Patch/Configuration Management, Vulnerability Management

Adobe patches critical Magento security vulnerabilities

February 3, 2020

Adobe issued an out-of-band security advisory and issued patches for six vulnerabilities, three critical, in its Magento Commerce and Open Source products.

The Adobe products affected are Commerce 2.3.3, Open Source 2.3.3, Enterprise Edition 1.14.4.3 and Community Edition 1.9.4.3.

The three critical vulnerabilities are CVE-2020-3716, CVE-2020-3718 and CVE-2020-3719. The first two, respectively, have a deserialization of untrusted data and security bypass flaws that can lead to arbitrary code execution. The final issue is a SQI injection that if exploited could lead to sensitive information disclosure.

The remaining vulnerabilities, CVE-2020-3715, CVE-2020-3758 and CVE-2020-3717, also can lead to sensitive information disclosure if exploited by an attacker. The first two are stored cross-site scripting issues and the last deals with a path traversal flaw.

Adobe is recommending users update to the latest version of the software.

Doug Olenick

(Credit: Andreas Prott – stock.adobe.com)

Cloud Security

Google fixes Cloud Composer privilege escalation vulnerability

Laura FrenchApril 22, 2025

Tenable researchers say “ConfusedComposer” highlights how attackers can exploit cloud service permissions.

Korea North flag - 3D realistic waving flag on matrix digital ba

Threat Intelligence

Attacks with BlueKeep, Microsoft Office exploits launched by Kimsuky-linked group

SC StaffApril 22, 2025

Threat operation Larva-24005, which is associated with North Korean state-backed advanced persistent threat group Kimsuky, has been leveraging the critical Microsoft Remote Desktop Services flaw BlueKeep, also tracked as CVE-2019-0708, and the high-severity Microsoft Office Equation Editor vulnerability, tracked as CVE-2017-11882, to infiltrate organizations in Japan and South Korea, with the latter's financial, energy, and software sectors targeted since October 2023, The Hacker News reports.