Telegram Messenger Exploited Again
Back in March 2017 we saw “Secure” WhatsApp and Telegram messenger applications being exploited by the user receiving a seemingly harmless image file which actually hosts malicious HTML code.
This code directs them to a webpage specifically crafted to harvest personal data from the user device and hijack their accounts.
Today it seems that Telegram did not learn their lesson. The application has been exploited again using the same flaw, this time with the aim of distributing malicious software to harness the users device for mining cryptocurrencies.
The 2018 exploit works is by the hacker again sending an image file to be opened by the user which hosts a malicious VB Script. The file would for example be calledphoto_high_re*U+202E*gnp.js.
Note the U+202E part of the name, this is the RLO character which tells Telegram to display the remaining string in reverse hiding the script and keeping the js file extension.
While this exploit primarily targets home users, it is not limited to this audience. Having a capable systems management tool like Syxsense in your environment can help combat these kind of attacks which are becoming more and more frequent.
IoT devices are being targeted by hackers. In the midst of the WannaCry outbreak reports, a factory was reportedly exploited even though its devices had no direct internet access at the time. The culprit after investigation was found to be a coffee machine with Wi-Fi capability.
James Rowney, Service Manager for Verismic commented: “In this day and age we are seeing more and more convenience devices that are obviously designed to make our lives easier when in fact we are just leaving ourselves open to attack.”
When looking at such appliances, we need to consider the potential fall out if they were to be exploited especially in the workplace. If a coffee machine can take down a factory then anything is possible.
Be vigilant, stay protected and consider a systems management tool with IoT tracking capabilities like Syxsense.
Patch Tuesday Release
“January 2018 was one of the worst months for patching I have seen since I joined Verismic” said Verismic Service Manager, James Rowney. “The vast amount of patches released last month left in its wake a sea of bluescreened machines, broken applications and inactive Web browsers. February seems to be following suite which will cause headaches for IT admins.”
2017 saw a similar trend with the headache months being February and November primarily but on the whole it seems that last year was significantly worse than 2016. This does seem to coincide with the change in the way Microsoft handled their patch releases. Let’s hope the rest of this year is more fruitful or it may be worth Microsoft considering going back to their old release strategy.
Microsoft addressed 49 vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft Edge, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore and Adobe Flash. The vulnerabilities could allow an attacker to execute arbitrary code, gain elevated privileges, bypass security protections, view sensitive information, or cause a denial of service condition.
We have chosen a few updates to prioritize this month, this recommendation has been made using evidence from industry experts (including our own) and anticipated business impact.
|CVE-2018-0825||Microsoft||Microsoft Windows StructuredQuery Arbitrary Code Execution Vulnerability||8.1||Yes|
|CVE-2018-0844||Microsoft||Microsoft Windows Common Log File System Driver Privilege Escalation Vulnerability||7.8||Yes|
|CVE-2018-0846||Microsoft||Microsoft Windows Common Log File System Driver Privilege Escalation Vulnerability||7.8||Yes|
|CVE-2018-0840||Microsoft||Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability||7.5||Yes|
|CVE-2018-0847||Microsoft||Microsoft Internet Explorer Information Disclosure Vulnerability||7.5||Yes|
