Adobe has released security updates to address four critical vulnerabilities that could allow attackers to execute arbitrary code and write arbitrary files on Windows devices running vulnerable versions of Creative Cloud, Adobe Download Manager, and Adobe Media Encoder.
The rest of the total of 13 security flaws patched today security issues could lead to privilege escalation via Lack of Exploit Mitigations, insecure file permissions, DLL search-order hijacking, insecure library loading, and symlink vulnerabilities, and an out-of-bounds read that can enable attackers to gain access to information beyond their permissions.
These important severity vulnerabilities were found in Adobe ColdFusion and Adobe Genuine Service, and they affect both Windows and macOS devices running unpatched software versions.
Adobe advises users to update the vulnerable apps to the latest versions to block attacks attempting to exploit unpatched installations.
Read more »
SAP patched a critical vulnerability affecting over 40,000 customers and found in the SAP NetWeaver AS JAVA (LM Configuration Wizard) versions 7.30 to 7.50, a core component of several solutions and products deployed in most SAP environments.
The RECON (short for Remotely Exploitable Code On NetWeaver) vulnerability is rated with a maximum CVSS score of 10 out of 10 and can be exploited remotely by unauthenticated attackers to fully compromise unpatched SAP systems according to Onapsis, the company that found and responsibly disclosed RECON to the SAP Security Response Team.
RECON is introduced due to the lack of authentication in an SAP NetWeaver AS for Java web component allowing for several high-privileged activities on the affected SAP system. Read more »
Σε Ευρωπαικά δημοσιεύματα φαίρεται να έχουν εντοπιστεί ψεύτικα διαδικτυακά καταστήματα που εισβάλλουν στο Διαδίκτυο με πλαστοπροσωπίες δημοφιλών εμπορικών εταιρειών. Παρακάτω εμφανίζεται ένας πίνακας που περιλαμβάνει τους κακόβουλους τομείς προκειμένου να αποτραπεί η απάτη των χρηστών του Διαδικτύου.
Read more »
Hackers in the Evilnum group have developed a toolset that combines custom malware, legitimate utilities, and tools bought from a malware-as-a-service (MaaS) provider that caters for big fintech threat actors.
The group has been active since at least 2018 and focuses on companies from the financial technology sector that offer trading and investment platforms.
Taking a shortcut
Its targets are both companies and their customers, the objective being to steal financial information. An investigation into Evilnum’s activity from cybersecurity company ESET reveals that they’re looking for the following type of data:
- spreadsheets and documents with investment and trading operations
- internal presentations
- licenses and credentials for trading software
- cookies and session info from Google Chrome
- email logins
- customer credit card data and proof of identity
Read more »