High Severity Linux Kernel Bug

Stop the Remote Attackers A global Linux kernel bug affecting almost every Linux operating system could currently be used to expose millions of Linux servers around the world. The vulnerability (CVE-2018-5391) carrying a CVSS score of 7.8 (High Severity) relates to the Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions…

Patch Tuesday? More Like Patch Doomsday

August Patch Tuesday Release Microsoft have released 60 security patches today covering Internet Explorer (IE), Edge, ChakraCore, Windows components, .NET Framework, SQL Server, as well as Microsoft Office and Office Services. Out of these 60 CVEs, 19 are listed as Critical, 39 are rated Important, one is rated as Moderate, and one is rated as…

Zero-Day: HP Printer Hack

Exposing your network with HP OfficeJet Printers A malicious fax sent to an vulnerable all-in-one inkjet printer can give hackers control of the printer and act as a springboard into your network environment. HP’s implementation of a widely used fax protocol is used in all its OfficeJet all-in-one inkjet printers.  HP Inc. has released patches for…

FBI PSA: IoT Devices Targeted by Attackers

The FBI has Released a New PSA According to the alert, I-080218-PSA, actors with malicious intent have been actively using vulnerable IoT devices. Said devices act as proxies to route malicious traffic for cyber attacks and computer network exploitation. This reinforces what we have been saying for a very long time. Ignoring or mismanaging IoT…

Bluetooth Authentication Exploitable

Avoiding Bluetooth Decay A CERT advisory has been released regarding the stability of Bluetooth authentication. In short, the advisory outlines that “the authentication provided by the Bluetooth pairing protocols is insufficient.” This weakness in the Bluetooth key exchange is exploitable and could allow a remote attacker to intercept encryption data. Potentially, malicious actors could view…

Ransomware Disrupts Massive Shipping Company

Cyberattack Causes Shipping Industry Disaster COSCO, one of the world’s largest shipping companies, has experienced a ransomware attack on their US network. Their Long Beach terminal reported that their website and telephone network went down on July 25. The company initially downplayed the event, however it quickly became apparent this was much more than a…

Severe Oracle Vulnerabilities

WebLogic Server Needs Immediate Patching If you are using an Oracle WebLogic Server in your environment, you must patch it now. This easily exploitable vulnerability allows an unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. To compound this…

Bad Dog! Ubuntu Mutt Exploitable Vulnerability

According to a recently released Ubuntu security notice, there are several vulnerabilities within Mutt Ubuntu. The following CVEs detail how an attacker could execute arbitrary code through Mutt incorrectly handling certain requests. In addition, certain inputs could provide access to, or even expose, sensitive information. (CVE-2018-14350, CVE-2018-14352, CVE-2018-14354, CVE-2018-14359, CVE-2018-14358, CVE-2018-14353 , and CVE-2018-14357.) Below…

Microsoft Patch Tuesday: Uninstall

It’s Buggy Out There Microsoft has republished all of the recent July Patch Tuesday updates with one exception: KB 4018385. Microsoft have recalled this update because it crashes Office. What are you to do if you already deployed this patch? We highly recommend our clients uninstall this update and reboot their systems as quickly as…