Weekly cyber news update

Two patches required for Adobe users

Adobe have advised all users to install their monthly security update. This is generally aimed at users of Adobe Illustrator CC and Adobe experience Manager. Several vulnerabilities have been found and require patching, if exploited, one of the vulnerabilities allows for arbitrary code execution.

Further information can be found at Security Bulletins and Advisories.

Three major security fixes required for Microsoft

January 2020 saw Microsoft release its security fixes which include three more remote-code-execution vulnerabilities in Redmond's Windows Remote Desktop Protocol software. Two of the flaws (CVE-2020-0609, CVE-2020-0610) are present on the server side in RD Gateway – requiring no authentication – while a third (CVE-2020-0611) is found on the client side.

  • Software security updates include:
  • Microsoft Windows
  • Internet Explorer
  • Microsoft Office and Microsoft Office Services and Web Apps
  • ASP.NET Core
  • .NET Core
  • .NET Framework
  • OneDrive for Android
  • Microsoft Dynamics

More information can be found on Microsoft’s latest release notes.

Travelex cyber-attack

Banks are still unable to use Travelex to run their foreign exchange services after the cyber-attack on New Year’s Eve.

Banks like Barclays, Lloyds and RBS have been affected after hackers, Sodinokibi, locked the Travelex systems and are now demanding £4.6m.

Sodinokibi are threatening to release 5GB of customers’ personal data – including social security numbers, dates of birth and payment-card information – into the public domain unless the company pays up.

Although Travelex have advised they are making good progress, their global company have had to resort to using pens and paper to ensure their customers receive invoices they require.  

Officers from the Metropolitan Police are leading the investigation into the attack and the Information Commissioner’s Office (ICO) have been in contact with Travelex to advise on “potential personal data issues”.

Further information can be found on Travelex’s corporate website.

TikTok fixes flaws following vulnerability report

TikTok, a musical app used by over a billion users, has been advised of a serious security flaw that could leave users vulnerable to hackers.

Cyber security firm, Check Point Research, found multiple vulnerabilities. Researchers were able to manipulate code to mess with accounts' contents, delete and upload videos without the account owner's consent, make previously "hidden" videos public, and access personal information like email addresses.

Check Point Research informed TikTok developers about the vulnerabilities and a solution was responsibly deployed to ensure its users can safely continue using the app.

Further information can be found on Check Point Research’s page on the exploits.

 

Microsoft news