Adobe has released emergency updates to address critical vulnerabilities in multiple products including Photoshop, Bridge and Prelude. The vulnerabilities could be used by an attacker to gain access to unpatched systems. Additional Info https://threatpost.com/critical-adobe-photoshop-flaws-patched-in-emergency-update/157581/
A private security researcher discovered two bugs affecting Windows 10 and Windows Server 2019 that can allow a remote attacker to take remote control of a computer if a user opens a specially crafted image. The bug was reported to Microsoft and updates to fix the bugs were issued earlier today. Additiinal information is available here .
Executive Summary The December 2019 updates include a number of important updates from Microsoft and Adobe including a number of zero day vulnerabilities that are being actively exploited by threat actors. Organizations evaluate the updates and patch vulnerable systems as soon as feasible. These updates also mark the next-to-the-last updates available for Windows 7 and Windows Server 2008. News Holiday Schedule - Cyber Tech Cafe will be closed for Christmas and New Year to enjoy time with friends, family and loved ones. Any support requests received during the holiday will be prioritized and responded to on the next business day.Christmas - Closed Tuesday, 24 December and Wednesday, 25 December.New Year - Closed Wednesday, 1 January 2020.DC770 - Cyber Tech Cafe is a proud supporter and co-sponsor of the DC770 DEF CON group…
According to this article from BleepingComputer.com, researchers found two vulnerabilities in Google Chrome that could allow a remote attacker to execute arbitrary code (e.g., run malware) on an affected machine. Google has confirmed that at least one of the vulnerabilities is already being exploited in the wild. Google has released an update to address these vulnerabilities that should be installed as soon as possible. Clients taking advantage of the Cyber Tech Cafe MyIT program should already have the update but should restart Google Chrome to ensure that it has been installed.
A new zero day vulnerability has been discovered in the Google Chrome browser that could allow arbitrary code execution on vulnerable systems. Details are scarce at this time (details below) but the short story is that users running Google Chrome versions prior to 76.0.3809.132 should patch now. Cyber Tech Cafe MyIT clients should already have the updates but are encouraged to restart Google Chrome (or reboot) to ensure that the updates are applied. Additional information on our MyIT program is available here. The issue is being tracked under CVE-2019-5869Additional details are available here