Critical Vulnerabilities in Cisco Webex
The IBM Research team discovered vulnerabilities in the Cisco Webex application, exploitation of which could allow an attacker to join a meeting and eavesdrop on conversations as a "ghost" without being discovered. Vulnerabilities could be exploited if an attacker knows the Webex meeting URL or users' Personal Room. Cisco has already released fixes that are available in the latest version of the product.
Critical vulnerabilities in a number of ICS systems
Technology companies Real Time Automation, Paradox, Sensormatic Electronics and Schneider Electric have warned of critical vulnerabilities in their products. The highest CVSS score of 9.8 out of 10 was for a buffer overflow vulnerability (CVE-2020-251590) in Real Time Automation software.
New attack by the Lazarus faction
ESET researchers have uncovered a new Lazarus supply chain attack using legitimate WIZVERA VeraPort software. WIZVERA VeraPort is designed to integrate and manage installation programs related to Internet banking in South Korea. The attackers compromised several sites that support VeraPort and tampered with the installation packages. The malware was downloaded to the victims' computers by using the WIZVERA VeraPort software flaw when verifying the signature. As a result of the attack, VeraPort downloaded malware unnoticed by users.