Learning from 6 Focus Threats in May 2020
The threat update from Accelerate provides a consolidated monthly summary of recent business threats that you need to be vigilant for. We are continuously monitoring the emerging threats, vulnerabilities and breaches from key industry security organisations, such as NCSE and Fortilabs. In this month’s threat summary:
- Multiple Vulnerabilities found in Google Chrome Browser
- SAP says 7 cloud products not currently up to security standards
- New Phishing tactics take advantage of Google Firebase or Microsoft Sway
- Cisco: Critical flaw strikes ‘Call Centre in a box’, patch urgently!
- Microsoft Warns of Vulnerability Affecting Windows DNS Server
- Palo Alto Networks Patches Many Vulnerabilities in PAN-OS
1. Multiple Vulnerabilities found in Google Chrome Browser
Multiple vulnerabilities have been discovered in Google Chrome. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.
All businesses with users of Google Chrome Browser should force an update to all devices.Read More
2. SAP says 7 cloud products not currently up to security standards
SAP SE this week publicly disclosed that seven of its cloud products “do not meet one or several contractually agreed or statutory IT security standards at present,” adding that the ERP software giant is actively taking steps to remediate these issues.
SAP identified the problematic products as SAP Success Factors, SAP Concur, SAP/CallidusCloud Commissions, SAP/Callidus Cloud CPQ, SAP C4C/Sales Cloud, SAP Cloud Platform and SAP Analytics Cloud.Read More
3. New Phishing tactics take advantage of Google Firebase or Microsoft Sway
A series of phishing campaigns using Google Firebase or Microsoft Sway storage URLs have surfaced, showing that cyber criminals continue to leverage the reputation of the big named cloud infrastructure companies to dupe victims and skate by secure email gateways.
The phishing effort starts with spam emails that encourage recipients to click on a legitimate Google Firebase or Microsoft Sway URL inside the email in order to visit promised content. Since it’s using Google or Microsoft Cloud Storage, credential-capturing webpages hosted on the service are more likely to make it through security protections like Secure Email Gateways due to the reputation of the big named providers and the large base of valid users.Read More
4. Cisco: Critical flaw strikes ‘Call Centre in a box’, patch urgently!
Mid-Size organizations using Cisco’s call-centre platform, Unified Contact Centre Express (Unified CCX), should update the software urgently, Cisco has warned.
The company has released updates for the Unified CCX platform to address a critical deserialization vulnerability in its Java-based remote management interface, which could allow a remote attacker without credentials to install malware on the device.Read More
5. Microsoft Warns of Vulnerability Affecting Windows DNS Server
Microsoft has released a security advisory addressing a vulnerability affecting Windows DNS Server. Successful exploitation of the flaw could lead to a denial-of-service attack, officials report.Read More
6. Palo Alto Networks Patches Many Vulnerabilities in PAN-OS
Palo Alto Networks this week informed customers that it has patched over two dozen vulnerabilities in PAN-OS, the software that runs on the company’s next-generation firewalls.
One of the most serious of the flaws has a CVSS score of 9, and which allows an attacker with access to the Panorama management system’s interface to gain privileged access to managed firewalls.Read More