Microsoft Teams GIF Vulnerability

A vulnerability has been identified in Microsoft Teams that involved a simple GIF image. For the attack to work, the victim had only to view the malicious GIF, which illustrated Donald Duck character sweeping a row of Mickey Mouse toys. The attackers were then able to steal data from specific systems and have access into the company’s Teams accounts.

Source: Info Security

How do you protect yourself?

Microsoft has already corrected this vulnerability by updating misconfigured DNS records, thus mitigating the problem.

PhantomLance

A new spyware campaign has been identified and has been ongoing for 4 years. Named PhantomLance by Kaspersky, this spyware is distributed by dozens of Android apps available on Google Play (in addition to other points of sale). The attack implements high levels of encryption, in addition to being able to download and execute additional malicious payloads that would be suited to the specific environment of the device.

Source: ZD Net

How do you protect yourself?

Kaspersky reported his findings to Google that has since removed the malicious apps from the Play Store.

Critical Adobe Illustrator, Bridge and Magento Flaws

Critical flaws were detected in several Adobe tools, namely Illustrator, Bridge and Magento. These critical flaws include a stack-based buffer overflow flaw (CVE-2020-9555), heap overflow bugs (CVE-2020-9562, CVE-2020-9563), memory corruption glitch (CVE-2020-9568) and use-after-free vulnerabilities (CVE-2020-9566, CVE-2020-9567). Also included are critical out-of-bounds write flaws (CVE-2020-9554, CVE-2020-9556, CVE-2020-9559, CVE-2020-9560, CVE-2020-9561, CVE-2020-9564, CVE-2020-9565, CVE-2020-9569). All of these could be exploited remotely by an attacker, allowing arbitrary code execution.

Source: The Hacker News

How do you protect yourself?

Users need to update to the latest version of the software.