CVE-2020-1433 Microsoft Edge PDF Information Disclosure Vulnerability Important Microsoft Edge CVE-2020-1462 Skype for Business via Microsoft Edge (EdgeHTML-based) Information Disclosure Vulnerability Important Microsoft Graphics Component CVE-2020-1355 Windows Font Driver Host Remote Code Execution Vulnerability Important Microsoft Graphics Component CVE-2020-1468 Windows GDI Information… Source link

Read More »

Adobe Discloses Critical Code-Execution Bugs in July Update – Threatpost

The software giant released patches for four critical vulnerabilities and five different platforms. Adobe has released its scheduled July 2020 security updates, covering flaws in five different product areas: Creative Cloud Desktop; Media Encoder; Download Manager; Genuine Service; and ColdFusion. Four of the bugs are rated critical in severity, with the others ranked as important. Most of the important flaws involve privilege escalation, with the critical bugs opening the door to more dangerous attacks. “Updates to both Adobe Download Manager and Media Encoder address critical vulnerabilities (CVE-2020-9688, 9646, and 9650) that could lead to arbitrary code execution,” Justin Knapp, product marketing manager at Automox, told… Source link

Read More »

Adobe fixes critical bugs in Creative Cloud, Media Encoder

Adobe has released security updates to address four critical vulnerabilities that could allow attackers to execute arbitrary code and write arbitrary files on Windows devices running vulnerable versions of Creative Cloud, Adobe Download Manager, and Adobe Media Encoder. The rest of the total of 13 security flaws patched today security issues could lead to privilege escalation via Lack of Exploit Mitigations, insecure file permissions, DLL search-order hijacking, insecure library loading, and symlink vulnerabilities, and an out-of-bounds read that can enable attackers to gain access to information beyond their permissions. These important severity vulnerabilities were found in Adobe ColdFusion and Adobe Genuine Service, and they affect both Windows and macOS devices running… Source link

Read More »

Cornerstone Avows iBank Security As Adobe Alleges ‘Potential Risks’ In Suit – The Beat

Please enter a valid email address and click ‘Submit’. The entered E-mail was address not found. Please enter your email address below to receive an email with instructions for resetting your Password. Send Email E-mail address successfully verified. Your Password reset instructions have been e-mailed to you and should arrive shortly. If you do not receive the email shortly, be sure to check your junk email settings to allow emails from the address [email protected] If you have any questions or problems, please contact our Customer Care… Source link

Read More »