
Money Well Spent
Every dollar of fraud to merchants and firms in the retail and financial services sector is estimated to cost $2.66 on average, said a new fraud report.
The LexisNexis Fraud Multiplier estimates the total amount of loss a business incurs, based on chargebacks, fees, interest, merchandise replacement and redistribution.
The study also investigates fraud costs as a percentage of revenues, as reported by survey respondents, to be nearly 2 percent (1.90 percent) across retail, e-commerce, financial services and digital lending businesses. Businesses that sell digital goods and/or conduct transactions primarily through remote channels take an even harder hit to their bottom line at 2.51 percent of revenues.
Robert Brown, Director of Services for Verismic says, “It’s astonishing how much money is being lost because critical systems are not being kept up to date. Updating critical systems is so easy using Syxsense. We recommend starting a trial to see how it can work for you.” Full article can be found here.
As recent as last Wednesday, a U.S. government website was hosting malicious ransomware. It has been wildly speculated that either the site was hacked, or it possibly stores attachments from government officials’ emails and the downloader was archived.
The ransomware had similarities to the Blank Slate spam campaign which earlier this year was spreading Cerber. Emails in that campaign contained only a double-zip archive with the second containing either a malicious JavaScript file or a malicious Microsoft Word document. The emails contain no text, and experts believed then that all of this combined to evade detection.
Researcher Ankit Anubhav of NewSky Security tweeted the discovery Wednesday, and within hours, the malware link was taken down. It’s unknown whether anyone was infected through the site, full article can be found here.
Check your Equifax Credit Report and Score Now
Victims of the massive Equifax breach may have to wait days to find out if they were impacted. Americans who either applied for new jobs, loans, or just wanted to check their credit score via Equifax are having a difficult time getting answers as to whether they are part of the breach of 143 million records that occurred Thursday.
Details of how this breach happened is still very unclear, however with companies suffering the same fate over the past year, the root cause is likely to be via a sophisticated cyberattack exposed using vulnerable software or operating systems.
Robert Brown, Director of Services for Verismic says, “We recommend clients download our ‘5 Biggest Patch Mistakes‘ whitepaper.
Microsoft published its monthly security updates on September 12, 2017. Microsoft addressed 81 vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft Edge, and Microsoft Office. The vulnerabilities could allow an attacker to execute arbitrary code, gain elevated privileges, bypass security protections, view sensitive information, or cause a denial of service. Full details of the complete Security Update Guide can be found here.
Microsoft Updates
We have chosen a few updates to prioritize this month. This recommendation has been made using evidence from industry experts (including our own), anticipated business impact and the independent CVSS score for the vulnerability. The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 as Medium, and 0-3.9 as Low.
ID | Vulnerability Alert | CVSS Score | Recommended |
CVE-2017-8686 | Microsoft Windows DHCP Server Remote Code Execution Vulnerability | 9.8 | Yes |
CVE-2017-8630 | Microsoft Office Memory Corruption Vulnerability | 9.6 | Yes |
CVE-2017-8631 | Microsoft Office Memory Corruption Vulnerability | 9.6 | Yes |
CVE-2017-8632 | Microsoft Office Memory Corruption Vulnerability | 9.6 | Yes |
CVE-2017-8725 | Microsoft Office Publisher Arbitrary Code Execution Vulnerability | 9.6 | Yes |
CVE-2017-9417 | Microsoft Windows HoloLens Wireless Network Driver Arbitrary Code Execution Vulnerability | 8.8 | Yes |
CVE-2017-8567 | Microsoft Office Arbitrary Code Execution Vulnerability | 8.6 | Yes |
CVE-2017-8744 | Microsoft Office Memory Corruption Vulnerability | 8.6 | Yes |
CVE-2017-8682 | Microsoft Windows Graphics Component Remote Code Execution Vulnerability | 8.4 | Yes |
CVE-2017-8742 | Microsoft PowerPoint Arbitrary Code Execution Vulnerability | 8.3 | Yes |
CVE-2017-8743 | Microsoft PowerPoint Arbitrary Code Execution Vulnerability | 8.3 | Yes |
CVE-2017-0161 | Microsoft Windows NetBIOS Packet Processing Arbitrary Code Execution Vulnerability | 8.1 | Yes |
CVE-2017-8628 | Microsoft Windows Bluetooth Driver Spoofing Vulnerability | 8.1 | Yes |
CVE-2017-8714 | Microsoft Windows Remote Desktop Virtual Host Arbitrary Code Execution Vulnerability | 7.8 | Yes |
CVE-2017-8720 | Microsoft Windows Win32k Kernel Driver Privilege Escalation Vulnerability | 7.8 | Yes |
CVE-2017-8759 | Microsoft .NET Framework Arbitrary Code Execution Vulnerability | 7.8 | Yes |
CVE-2017-8695 | Microsoft Windows Uniscribe Component Information Disclosure Vulnerability | 7.5 | Yes |
CVE-2017-8696 | Microsoft Windows Uniscribe Component Arbitrary Code Execution Vulnerability | 7.5 | Yes |
CVE-2017-8702 | Microsoft Windows Privilege Escalation Vulnerability | 7.5 | Yes |
CVE-2017-8747 | Microsoft Internet Explorer Memory Corruption Vulnerability | 7.5 | Yes |
