Cyber Weekly Digest - Week #18

An interesting week for the cybersecurity world as privacy concerns over the COVID-19 crisis continues to dominate the media. On the other hand, some vulnerabilities have been discovered and patched while a university thought it was a good idea to hide a cyber breach. Let us go and see what happened.


1. Adobe has released security patches this week fixing 21 critical issues with Illustrator 2020 and Bridge. There is no indicator that the vulnerabilities are exploited in the wild; nevertheless, users are encouraged to patch their systems as soon as possible.


2. Wordfence researchers discovered a bug in the "real-time find and replace" WordPress plugin that could allow hackers to create rogue admin accounts on over 100,000 sites. Attackers can trigger the issue by injecting malicious JavaScript code into the pages of their malicious websites and tricking WordPress admins into clicking on them to execute the code. The vulnerability was assigned a score of 8.8, and WordPress has released a patch to fix the problem.

3. On other news, Warwick University was reportedly hacked last year, but the IT services of the university decided to keep it a secret. The hack came after a staff member installed a vulnerable remote viewing software, allowing attackers to steal sensitive personal information of students and staff. The cybersecurity protection of the university was so weak that it was impossible to identify what data had been stolen. Following the event, some measures were taken to enhance the university's cybersecurity; but the administration has still not given any formal acknowledgement of the event.


4. Microsoft Teams has received a patch this week fixing a vulnerability that if exploited, can enable an attacker to overtake a company's Teams accounts. The Israeli infosec outfit Cyberarc discovered the issue and were able to compromise the platform using a specially modified GIF image. Since remote conferencing is at its peak at this time and Teams is one of the most popular media for that, we recommend everyone to keep their software up to date.


5. A worrying research was released this week by Bitdefender analysing the emergence of insider threats as one of the most fearful in cybersecurity. With the number of attacks and the cost of each incident going up, it is now more crucial than ever for companies to safeguard their data from their own employees. Even when security training and awareness programs are in action, the likelihood of workers accessing and sharing confidential information keeps increasing.


6. As the Coronavirus epidemic continues, GCHQ has now acquired the power to access any information necessary to ensure the security of the networks and information systems of the health services. A spokesman for the GCHQ said that "We have no desire to receive any patient data." This development will surely add fuel to the already existing privacy concerns around the handling of the COVID-19 pandemic with the use of contact tracing apps.

11 views