National CSIRT-CY | National Computer Security Incident Response Team of Cyprus

The Cybersecurity and Infrastructure Security Agency (CISA) today asked all U.S. federal executive branch departments and agencies to mitigate the critical SIGRed Windows DNS Server wormable remote code execution (RCE) vulnerability within 24 hours.

Cisco today has released security updates to address critical remote code execution (RCE), authentication bypass, and static default credential vulnerabilities affecting multiple router and firewall devices that could lead to full device takeover.

Adobe has released security updates to address four critical vulnerabilities that could allow attackers to execute arbitrary code and write arbitrary files on Windows devices running vulnerable versions of Creative Cloud, Adobe Download Manager, and Adobe Media Encoder.

The July 2020 Patch Tuesday updates for Windows 10 version 2004 and later are now rolling out and you can download and install the latest security fixes by checking for updates in the Settings.

SAP patched a critical vulnerability affecting over 40,000 customers and found in the SAP NetWeaver AS JAVA (LM Configuration Wizard) versions 7.30 to 7.50, a core component of several solutions and products deployed in most SAP environments.

Σε Ευρωπαικά δημοσιεύματα φαίρεται να έχουν εντοπιστεί ψεύτικα διαδικτυακά καταστήματα που εισβάλλουν στο Διαδίκτυο με πλαστοπροσωπίες δημοφιλών εμπορικών εταιρειών.  Παρακάτω εμφανίζεται ένας πίνακας που περιλαμβάνει τους κακόβουλους τομείς προκειμένου να αποτραπεί η απάτη των χρηστών του Διαδικτύου.

Hackers in the Evilnum group have developed a toolset that combines custom malware, legitimate utilities, and tools bought from a malware-as-a-service (MaaS) provider that caters for big fintech threat actors.

• citrix
• code-injection
• data-theft