Updated: Aug 2, 2020
Another exciting week for the cyber security world, with Adobe and Cisco both releasing patches for their products; Microsoft announced the official retirement date for the insecure TLS versions and Israel's water infrastructure has been attacked once again. Let's take a closer look at what happened.
1. Starting with Adobe, which has issued a total of 12 out-of-band patches this week to fix vulnerabilities in Photoshop, Bridge and Prelude. Some of the flaws fixed have been given a critical rating and can lead to arbitrary code execution in the context of the user. The company reported that no exploits had been seen in the wild for any of the bugs fixed. This statement does not undermine the importance of updating your software.
2. In other news, Microsoft has set the official retirement date for the insecure TLS 1.0 and 1.1 protocols in Office 365 with October 15, 2020. The retirement of the protocol was first announced in 2017, and as Microsoft explained the effect of this change for end-users will be minimal.
3. A new phishing scam has been observed in the UK misleading victims into giving their personal and financial information. The scam, which utilises SMS and Email as the communication routes, pretends to be from Tesco. Moreover, it asks users to follow an unofficial Tesco webpage link and then asking them to pay for a full HD TV at a low price. Unsuspecting individuals can fall into this trap very quickly and even share it with their social network.
4.Moving on to another troubling news from Israel, this time with yet another cyberattack on the country's water infrastructure. The attacks were aimed at agricultural water pumps in the Upper Galilee. As reported by government officials, the attack did not cause any damage, and the situation was quickly taken care of by authorities.
5. Cisco has added patches for 34 bugs this week with the most severe ones having a severity score of 9.8. Successful exploitation of the bugs can result in the execution of arbitrary code as the root user and allow full remote hijacking of the device. As cybersecurity professionals, we are urging users to update their Cisco systems as soon as possible.