Coldfusion

Week in review: Counterfeit Cisco switches, hijacked Twitter accounts, vulnerable SAP applications

Here’s an overview of some of last week’s most interesting news and articles: New wave of attacks aiming to rope home routers into IoT botnetsA Trend Micro research is warning consumers of a major new wave of attacks attempting to compromise their home routers for use in IoT botnets. High-profile Twitter accounts hijacked to push Bitcoin scam. How did it happen?The Twittersphere went into overdrive as a bunch of prominent, verified Twitter accounts were hijacked and started promoting a COVID-19 cryptocurrency giveaway scam. Critical flaw gives attackers control of vulnerable SAP business applicationsSAP has issued patches to fix a critical vulnerability (CVE-2020-6287) that can lead to total compromise of vulnerable SAP installations by a remote, unauthenticated attacker.

Read More »

Twitter’s bad, no good Wednesday. US has been on the offense in cyberspace. Cozy Bear targets COVID-19 vaccine research.

By the CyberWire staff Twitter’s bad, no good Wednesday. Twitter sustained a major hack Wednesday afternoon in which a number of high-profile, verified Twitter accounts began posting bitcoin scams. The accounts affected included those belonging to Joe Biden, Barack Obama, Elon Musk, Jeff Bezos, Bill Gates, Apple, Uber, Kanye West, Kim Kardashian, Warren Buffet, and Michael Bloomberg, as well as the Twitter accounts used by major cryptocurrency exchanges and sites (Gemini, Coinbase, Binance, KuCoin, TRON Foundation, CoinDesk). Twitter said the attack was the result of “what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.” In response, the social media platform restricted the… Source link

Read More »

Adobe eliminates four critical bugs

Adobe Systems on Patch Tuesday issued fixes for 13 vulnerabilities — four critical — spread out among five products, including Download Manager, ColdFusion, Genuine Service, Media Encoder and the Creative Cloud Desktop Application. Download Manager 2.0.0.518 for Windows contains a command injection flaw (CVE-2020-9688), that can cause arbitrary code execution. Discovered by researcher Dhiraj Mishra, the bug has been repaired with the release of version 2.0.0.529. Two more critical vulnerabilities that can result in arbitrary code execution were found in Media Encoder 14.2 and earlier versions for Windows. Discovered by the Trend Micro Zero Day Initiative and fixed in version 14.3, the bugs (CVE-2020-9650, CVE-2020-9646) are caused by an out-of-bounds write… Source link

Read More »

July 2020 Patch Tuesday: Microsoft plugs wormable Windows DNS Server RCE flaw

On this July 2020 Patch Tuesday, Microsoft has plugged 18 critical and 105 high-severity flaws, Adobe has delivered security updates for ColdFusion, Adobe Genuine Service, Adobe Download Manager, Adobe Media Encoder and Adobe Creative Cloud Desktop Application, and Oracle is set to deliver fixes for 433 vulnerabilities. Microsoft’s updates For the fifth month in a row, Microsoft has fixed over 100 CVE-numbered vulnerabilities: 123, to be precise. First and foremost, one of the fixed vulnerabilities has been especially singled out: CVE-2020-1350, a “wormable” remote code execution flaw in the Windows DNS Server service that affects all Windows Server versions. The vulnerability could be exploited to achieve unauthenticated code execution at the level of Local System… Source link

Read More »

Microsoft July 2020 Patch Tuesday: 123 vulnerabilities, 18 Critical!

