Firefox Vulnerabilities

CVE-2020-6819 and CVE-2020-6820 allowed unauthenticated attackers to trick potential victims into visiting a maliciously crafted website to be able to execute arbitrary code on devices running unpatched versions of Firefox.

Source: Bleeping Computer

How do you protect yourself?

All users who use Firefox should install the latest version of Firefox 74.01, which has been patched. Mozilla released Firefox 74.0.1 and Firefox ESR 68.6.1 earlier to address these two critical vulnerabilities that were actively used by threat actors against vulnerable machines. 

CVE-2020-11548

The Search Meter plugin for WordPress through the latest version 2.13.2 allows user input within the search bar to become a formula. The attacker can achieve remote code execution via this method.

Source: National Vulnerability Database

How do you protect yourself?

This plugin hasn’t been updated for the last three major releases of WordPress, and it is advised you deactivate the plugin right away and look for alternative solutions.

Fake Zoom installers

Threat actors have distributed several different versions of Zoom client installers, which look legitimate, however, now officially from Zoom. These clients are bundled with malware such as Coinminers, Remote Access Trojans, and Adware Bundles.

Source: Bleeping Computer

How do you protect yourself?

You should always install software from the vendor directly to prevent accidentally using fake installers. If a fake installer is downloaded, ensure your computer is protected with endpoint protection, for example, Secure IT – Endpoint.