Get expert insights you can't find anywhere else - watch nowWith major releases from both Firefox and Chrome this week, there has been enough to keep everyone busy for the month. In case you missed it, check out October Threat Thursday where we analyze the biggest security threats for the month!

In the news, Microsoft SQL 2012 and 2014 are being actively attacked in the wild with previously unknown malware. Dubbed “Skip-2.0” by ESET security researchers, this backdoor malware is designed to be laid down after a successful exploit. After implementation, remote attackers can then connect later with a known password. This allows the attackers to then access, modify, or delete data at their convenience without creating a larger footprint than is necessary.

Security Releases

Google released Chrome 78 on Tuesday with a total of 37 security fixes, including 21 CVEs. While this release contains valuable security fixes, it appears that Symantec Endpoint Protection is not playing nicely with the update. According to Symantec’s support article, all tabs will crash in a browser session with the notorious “Aw, Snap!” error page. This error appears to be caused by Microsoft’s Code Integrity feature and can be disabled as a workaround until SEP can be upgraded later.

Firefox 70 released on Tuesday as well, with a total of 13 CVEs listed in Mozilla’s security advisory. The most interesting feature is titled “Firefox Lockwise” that will keep track of the latest data breaches in relation to saved credentials and alert you if a breach occurs. As with most major releases by Mozilla, Firefox ESR 68.2 and Thunderbird 68.2 released as well, with many shared fixes to the vulnerabilities found in the leading branch.

Third-Party Updates

While Google and Mozilla were the high-profile releases this week, our other supported vendors were busy providing non-security updates for their products. Review the list below to make sure you stay up to date on your full environment.

Software Title

Ivanti ID

Ivanti KB

Adobe Acrobat DC and Acrobat Reader DC 19.021.20049

ARDC19-011

QADC1902120049

GoodSync 10.10.10.10

GOODSYNC-132

QGS10101010

GoToMeeting 10.1.2.15251

GOTOM-074

QGTM1012

Microsoft Power BI Desktop 2.74.5619.841

PBID-070

QBI2745619841

Microsoft Power BI Desktop 2.74.5619.862

PBID-071

QBI2745619862

Nitro Pro 13.2.6.26

NITRO-028

QNITRO132626

Nitro Pro Enterprise 13.2.6.26

NITROE-009

QNITROE132626

Node.JS 10.17.0 (LTS Lower)

NOJSLL-008

QNODEJSLL10170

Node.JS 12.13.0 (LTS Upper)

NOJSLU-012

QNODEJSLU12130

Node.JS 13.0.1 (Current)

NOJSC-027

QNODEJSC1301

Opera 64.0.3417.73

OPERA-234

QOP640341773

Snagit 2020.0.0

SNAG-030

QSNAG2000

Splunk Universal Forwarder 8.0.0

SPLUNKF-042

QSPLUNKF800

TeamViewer 11.3.17789

TVIEW-058

QTVIEW11317789

TeamViewer 12.3.17791

TVIEW-057

QTVIEWH12317791

TeamViewer 13.2.36216

TVIEW-056

QTVIEWH13236216

TeamViewer 14.7.1965

TVIEW-055

QTVIEWH1471965

VMware Tools 11.0.1

VMWT-030

QVMWT1101

Wireshark 2.6.12

WIRES-105

QWIRES2612

Wireshark 3.0.6

WIRES-104

QWIRES306