Third-Party Patch Update: August 2018

Chrome Vulnerability Endangers Your Private Data A vulnerability has been found within Chrome that would allow actors to access information stored by other web platforms, such as major data hoarders Facebook and Google. CVE-2018-6177 was uncovered by Ron Masas, a security researcher from Imperva, and reported to Google. “With several scripts running at once —…

Adobe Alert: Zero-Day Update

Photoshop Gets Edited Adobe released an out-of-band security update to address two critical remote code execution vulnerabilities impacting Adobe Photoshop CC for Windows and Apple devices. These two vulnerabilities, identified as CVE-2018-12810 and CVE-2018-12811, impact Adobe Photoshop CC 2018 version 19.x as well as Adobe Photoshop CC 2017 version 18.x. Although these updates carry an…

IT Admins: Block Outbound Server Message Block (SMB) Traffic Now

Corporate Network Credential Harvesting The US National Cybersecurity & Communications Integrations Center (NCCIC) recently issued advice that all organizations should block outbound Server Message Block (SMB) traffic at the firewall – Ports 137/139/445. A recent hack has been identified that leverages Window’s ability to automatically log on to remote devices when connecting to a share.…

The ‘Foreshadow’ of More Intel Issues

Foreshadow Flaw Found in Intel CPUs For the more than a billion computers that depend on Intel CPUs, the flaws just keep coming. Thanks to work by researchers from KU Leuven University in Belgium, along with the universities of Adelaide and Michigan, Intel has been made aware of yet another major weakness in their processor…

High Severity Linux Kernel Bug

Stop the Remote Attackers A global Linux kernel bug affecting almost every Linux operating system could currently be used to expose millions of Linux servers around the world. The vulnerability (CVE-2018-5391) carrying a CVSS score of 7.8 (High Severity) relates to the Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions…

Patch Tuesday? More Like Patch Doomsday

August Patch Tuesday Release Microsoft have released 60 security patches today covering Internet Explorer (IE), Edge, ChakraCore, Windows components, .NET Framework, SQL Server, as well as Microsoft Office and Office Services. Out of these 60 CVEs, 19 are listed as Critical, 39 are rated Important, one is rated as Moderate, and one is rated as…

Zero-Day: HP Printer Hack

Exposing your network with HP OfficeJet Printers A malicious fax sent to an vulnerable all-in-one inkjet printer can give hackers control of the printer and act as a springboard into your network environment. HP’s implementation of a widely used fax protocol is used in all its OfficeJet all-in-one inkjet printers.  HP Inc. has released patches for…

FBI PSA: IoT Devices Targeted by Attackers

The FBI has Released a New PSA According to the alert, I-080218-PSA, actors with malicious intent have been actively using vulnerable IoT devices. Said devices act as proxies to route malicious traffic for cyber attacks and computer network exploitation. This reinforces what we have been saying for a very long time. Ignoring or mismanaging IoT…

Bluetooth Authentication Exploitable

Avoiding Bluetooth Decay A CERT advisory has been released regarding the stability of Bluetooth authentication. In short, the advisory outlines that “the authentication provided by the Bluetooth pairing protocols is insufficient.” This weakness in the Bluetooth key exchange is exploitable and could allow a remote attacker to intercept encryption data. Potentially, malicious actors could view…