The vulnerabilities found in the multiple adobe products affects versions 20.1 and earlier version of adobe classics, 13.0.6 and earlier versions of the Adobe Audition, 1.5.12 and earlier versions of the adobe premiere rush, 14.2 and earlier versions of adobe premiere pro, 24.1.2 and earlier versions of adobe illustrator, and 171 and earlier versions of adobe after effects.
The vulnerabilities allow an attacker who can connect to the "request server" port to bypass all authentication and authorization controls and publish arbitrary control messages, read and write files anywhere on the "master" server filesystem and steal the secret key used to authenticate to the master as root. The impact is full remote command execution as root on both the master and all minions that connect to it. The vulnerabilities are of two different classes. One being authentication bypass where functionality was unintentionally exposed to unauthenticated network clients, the other being directory traversal where untrusted input (i.e. parameters in network requests) was not sanitized correctly allowing unconstrained access to the entire filesystem of the master server.
During an internal security testing of the Cisco Meetings Desktop App (Webex), it was discovered that the application has a vulnerability that is due to improper validation of inputs supplied to the application’s URLs which if exploited can allow attacker to cause the Webex application to execute other programs that are already present on the end-user system. This vulnerability affects Cisco Webex Meetings Desktop App releases earlier than Release 39.5.12. However, Cisco has released software updates that address this vulnerability.
The EvilQuest ransomware is discovered to encrypt the user's files as soon as it's executed. Once the file encryption scheme ends, a popup is shown to the user, letting the victim know they've been infected and their files encrypted. Then the victim is directed to open a note in the form of a text file that has been placed on their desktop. After the encryption process ends, the ransomware installs keylogger to record all the user’s keystrokes, open a reverse shell on the target computer so that the attacker can continue to access it and steal sensitive information users enter with the keyboard. Those capabilities could allow attackers "full control over an infected host. EvilQuest appears to be solely distributed through torrenting websites and pirated versions of macOS software. Researchers have found it also bundled in a package called Google Software Update, while others have seen it hidden in pirated versions of DJ app Mixed In Key, Ableton Live and security tool Little Snitch. The malware is also able to see whether a system is running in a virtual machine, whether there are security and antivirus solutions running on the system, and to implement several persistence tricks.
The reported vulnerabilities is said to affect the Cisco Small Business RV110W, RV130, RV130W and RV215W routers, and Cisco Prime License Manager. This vulnerabilities are as a result of the following:
The Active Ransomware Campaign is a well-crafted and sophisticated ransomware attacks said to be a result of weak authentication, non-use of multi-factor authentication, and unpatched software. Once access is gained to a network through a remote access system, tools such as mimikatz, psexec, and Cobalt Strike is used to escalate privileges, move through the network and establish persistence on the network.