|CVE-2018-0866||Microsoft||Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability||7.5||Yes|
|CVE-2018-0742||Microsoft||Microsoft Windows Kernel Privilege Escalation Vulnerability||7|
|CVE-2018-0756||Microsoft||Microsoft Windows Kernel Privilege Escalation Vulnerability||7|
|CVE-2018-0809||Microsoft||Microsoft Windows Privilege Escalation Vulnerability||7|
|CVE-2018-0820||Microsoft||Microsoft Windows Kernel Privilege Escalation Vulnerability||7|
|CVE-2018-0823||Microsoft||Microsoft Windows Named Pipe File System Privilege Escalation Vulnerability||7|
|CVE-2018-0826||Microsoft||Microsoft Windows Storage Services Privilege Escalation Vulnerability||7|
|CVE-2018-0842||Microsoft||Microsoft Windows Arbitrary Code Execution Vulnerability||6.7|
|CVE-2018-0828||Microsoft||Microsoft Windows Privilege Escalation Vulnerability||6.6|
|CVE-2018-0831||Microsoft||Microsoft Windows Kernel Privilege Escalation Vulnerability||6.6|
|CVE-2018-0755||Microsoft||Microsoft Windows OpenType Font Information Disclosure Vulnerability||5.5|
|CVE-2018-0760||Microsoft||Microsoft Windows OpenType Font Information Disclosure Vulnerability||5.5|
|CVE-2018-0761||Microsoft||Microsoft Windows OpenType Font Information Disclosure Vulnerability||5.5|
|CVE-2018-0853||Microsoft||Microsoft Office Information Disclosure Vulnerability||5.5|
|CVE-2018-0855||Microsoft||Microsoft Windows OpenType Font Information Disclosure Vulnerability||5.5|
|CVE-2018-0864||Microsoft||Microsoft SharePoint Cross-Site Scripting Vulnerability||5.4|
|CVE-2018-0869||Microsoft||Microsoft SharePoint Cross-Site Scripting Vulnerability||5.4|
|CVE-2018-0821||Microsoft||Microsoft Windows AppContainer Privilege Escalation Vulnerability||5.3|
|CVE-2018-0827||Microsoft||Microsoft Windows Security Feature Bypass Vulnerability||5.3|
|CVE-2018-0833||Microsoft||Microsoft Windows SMB Request Processing Denial of Service Vulnerability||4.8|
|CVE-2018-0757||Microsoft||Microsoft Windows Kernel Information Disclosure Vulnerability||4.7|
|CVE-2018-0810||Microsoft||Microsoft Windows Kernel Information Disclosure Vulnerability||4.7|
|CVE-2018-0829||Microsoft||Microsoft Windows Kernel Information Disclosure Vulnerability||4.7|
|CVE-2018-0830||Microsoft||Microsoft Windows Kernel Information Disclosure Vulnerability||4.7|
|CVE-2018-0832||Microsoft||Microsoft Windows Information Disclosure Vulnerability||4.7|
|CVE-2018-0843||Microsoft||Microsoft Windows Kernel Information Disclosure Vulnerability||4.7|
|CVE-2018-0839||Microsoft||Microsoft Edge Information Disclosure Vulnerability||4.3|
|CVE-2018-0850||Microsoft||Microsoft Outlook Security BypassVulnerability||4.3|
|CVE-2018-0763||Microsoft||Microsoft Edge Information Disclosure Vulnerability||4.2|
|CVE-2018-0834||Microsoft||Microsoft Edge Scripting Engine Memory Corruption Vulnerability||4.2|
|CVE-2018-0835||Microsoft||Microsoft Edge Scripting Engine Memory Corruption Vulnerability||4.2|
|CVE-2018-0836||Microsoft||Microsoft Edge Scripting Engine Memory Corruption Vulnerability||4.2|
|CVE-2018-0837||Microsoft||Microsoft Edge Scripting Engine Memory Corruption Vulnerability||4.2|
|CVE-2018-0838||Microsoft||Microsoft Edge Scripting Engine Memory Corruption Vulnerability||4.2|
|CVE-2018-0841||Microsoft||Microsoft Office Memory Corruption Vulnerability||4.2|
|CVE-2018-0851||Microsoft||Microsoft Office Memory Corruption Vulnerability||4.2|
|CVE-2018-0852||Microsoft||Microsoft Outlook Memory Corruption Vulnerability||4.2|
|CVE-2018-0856||Microsoft||Microsoft Edge Scripting Engine Memory Corruption Vulnerability||4.2|
|CVE-2018-0857||Microsoft||Microsoft Edge Scripting Engine Memory Corruption Vulnerability||4.2|
|CVE-2018-0858||Microsoft||Microsoft Edge Scripting Engine Memory Corruption Vulnerability||4.2|
|CVE-2018-0859||Microsoft||Microsoft Edge Scripting Engine Memory Corruption Vulnerability||4.2|
|CVE-2018-0860||Microsoft||Microsoft Edge Scripting Engine Memory Corruption Vulnerability||4.2|