It’s that time of the month when security vendors and software companies are rolling out a huge number of security patches to address critical- to medium-severity vulnerabilities. Joining this month’s edition of bug fixes are Microsoft, Adobe, and SAP. While Microsoft has addressed around 86 vulnerabilities, Adobe has issued fixes for 59 security flaws affecting its multiple products. Meanwhile, SAP’s Security Patch Day includes 17 security advisories for several vulnerabilities ranging from code injection to unrestricted file upload issues.
Even industrial giants such as Siemens and Schneider Electric released a total of two dozen advisories covering roughly 100 vulnerabilities impacting their products. On the not-so-bright-side, ZLoader trojan was spotted in a targeted campaign launched via fake Google Ads.
Top Breaches Reported in the Last 24 Hours
Probe into T-Mobile data breach
The attorney general of Massachusetts has announced a probe into the recent data breach incident at T-Mobile. The incident had exposed names, addresses, birth dates, phone numbers, Social Security numbers, driver’s license numbers, and other personal details of subscribers.
Krita app targeted
Krita, an open-source digital painting application, has become the latest victim of ransomware attacks. The attackers took undue advantage of the platform to spread malware among users via emails offering revenue.
Top Malware Reported in the Last 24 Hours
ZLoader is back
The ZLoader banking trojan is back in a new targeted campaign that relies on fake Google advertisements for propagation. In order to launch the attack stealthily, the attackers use a mechanism to disable all Windows Defender modules on victim machines. The campaign is currently targeted against users in Australia.
Top Vulnerabilities Reported in the Last 24 Hours
Adobe fixes 59 flaws
Adobe issued security updates for 59 flaws affecting its core products, including Acrobat Reader, XMP Toolkit SDK, and Photoshop. These flaws can allow adversaries to execute arbitrary code on unpatched versions. Out of these, 36 are rated critical.
SAP issues 17 advisories
SAP Security Patch Day saw the release of 17 security notes for several vulnerabilities affecting its products. Some of these advisories are related to an SQL injection vulnerability, unrestricted file upload vulnerability, and a code injection flaw affecting some of its products.
Fixes issued by Siemens and Schneider Electric
Industrial giant Siemens and Schneider Electric have released security fixes for around 100 vulnerabilities affecting their products. Around 80 of these vulnerabilities are found affecting Siemens products. One of these is related to FragAttack flaws.
Microsoft releases over 80 security fixes
Microsoft has released over 80 security fixes for different vulnerabilities, including a remote code execution flaw in MSHTML. The range of affected products includes Azure Open Management Infrastructure, Azure Sphere, Office Excel, PowerPoint, Word, and Access; the kernel, Visual Studio, Microsoft Windows DNS, and BitLocker, among others. Additionally, the firm has issued a security update for the last remaining PrintNightmare zero-day vulnerabilities that can allow attackers to gain administrative privileges.