Russia Caught On Top
Towards the end of October, we started to see a flow of ransomware attacks from Russia with called Bad Rabbit.
This epidemic has been targeting organizations and consumers, mostly in Russia but there have also been reports of victims in Ukraine and across Europe. Bad Rabbit was the latest in a wave of recent ransomware attacks sweeping across the globe.
This new exploit reiterated the fact that Microsoft patching alone is not sufficient to protect yourself or your infrastructure from these kind of attacks. This particular exploit needs to be exploited manually, a user is “duped” into thinking they are downloading a seemingly innocent Adobe Flash player update from what looks to be a legitimate website. Once activated Bad Rabbit then triggers the EthernalRomance exploit infection vector to spread within corporate networks in the same way as WannaCry and NotPetya.
James Rowney, Service Manager for Verismic said in an email “Patch management in this day and age is paramount, your platform of choice should be able to protect all major Operating Systems and vendor applications. Syxsense supports updates for Microsoft, Linux, Macintosh and long list of third party vendor applications so with CMS you can be assured that you have the ability to protect yourself.”
Malware speeds its way across the UK
Last week closer to home reports started to come in that fake speeding notices have been sent out across the UK which are being used to deliver malware. This new threat to the public is aimed at home users and is sent in the form of an email entitled Notice of Prosecution which claims to have photographic evidence and supplies a link. Clicking on the link will download banking malware to the victim’s device.
Should you receive an email of this kind the first things to look for are any grammatical errors or spelling mistakes, the mails also tend to have ridiculously high speeds recorded, 90mph in a 30mph zone for example.
Should you receive an email of this kind the first things to look for are any grammatical errors or spelling mistakes, the mails also tend to have ridiculously high speeds recorded, 90mph in a 30mph zone for example.
Police have advised people to delete any mails relating to Notice of Prosecution without opening them as all prosecution notices are send to the registered address of the vehicle by post. There was a similar strategy used in December 2016 so it seems the cyber criminals are out to ruin the holidays for some poor victims again this year.
[vc_single_image image=”12852″ img_size=”180×180 px” alignment=”center”]
November Microsoft Patch Tuesday Release
Microsoft published its monthly security updates on November 14, 2017, addressing 53 vulnerabilities in Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, ASP.NET Core and .NET Core, Chakra Core. The vulnerabilities could allow an attacker to execute arbitrary code, gain elevated privileges, bypass security protections, view sensitive information, or cause a denial of service. Full details of the complete Security Update Guide can be found here.
We have chosen a few updates to prioritise this month, this recommendation has been made using evidence from industry experts (including our own), anticipated business impact and most importantly the independent CVSS score for the vulnerability. The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 are Medium, and 0-3.9 are Low.
| ID | Vulnerability Alert | CVSS Base Score | Recommended |
| CVE-2017-11876 | Microsoft Project Privilege Escalation Vulnerability | 8.8 | Yes |
| CVE-2017-11827 | Microsoft Edge and Internet Explorer Memory Corruption Vulnerability | 7.5 | Yes |
| CVE-2017-11855 | Microsoft Internet Explorer Memory Corruption Vulnerability | 7.5 | Yes |
| CVE-2017-11856 | Microsoft Internet Explorer Memory Corruption Vulnerability | 7.5 | Yes |
| CVE-2017-11869 | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability | 7.5 | Yes |
| CVE-2017-11847 | Microsoft Windows Kernel Privilege Escalation Vulnerability | 7 | Yes |
| CVE-2017-11770 | Microsoft ASP.NET Core Denial Of Service Vulnerability | 5.9 | |
