BACKGROUND
A Remote Code Execution vulnerability has been identified in MS Teams desktop app which can be triggered by a novel XSS (Cross-Site Scripting) injection in teams.microsoft.com. A specifically crafted chat message can be sent to any Microsoft Teams member or channel which will execute arbitrary code on a victim PC's with NO USER INTERACTION.
BACKGROUND
Three high-severity security update patches for Cisco appliances have been released, which affects Webex Teams for Windows (CVE-2020-3535), its Identity Services Engine (CVE-2020-3467), and Video Surveillance 8000 Series IP Cameras (CVE-2020-3544).
IMPACT
CVE-2020-3467
Allow the attacker to modify parts of the configuration using authenticated user. The modified configuration could either allow unauthorized devices onto the network or prevent authorized devices from accessing the network
BACKGROUND
WhatsApp users have reportedly been receiving spam messages from a foreign phone number, informing that their WhatsApp number was selected to win a prize. Users who block the sender's number would then have their WhatsApp account suspended for a certain period of time. Once their account is recovered, previous chat conversations might be lost if the user has not backed up their chats.
IMPACT
BACKGROUND
A way for employees to access corporate devices is by using Remote Desktop Protocol (RDP). Remote Desktop is a remote management tool which allows you to connect to any computer and take over the desktop. It’s like you are sitting and looking at your own computer, only remotely. It is highly used especially during this pandemic situation, for those who have moved to work from home. If poorly configured, it might be vulnerable to attacks.
IMPACT
Background
There is an increasing number of reports from local Instagram users who have been receiving direct messages (DM) from an unfamiliar account claiming to be an “old friend” who would like to share some old photos.