Yearly Archives: 2020

Adobe out-of-band security updates for Photoshop, Prelude, Bridge

A week after July 2020 Patch Tuesday, Adobe has released out-of-band security updates to fix thirteen vulnerabilities – twelve of which critical – in Adobe Photoshop, Bridge, Prelude, and Reader Mobile. The good news is that none of these vulnerabilities are currently being exploited in the wild, and that most of them are in products that have historically not been a target for attackers. Out-of-band updates Adobe considers the update for the mobile versions of Reader for Android to be the one users and admins should implement soon, even though it fixes “just” a single information disclosure flaw. The Adobe Photoshop updates deliver fixes for Photoshop CC 2019 and Photoshop 2020 on Windows and macOS, which resolve five critical out-of-bounds read/write issues that… Source link

Read More »

Adobe issues emergency fixes for critical vulnerabilities in Photoshop, Bridge, Prelude

Adobe has released an out-of-band emergency security update for Photoshop, Prelude, and Bridge.  On Tuesday, a week after issuing the firm’s standard monthly security update, Adobe published security advisories revealing a total of 13 vulnerabilities, 12 of which are deemed critical.  Five vulnerabilities have now been resolved in Photoshop CC 2019 — versions 20.0.9 and earlier — and Photoshop 2020 — versions 21.2 and earlier — on Windows machines.  See also: Adobe wants users to uninstall Flash Player by the end of the year CVE-2020-9683 and CVE-2020-9686 are out-of-bounds read issues in the photo editing software, whereas CVE-2020-9684, CVE-2020-9685, and… Source link

Read More »

Chinese Hackers Charged in Decade-Long Crime and Spying Spree

Li Xiaoyu had a problem. At some point in his decade-long hacking spree with former college classmate Dong Jiazhi, as alleged in a recent Justice Department indictment, the Chinese national found himself unable to break into the mail server of a Burmese human rights group. The usual methods apparently hadn’t worked. For Li, the solution came from having a friend in high places: An officer with China’s Ministry of State Security handed him zero-day malware—unknown to security vendors, and so harder to defend against—to help finish off the job. Other countries have long blurred the lines between criminal and state-sponsored hacking, particularly Russia, Iran, and North Korea. But in a detailed indictment unsealed by the Department of Justice Tuesday, the United States has for the… Source link

Read More »

Headmade Materials completes €1.9 million funding round

Left to right: Christian Staudigel and Christian Fischer, co-founders and Managing Directors of Headmade Materials (Courtesy Headmade Materials GmbH) Headmade Materials GmbH, Würzburg, Germany, reports that it has completed a €1.9 million funding round thanks to Industrial Technologies Fund of btov Partners, a European venture capital firm. Headmade Materials was founded in 2019 as a spin-off from the Würzburg-based polymer research institute SKZ, and its sinter-based Additive Manufacturing process, which it calls Cold Fusion AM, was developed for the serial production of metal parts using an existing ecosystem of machines and processes in Additive Manufacturing and Powder Metallurgy.  Headmade Materials explains that the AM process is carried out with standard polymer SLS… Source link

Read More »

Headmade Materials completes €1.9 million funding round

Left to right: Christian Staudigel and Christian Fischer, co-founders and Managing Directors of Headmade Materials (Courtesy Headmade Materials GmbH) Headmade Materials GmbH, Würzburg, Germany, a developer of Cold Fusion metal Additive Manufacturing technology, reports that it has completed a €1.9 million funding round thanks to Industrial Technologies Fund of btov Partners, a European venture capital firm.  Headmade Materials was  founded in 2019 as a spin-off from the Würzburg-based polymer research institute SKZ, and its sinter-based Cold FusionAM technology was developed for the serial production of metal parts using an existing ecosystem of machines and processes in Additive Manufacturing and Powder Metallurgy.  Headmade Materials… Source link

Read More »

