Privia Security was chosen as one of Türkiye's fastest growing companies!
Privia Security was chosen as one of Türkiye's fastest growing companies!
Microsoft released critical updates in its April Patch Tuesday. With this update, patches were shared for a total of 113 security vulnerabilities affecting all Windows operating system versions, 17 of them critical and 96 high severity. The critical-severity vulnerabilities reported by Google Project Zero researchers were assessed as zero-days.
The zero-day vulnerabilities tracked as CVE-2020-1020 and CVE-2020-0938 allow an attacker to execute code remotely. The CVE-2020-1020 security flaw stems from the incorrect handling of a specially crafted multi-master font in the Adobe Font Manager library used in Windows systems. The CVE-2020-0938 security flaw occurs during the parsing of a malicious OpenType font that triggers the Adobe Type Manager library. The third zero-day, tracked as CVE-2020-1027, resides in the Windows kernel and enables an attacker to escalate privileges.
With the other updates released, 5 critical bugs affecting Microsoft Office SharePoint were fixed. 4 of the critical bugs result from the software not checking the source marking of an application package and allow an attacker to execute arbitrary code. The other bug, tracked as CVE-2020-0927, allows an unauthenticated attacker to trigger an XSS vulnerability by sending a specially crafted payload to the SharePoint server. In addition, the announcement stated that a privilege escalation vulnerability tracked as CVE-2020-0935 in the OneDrive Desktop application running on Windows systems was also addressed with the released patches. To prevent systems from being compromised by attackers, the latest updates must be installed. To install the latest Windows security updates, you can follow the steps “Settings –> Update&Security –> Windows Update –> Check for updates on your PC”.
Computer manufacturing giant Dell released a new security software intended to protect its customers from cyber attacks targeting the BIOS. It was announced that the security software, named SafeBIOS Events & Indicators of Attack (IoA), is a behaviour-based threat detection system that alerts users when certain changes occur in the BIOS settings of computers.
BIOS (Basic Input Output System) controls input and output devices and enables the operating system to boot. The BIOS is persistent firmware and is stored in ROM. The BIOS software must be protected for the following reasons:
The controls offered with SafeBIOS, developed by Dell, can reduce the security risks arising in the BIOS, and computers containing malware can be placed under quarantine. In the announcement, it was stated that the SafeBIOS tool is currently only available for Dell commercial computers.
Google removed 49 malicious extensions present in the Chrome Web Store. The removed extensions disguised themselves as cryptocurrency wallet extensions and captured the wallet information of users using popular cryptocurrency wallets such as Ledger, Electrum and MyEtherWallet.
By placing advertisements through Google Ads, the attackers ensured that their malicious extensions reached more users. The announcement stated that all 49 removed extensions worked in a similar way.
According to the report prepared by the researchers, the attackers, who used 14 different command-and-control servers, sent the data they obtained from users to PHP scripts on their own sites. The domain names of the command-and-control servers identified by the researchers are as follows:
Another striking point is that 80% of the command-and-control domain names were registered in March and April 2020. You can access the video showing how the malicious extensions work here. To protect yourself from such malicious extensions, you should avoid installing extensions that request many unnecessary permissions. Which permissions the extensions currently installed in Chrome use can be reviewed via the link chrome://extensions/.
Adobe announced this week that it released updates for high-severity security vulnerabilities present in the ColdFusion, After Effects and Digital Editions applications. An attacker exploiting these vulnerabilities can view sensitive data, escalate privileges and carry out DoS attacks.
In the announcement, it was stated that 3 of the detected vulnerabilities reside in the Adobe ColdFusion application. Of the discovered vulnerabilities, CVE-2020-3767 leads to a DoS attack due to insufficient validation of user input, CVE-2020-3768 leads to a DLL Hijacking attack enabling privilege escalation, and CVE-2020-3796 leads to the disclosure of the system file structure due to faulty access control. To remediate the vulnerabilities, ColdFusion 2016 users must install the released Update 15, and ColdFusion 2018 users must install the released Update 9.
In the announcement, it was stated that an information disclosure vulnerability was discovered in the Adobe After Effects application running on Windows systems. This vulnerability, tracked as CVE-2020-3809 and discovered by Matt Powell of the ZDI team, allows unauthorised users to read important files. By making a target user open a malicious file, an attacker can exploit this vulnerability to obtain sensitive information from the target system. To remediate this vulnerability, which affects After Effects 17.0.1 and earlier versions, the application must be upgraded to version 17.0.6. It was also stated that the vulnerability discovered in the Adobe Digital Editions application, tracked as CVE-2020-3798, is an information disclosure vulnerability resulting from the listing of files. To remediate this vulnerability, which affects versions 4.5.11.187212 and earlier, the application must be upgraded to version 4.5.11.187303.
You May Be Interested In These
