Cyber Weekly Digest - Week #29

Updated: Jul 23, 2020

A lot of news in the cybersecurity world this week, with Microsoft, Google and Oracle all releasing patches for their products while high-profile individuals saw their Twitter accounts compromised. Let's take a look to see what happened.


1. Patch Tuesday this week for Microsoft with 123 security holes patched in Windows and related software including a critical flaw resiting in Windows Servers. If exploited the vulnerability can allow malicious attackers to install malicious software by merely sending a specially crafted DNS request. As Microsoft states, the critical flaw is very likely to be exploited soon and urges all users to update their systems.

2.Moving on to another patch, this time, Google has released a new version of Chrome, Chrome 84. The latest version contains 38 security bug fixes as well as new additions to Chromes developer tools and Web API; including a new animations control system in the form of the new Web Animations API, some experimental features such as Wake lock API, the Idle Detection API and the Content Indexing API. Moreover, the latest release is the first Chrome version to block notification popups on websites that are known to abuse this feature, something that has already been included in Firefox browsers since last year.


3.Coming back to Huawei news, as UK's mobile providers are being banned from buying new Huawei 5g equipment after December 31. To make things worse for the Chinese giant, the UK government wants all existing Huawei equipment to be replaced by 2027. As stated by Digital Secretary Oliver Dowden, the cumulative cost of the moves against Huawei would be up to £2bn, and a total delay to 5g rollout of two to three years.


4. Another big news article this week was the massive hack on high-profile Twitter accounts. Apple, Elon Musk and Joe Biden were among the accounts compromised in a broadly targeted hack. The attackers seem to have leveraged an internal Twitter admin tool to gain access to high profile accounts. As Twitter has reported, attackers gained access to that tool by social engineering attacks on their internal employees.

5. More vulnerability fixes this week, with Oracle this time patching an astonishing 443 security flaws. What is more extraordinary than the number of bugs fixed is 100 vulnerabilities with a CVSS score above 9. The most severe security flaws are remotely exploitable and have a CVSS score of 10. The company released a statement underlying the importance of applying the available patches as soon as possible to avoid future exploitation.


2 views