CVE-2017-8749 | Microsoft Internet Explorer Memory Corruption Vulnerability | 7.5 | Yes |
CVE-2017-8750 | Microsoft Edge and Internet Explorer Memory Corruption Vulnerability | 7.5 | Yes |
CVE-2017-8706 | Microsoft Windows Hyper-V Information Disclosure Vulnerability | 7.2 | Yes |
CVE-2017-8707 | Microsoft Windows Hyper-V Information Disclosure Vulnerability | 7.2 | Yes |
CVE-2017-8711 | Microsoft Windows Hyper-V Information Disclosure Vulnerability | 7.2 | Yes |
CVE-2017-8712 | Microsoft Windows Hyper-V Information Disclosure Vulnerability | 7.2 | Yes |
CVE-2017-8713 | Microsoft Windows Hyper-V Information Disclosure Vulnerability | 7.2 | Yes |
CVE-2017-8675 | Microsoft Windows Win32k Kernel Driver Privilege Escalation Vulnerability | 7 | Yes |
CVE-2017-8699 | Microsoft Windows Shell Command Arbitrary Code Execution Vulnerability | 6.4 | |
CVE-2017-8758 | Microsoft Exchange Cross-Site Scripting Vulnerability | 6.1 | |
CVE-2017-8677 | Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability | 5.5 | |
CVE-2017-8678 | Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability | 5.5 | |
CVE-2017-8679 | Microsoft Windows Kernel Information Disclosure Vulnerability | 5.5 | |
CVE-2017-8680 | Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability | 5.5 | |
CVE-2017-8681 | Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability | 5.5 | |
CVE-2017-8683 | Microsoft Windows Graphics Component Information Disclosure Vulnerability | 5.5 | |
CVE-2017-8684 | Microsoft Windows Win32k Graphics Component Information Disclosure Vulnerability | 5.5 | |
CVE-2017-8685 | Microsoft Windows Win32k Graphics Component Information Disclosure Vulnerability | 5.5 | |
CVE-2017-8687 | Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability | 5.5 | |
CVE-2017-8688 | Microsoft Windows Graphics Device Interface Information Disclosure Vulnerability | 5.5 | |
CVE-2017-8629 | Microsoft SharePoint Cross-Site Scripting Vulnerability | 5.4 | |
CVE-2017-8745 | Microsoft SharePoint Cross-Site Scripting Vulnerability | 5.4 | |
CVE-2017-8704 | Microsoft Windows Hyper-V Denial of Service Vulnerability | 5.3 | |
CVE-2017-8746 | Microsoft Windows Device Guard Security Feature Bypass Vulnerability | 5.3 | |
CVE-2017-11761 | Microsoft Exchange Information Disclosure Vulnerability | 5.3 | |
CVE-2017-8692 | Microsoft Windows Uniscribe Component Arbitrary Code Execution Vulnerability | 5 | |
CVE-2017-8716 | Microsoft Windows Security Feature Bypass Vulnerability | 4.9 | |
CVE-2017-8708 | Microsoft Windows Kernel Information Disclosure Vulnerability | 4.7 | |
CVE-2017-8709 | Microsoft Windows Kernel Information Disclosure Vulnerability | 4.7 | |
CVE-2017-8719 | Microsoft Windows Kernel Information Disclosure Vulnerability | 4.7 | |
CVE-2017-8710 | Microsoft Windows Kernel Information Disclosure Vulnerability | 4.4 | |
CVE-2017-8597 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability | 4.3 | |
CVE-2017-8643 | Microsoft Edge Information Disclosure Vulnerability | 4.3 | |
CVE-2017-8648 | Microsoft Edge Scripting Engine Information Disclosure Vulnerability | 4.3 | |
CVE-2017-8723 | Microsoft Edge Security Bypass Vulnerability | 4.3 | |
CVE-2017-8724 | Microsoft Edge Spoofing Vulnerability | 4.3 | |
CVE-2017-8733 | Microsoft Internet Explorer Spoofing Vulnerability | 4.3 | |
CVE-2017-8735 | Microsoft Edge Spoofing Vulnerability | 4.3 | |
CVE-2017-8736 | Microsoft Edge and Internet Explorer Information Disclosure Vulnerability | 4.3 | |
CVE-2017-8739 | Microsoft Edge Scripting Engine Information Disclosure Vulnerability | 4.3 | |
CVE-2017-8649 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability | 4.2 | |
CVE-2017-8660 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability | 4.2 | |
CVE-2017-8728 | Microsoft Windows PDF Document Processing Arbitrary Code Execution Vulnerability | 4.2 | |
CVE-2017-8729 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability | 4.2 | |
CVE-2017-8731 | Microsoft Edge Memory Corruption Vulnerability | 4.2 | |
CVE-2017-8734 | Microsoft Edge Memory Corruption Vulnerability | 4.2 | |
CVE-2017-8737 | Microsoft Windows PDF Document Processing Arbitrary Code Execution Vulnerability | 4.2 | |
CVE-2017-8738 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability | 4.2 | |
CVE-2017-8740 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability | 4.2 | |
CVE-2017-8741 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability | 4.2 | |
CVE-2017-8748 | Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability | 4.2 | |
CVE-2017-8751 | Microsoft Edge Memory Corruption Vulnerability | 4.2 | |
CVE-2017-8752 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability | 4.2 | |
CVE-2017-8753 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability | 4.2 | |
CVE-2017-8754 | Microsoft Edge Security Bypass Vulnerability | 4.2 | |
CVE-2017-8755 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability | 4.2 | |
CVE-2017-8756 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability | 4.2 | |
CVE-2017-8757 | Microsoft Edge Arbitrary Code Execution Vulnerability | 4.2 | |
CVE-2017-11764 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability | 4.2 | |
CVE-2017-11766 | Microsoft Edge Memory Corruption Vulnerability | 4.2 | |
CVE-2017-8676 | Microsoft Windows Graphics Device Interface Information Disclosure Vulnerability | 3.3 |
Get Started
Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.