Tag CVE ID CVE Title Severity .NET Framework CVE-2020-1147 .NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability Critical Azure DevOps CVE-2020-1326 Azure DevOps Server Cross-site Scripting Vulnerability Important Internet Explorer CVE-2020-1432 Skype for Business via Internet Explorer Information Disclosure Vulnerability Important Microsoft Edge CVE-2020-1433 Microsoft Edge PDF Information Disclosure Vulnerability Important Microsoft Edge CVE-2020-1462 Skype for Business via Microsoft Edge (EdgeHTML-based) Information Disclosure Vulnerability Important Microsoft Graphics Component CVE-2020-1355 Windows Font Driver Host Remote Code Execution Vulnerability Important Microsoft Graphics Component CVE-2020-1468 Windows GDI Information… Source link

Read More »

Adobe Discloses Critical Code-Execution Bugs in July Update – Threatpost

The software giant released patches for four critical vulnerabilities and five different platforms. Adobe has released its scheduled July 2020 security updates, covering flaws in five different product areas: Creative Cloud Desktop; Media Encoder; Download Manager; Genuine Service; and ColdFusion. Four of the bugs are rated critical in severity, with the others ranked as important. Most of the important flaws involve privilege escalation, with the critical bugs opening the door to more dangerous attacks. “Updates to both Adobe Download Manager and Media Encoder address critical vulnerabilities (CVE-2020-9688, 9646, and 9650) that could lead to arbitrary code execution,” Justin Knapp, product marketing manager at Automox, told… Source link

Read More »

Adobe fixes critical bugs in Creative Cloud, Media Encoder

Adobe has released security updates to address four critical vulnerabilities that could allow attackers to execute arbitrary code and write arbitrary files on Windows devices running vulnerable versions of Creative Cloud, Adobe Download Manager, and Adobe Media Encoder. The rest of the total of 13 security flaws patched today security issues could lead to privilege escalation via Lack of Exploit Mitigations, insecure file permissions, DLL search-order hijacking, insecure library loading, and symlink vulnerabilities, and an out-of-bounds read that can enable attackers to gain access to information beyond their permissions. These important severity vulnerabilities were found in Adobe ColdFusion and Adobe Genuine Service, and they affect both Windows and macOS devices running… Source link

Read More »

Cornerstone Avows iBank Security As Adobe Alleges ‘Potential Risks’ In Suit – The Beat

Please enter a valid email address and click ‘Submit’. The entered E-mail was address not found. Please enter your email address below to receive an email with instructions for resetting your Password. Send Email E-mail address successfully verified. Your Password reset instructions have been e-mailed to you and should arrive shortly. If you do not receive the email shortly, be sure to check your junk email settings to allow emails from the address [email protected] If you have any questions or problems, please contact our Customer Care… Source link

Read More »

Phillips adds SPEE3D Additive Manufacturing capabilities to US Army’s Rock Island Arsenal

SPEE3D’s LightSPEE3D machine uses Cold Spray Additive Manufacturing technology to fuse powders without volatile gases or heat sources (Courtesy SPEE3D) Phillips Federal, a division of Phillips Corporation, Hannover, Maryland, USA, has added the metal Additive Manufacturing technologies of SPEE3D, Melbourne, Australia, to support its Public Private Partnership (P3) and Additive Manufacturing programmes at the US Army’s Rock Island Arsenal (RIA). SPEE3D machines use Cold Spray Additive Manufacturing, working on a cold fusion principle where compressed air is used to fuse powders, meaning no volatile gases or heat sources are required to bond layers together. In recent Australian Army field trials, the company’s LightSPEE3D and WarpSPEE3D… Source link

Read More »

Embassy Theatre’s Summer Nights goes virtual and in-person for 2020 season

FORT WAYNE, Ind. (WANE) – Embassy Theatre’s Summer Nights will be streaming their Wednesday night concerts as a way to overcome the limit of 45 in-person patrons for the remainder of the summer. The 2020 Summer Nights concert series at Embassy Theatre runs every Wednesday night from 5 p.m. – 9 p.m. through September 9. The series hosts musical performances by area artists and has food catered by Shigs In Pit for the entire summer. There is a cash bar available. For those who wish to attend in person, tickets are $5 each and can be purchased through the STAR Bank box office by calling 260-424-5665 or through ticketmaster.com. Due to social distancing regulations, only 45 tickets will be sold for each show. For those who wish to stream the concerts, free live… Source link

Read More »