Published: October 23rd, 2020
Install these important software patches fast from major software distributors.
Welcome to Cyber Security Today. It’s Friday October 23rd. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. To hear the podcast click on the arrow below:
You might call this the update edition, because so much of the news deals with just-released security fixes.
Attention Chrome browser users: Google released a patch to fix several high severity vulnerabilities. You need to update the browser now. Often there’s a warning icon in the top right, but if there isn’t click on the three dots on the right, go to Help and then About Google Chrome.
Attention users of mobile browsers including Safari, Opera, Yandex, Bolt, UCWeb and RITS. Make sure you’re running the latest versions. Security researchers have discovered bugs that allow hackers to spoof the address bar in those browsers. As you know, the small screen on a smartphone makes it hard to verify if a website is real, so the ability of hackers to spoof an address is a good weapon for them — and bad for you. So far UCWeb, Opera Touch, Yandex, and Safari have issued fixes. A fix for Opera Mini is expected November 11th. Bolt Browser isn’t fixed yet.
If you use a QNAP network-attached storage device as a domain controller, make sure you update the operating system and all installed apps. Otherwise you could be vulnerable to a vulnerability called Windows Zerologon.
Cisco Systems is urging administrators whose organizations use its routers that run the IOS XR operating system to make sure they have the latest software. This is to fix a bug that exploits the Cisco Discovery Protocol. The fix for this has been around since February, so there’s no reason not to have it installed by now.
Attention Adobe users: The company has released security updates for its major products that need to be installed as soon as possible. These include Photoshop, Dreamweaver, Illustrator, After Effects, Marketo, Creative Cloud Desktop, InDesign, Media Encoder and Premiere Pro
Finally, last week I told you about a cyber attack on bookseller Barnes and Noble. This week a ransomware gang called Egregor has told the Bleeping Computer news service that it is behind the attack. It claims corporate financial files were copied and is threatening to release them unless they are paid.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals.
Later this afternoon we’ll release the Week In Review podcast, with guest analyst Terry Cutler of Cyology Labs. Tune in on your way home, or on the weekend.
Cyber Security Today is heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.