Security news weekly round-up - 23rd October 2020

ziizium

Habdul Hazeez

Posted on October 23, 2020

Security news weekly round-up - 23rd October 2020

Cover photo by Jazmin Quaynor on Unsplash.

This week it's mostly about bugs and vulnerabilities.


Watch out for Emotet malware's new 'Windows Update' attachment

Emotet is a malware that spreads via malicious Microsoft Word and Excel documents. It has been on vacation for a while now, but it's back with a new infection tactic.

Excerpt from the article:

With its return to activity, Emotet switched to a new template that pretends to be a message from Windows Update stating that Microsoft Word needs to be updated before the document can be viewed.

Hackers hijack Telegram, email accounts in SS7 mobile attack

SS7 is a signalling system developed in 1975. Now, attackers are leveraging it to attack email and Telegram accounts.

Excerpt from the article:

Hackers with access to the Signaling System 7 (SS7) used for connecting mobile networks across the world were able to gain access to Telegram messenger and email data of high-profile individuals in the cryptocurrency business.

The attack occurred in September and targeted at least 20 subscribers of the Partner Communications Company (formerly known as Orange Israel), all of them involved at a higher level in cryptocurrency projects.

Adobe fixes 18 critical bugs affecting its Windows, macOS apps

The title says it all.

Excerpt from the article:

Adobe has released security updates to address critical vulnerabilities affecting ten of its Windows and macOS products that could allow attackers to execute arbitrary code on devices running vulnerable software versions.

New Chrome 0-day Under Active Attacks – Update Your Browser Now

If you are using Chrome, kindly update your browser.

Excerpt from the article:

Tracked as CVE-2020-15999, the actively exploited vulnerability is a type of memory-corruption flaw called heap buffer overflow in Freetype, a popular open source software development library for rendering fonts that comes packaged with Chrome.

The vulnerability was discovered and reported by security researcher Sergei Glazunov of Google Project Zero on October 19 and is subject to a seven-day public disclosure deadline due to the flaw being under active exploitation.

Popular Mobile Browsers Found Vulnerable To Address Bar Spoofing Attacks

Address Bar Spoofing is the alteration of a browsers address bar to display a legitimate address. Currently, most mobile browsers are vulnerable to this attack as discovered by Rafay Baloch.

Excerpt from the article:

The issue stems from using malicious executable JavaScript code in an arbitrary website to force the browser to update the address bar while the page is still loading to another address of the attacker's choice.

XSS Vulnerability Exploited in Tech Support Scam

The title says it all.

Excerpt from the article:

The scam starts with malicious bit.ly shortened links that are being distributed on the social media platform, and which ultimately take the intended victims to a browser locker page. According to Malwarebytes, certain games and applications on Facebook appear to be abused for the distribution of these links.

New Framework Released to Protect Machine Learning Systems From Adversarial Attacks

When a technology is gaining wide adoption and usage like Machine Learning systems, someone needs to protect them.

Excerpt from the article:

Just as artificial intelligence (AI) and ML are being deployed in a wide variety of novel applications, threat actors can not only abuse the technology to power their malware but can also leverage it to fool machine learning models with poisoned datasets, thereby causing beneficial systems to make incorrect decisions, and pose a threat to stability and safety of AI applications.


That's it for this week, I'll see you next Friday.

πŸ’– πŸ’ͺ πŸ™… 🚩
ziizium
Habdul Hazeez

Posted on October 23, 2020

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related