Headmade Materials completes €1.9 million funding round

Left to right: Christian Staudigel and Christian Fischer, co-founders and Managing Directors of Headmade Materials (Courtesy Headmade Materials GmbH) Headmade Materials GmbH, Würzburg, Germany, a developer of Cold Fusion metal Additive Manufacturing technology, reports that it has completed a €1.9 million funding round thanks to Industrial Technologies Fund of btov Partners, a European venture capital firm.  Headmade Materials was  founded in 2019 as a spin-off from the Würzburg-based polymer research institute SKZ, and its sinter-based Cold FusionAM technology was developed for the serial production of metal parts using an existing ecosystem of machines and processes in Additive Manufacturing and Powder Metallurgy.  Headmade Materials… Source link

Read More »

Week in review: Counterfeit Cisco switches, hijacked Twitter accounts, vulnerable SAP applications

Here’s an overview of some of last week’s most interesting news and articles: New wave of attacks aiming to rope home routers into IoT botnetsA Trend Micro research is warning consumers of a major new wave of attacks attempting to compromise their home routers for use in IoT botnets. High-profile Twitter accounts hijacked to push Bitcoin scam. How did it happen?The Twittersphere went into overdrive as a bunch of prominent, verified Twitter accounts were hijacked and started promoting a COVID-19 cryptocurrency giveaway scam. Critical flaw gives attackers control of vulnerable SAP business applicationsSAP has issued patches to fix a critical vulnerability (CVE-2020-6287) that can lead to total compromise of vulnerable SAP installations by a remote, unauthenticated attacker.

Read More »

Twitter’s bad, no good Wednesday. US has been on the offense in cyberspace. Cozy Bear targets COVID-19 vaccine research.

By the CyberWire staff Twitter’s bad, no good Wednesday. Twitter sustained a major hack Wednesday afternoon in which a number of high-profile, verified Twitter accounts began posting bitcoin scams. The accounts affected included those belonging to Joe Biden, Barack Obama, Elon Musk, Jeff Bezos, Bill Gates, Apple, Uber, Kanye West, Kim Kardashian, Warren Buffet, and Michael Bloomberg, as well as the Twitter accounts used by major cryptocurrency exchanges and sites (Gemini, Coinbase, Binance, KuCoin, TRON Foundation, CoinDesk). Twitter said the attack was the result of “what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.” In response, the social media platform restricted the… Source link

Read More »

Adobe eliminates four critical bugs

Adobe Systems on Patch Tuesday issued fixes for 13 vulnerabilities — four critical — spread out among five products, including Download Manager, ColdFusion, Genuine Service, Media Encoder and the Creative Cloud Desktop Application. Download Manager 2.0.0.518 for Windows contains a command injection flaw (CVE-2020-9688), that can cause arbitrary code execution. Discovered by researcher Dhiraj Mishra, the bug has been repaired with the release of version 2.0.0.529. Two more critical vulnerabilities that can result in arbitrary code execution were found in Media Encoder 14.2 and earlier versions for Windows. Discovered by the Trend Micro Zero Day Initiative and fixed in version 14.3, the bugs (CVE-2020-9650, CVE-2020-9646) are caused by an out-of-bounds write… Source link

Read More »

July 2020 Patch Tuesday: Microsoft plugs wormable Windows DNS Server RCE flaw

On this July 2020 Patch Tuesday, Microsoft has plugged 18 critical and 105 high-severity flaws, Adobe has delivered security updates for ColdFusion, Adobe Genuine Service, Adobe Download Manager, Adobe Media Encoder and Adobe Creative Cloud Desktop Application, and Oracle is set to deliver fixes for 433 vulnerabilities. Microsoft’s updates For the fifth month in a row, Microsoft has fixed over 100 CVE-numbered vulnerabilities: 123, to be precise. First and foremost, one of the fixed vulnerabilities has been especially singled out: CVE-2020-1350, a “wormable” remote code execution flaw in the Windows DNS Server service that affects all Windows Server versions. The vulnerability could be exploited to achieve unauthenticated code execution at the level of Local System… Source link

Read More »