Security Wrap-Up (November 17th, 2020)

Happy Tuesday, all - hope you had a great weekend! We’re back with some security highlights, so let’s get right into it -

Patch Tuesday, November 2020
As always, Krebs on Security has put together a breakdown of highlights from this month’s Patch Tuesday. Adobe and Microsoft both released a number of updates on November 10th to plug critical security holes, with Microsoft including fixes for 112 separate flaws, including one zero-day vulnerability already being exploited to attack Windows users. 17 of the 112 issues involve “critical” problems, with most of the rest assigned the rating “important.” Adobe’s release included updates to plug at least 14 security holes in Adobe Acrobat and Reader.

Cisco patches critical flaw after PoC exploit code release
Within Cisco Security Manager, enterprise administrators have the ability to enforce various security policies, troubleshoot security events, and manage a wide range of devices. With a new vulnerability (CVE-2020-27130), remote, unauthenticated attackers could gain access to sensitive data on affected systems. The flaw has a CVSS score of 9.1 out of 10, making it critical. This flaw affects Cisco Security Manager releases 4.21 and earlier; the issue is fixed in Cisco Security Manager Release 4.22.

Homeland Security (CISA) confirms Google Chrome attacks are underway
Within three short weeks, Google has patched no fewer than five potentially dangerous vulnerabilities in the Chrome web browser, with all being zero-day vulnerabilities. With the sudden influx of issues, the CISA has advised users to update Google Chrome as soon as possible.

How security researchers learn to think like the bad guys
I thought I’d close out this week’s security wrap-up on a more fun note! Security researchers spend a ton of time on the Dark Web/Darknet, gathering intel that can be used to protect organizations from attacks. Researchers will usually need to jump through a significant number of hoops to even access these forums and prove your worthiness by demonstrating your ability to code around a security problem or create malicious software. Check out more in the link above!

What have been some of the most important security updates in your world this past week?

3 Likes