Severe Oracle Vulnerabilities

WebLogic Server Needs Immediate Patching If you are using an Oracle WebLogic Server in your environment, you must patch it now. This easily exploitable vulnerability allows an unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. To compound this…

Bad Dog! Ubuntu Mutt Exploitable Vulnerability

According to a recently released Ubuntu security notice, there are several vulnerabilities within Mutt Ubuntu. The following CVEs detail how an attacker could execute arbitrary code through Mutt incorrectly handling certain requests. In addition, certain inputs could provide access to, or even expose, sensitive information. (CVE-2018-14350, CVE-2018-14352, CVE-2018-14354, CVE-2018-14359, CVE-2018-14358, CVE-2018-14353 , and CVE-2018-14357.) Below…

Microsoft Patch Tuesday: Uninstall

It’s Buggy Out There Microsoft has republished all of the recent July Patch Tuesday updates with one exception: KB 4018385. Microsoft have recalled this update because it crashes Office. What are you to do if you already deployed this patch? We highly recommend our clients uninstall this update and reboot their systems as quickly as…

Will You Avoid This Major Security Threat?

Two Major Vulnerabilities Could Expose You Security vulnerability CVE-2018-8225 and CVE-2018-8267 are both publicly disclosed exploits that have garnered high CVSS scores. These weaknesses were reported to Microsoft through Trend Micro’s Zero Day Initiative (ZDI). CVE-2018-8225 is a vulnerability that impacts the Windows DNS component DNSAPI.dll. An attacker can leverage this flaw to execute arbitrary…

Third-Party Patch Update: June 2018

Third Party Software Updates: June 2018 Roku TV & Sonos IoT devices, which are widely used in businesses that handle sensitive consumer data, such as credit card number and health records, are vulnerable to DNS hacking. These two IoT devices are frequently installed within fast casual dining, medical and dentist businesses. These devices can be…

Ransomware in 2018 Has New Leverage

Ransomware’s Unexpected Ally: GDPR While the intentions of GDPR are positive, analysts are predicting an unintended side effect. Actors using ransomware to extort companies could use GDPR as leverage. With the strict requirements to stay within GDPR compliance, actors can put pressure on victims to pay out as quickly as possible. In addition, because GDPR…

The Real Costs of WSUS

“Why should I pay for an IT management tool? I get WSUS free with Windows!” While WSUS might come with Windows, it is certainly not free. There are hidden expenses to consider. Looking at the number of hours wasted and additional software needed to fully manage your environments, WSUS comes out as more expensive than…

Cortana Exploited to Hack Windows 10 PCs

Cortana Stealing Windows 10 Passwords & Photos Cortana, Microsoft’s AI-based smart assistant, could help attackers unlock your system password. As one of their flagship features, Cortana comes built into every version of Windows 10. Publicly known as CVE-2018-8140, this vulnerability has been given a severity rating of Important by Microsoft. Normally something this invasive would be…

Critical Flaws in Global Security Cameras

Global Security Infrastructure Exposed Axis Communications, the global market leader for IP enabled security cameras, has confirmed there are seven major vulnerabilities in 400 of its security camera models. Axis’ cameras are frequently used as part of critical security infrastructure in places like the Sydney Airport, Moscow Metro and the City of Houston. Exploitation of…