| CVE-2017-11788 | Microsoft Windows Search Denial of Service Vulnerability | 5.9 | |
| CVE-2017-11830 | Microsoft Windows Device Guard Security Feature Bypass Vulnerability | 5.3 | |
| CVE-2017-11883 | Microsoft ASP.NET Core Request Handling Denial Of Service Vulnerability | 5.3 | |
| CVE-2017-11831 | Microsoft Windows Kernel Information Disclosure Vulnerability | 4.7 | |
| CVE-2017-11832 | Microsoft Windows Embedded OpenType Font Engine Information Disclosure Vulnerability | 4.7 | |
| CVE-2017-11835 | Microsoft Windows Embedded OpenType Font Engine Information Disclosure Vulnerability | 4.7 | |
| CVE-2017-11842 | Microsoft Windows Kernel Information Disclosure Vulnerability | 4.7 | |
| CVE-2017-11849 | Microsoft Windows Kernel Information Disclosure Vulnerability | 4.7 | |
| CVE-2017-11850 | Microsoft Windows Graphics Component Information Disclosure Vulnerability | 4.7 | |
| CVE-2017-11851 | Microsoft Windows Kernel Information Disclosure Vulnerability | 4.7 | |
| CVE-2017-11852 | Microsoft Windows Graphics Component Information Disclosure Vulnerability | 4.7 | |
| CVE-2017-11853 | Microsoft Windows Kernel Information Disclosure Vulnerability | 4.7 | |
| CVE-2017-11880 | Microsoft Windows Kernel Information Disclosure Vulnerability | 4.7 | |
| CVE-2017-11877 | Microsoft Excel Security Feature Bypass Vulnerability | 4.4 | |
| CVE-2017-8700 | Microsoft ASP.NET Core Information Disclosure Vulnerability | 4.3 | |
| CVE-2017-11791 | Microsoft Edge and Internet Explorer Scripting Engine Information Disclosure Vulnerability | 4.3 | |
| CVE-2017-11803 | Microsoft Edge Information Disclosure Vulnerability | 4.3 | |
| CVE-2017-11833 | Microsoft Edge Information Disclosure Vulnerability | 4.3 | |
| CVE-2017-11834 | Microsoft Internet Explorer Scripting Engine Information Disclosure Vulnerability | 4.3 | |
| CVE-2017-11844 | Microsoft Edge Information Disclosure Vulnerability | 4.3 | |
| CVE-2017-11848 | Microsoft Internet Explorer Information Disclosure Vulnerability | 4.3 | |
| CVE-2017-11872 | Microsoft Edge Security Feature Bypass Vulnerability | 4.3 | |
| CVE-2017-11879 | Microsoft ASP.NET Core URL Redirection Vulnerability | 4.3 | |
| CVE-2017-11836 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability | 4.2 | |
| CVE-2017-11837 | Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability | 4.2 | |
| CVE-2017-11838 | Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability | 4.2 | |
| CVE-2017-11839 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability | 4.2 | |
| CVE-2017-11840 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability | 4.2 | |
| CVE-2017-11841 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability | 4.2 | |
| CVE-2017-11843 | Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability | 4.2 | |
| CVE-2017-11845 | Microsoft Edge Memory Corruption Vulnerability | 4.2 | |
| CVE-2017-11846 | Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability | 4.2 | |
| CVE-2017-11854 | Microsoft Word Memory Corruption Vulnerability | 4.2 | |
| CVE-2017-11858 | Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability | 4.2 | |
| CVE-2017-11861 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability | 4.2 | |
| CVE-2017-11862 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability | 4.2 | |
| CVE-2017-11863 | Microsoft Edge Security Feature Bypass Vulnerability | 4.2 | |
| CVE-2017-11866 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability | 4.2 | |
| CVE-2017-11870 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability | 4.2 | |
| CVE-2017-11871 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability | 4.2 | |
| CVE-2017-11873 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability | 4.2 | |
| CVE-2017-11874 | Microsoft Edge Security Feature Bypass Vulnerability | 4.2 | |
| CVE-2017-11878 | Microsoft Excel Memory Corruption Vulnerability | 4.2 | |
| CVE-2017-11882 | Microsoft Office Memory Corruption Vulnerability | 4.2 | |
| CVE-2017-11768 | Microsoft Windows Media Player Information Disclosure Vulnerability | 2.5 |
