Skip to main content
Tag

patch tues news

||

December Patch Tuesday: Bad Winter

By News, Patch TuesdayNo Comments
[vc_single_image image=”13259″ img_size=”full”]

On the 12th day of December, Verismic sent to me … Top 10 Breaches of 2017!

Throughout this year we have been breaking some of the worst IT security breaches of 2017, which have impacted millions of users worldwide.  We continue to advise our clients the single most important decision you can make to achieve a level of protection for your organization is to onboard a tool like Syxsense to automate the detection of all devices and to automate a rigorous patching processes.  If you need help, please download our Avoiding Patch Doomsday whitepaper or get in touch.

Here are our top 10 IT security breaches for 2017: 

  1. TeamViewer Exploited.  A new vulnerability within TeamViewer has been making news across the internet. In an official statement by the company, they revealed that a GitHub user discovered a vulnerability in TeamViewer’s set of permissions.
  2. Worldwide Malware Attack: Exploring WannaCry.  WannaCry is the worst malware attack of 2017.  As computer virus outbreaks go, this ransomware attack is being called one of the biggest cyberattacks in history and continues to spread worldwide.
  3. Equifax Hack – Cyberattack.  Criminals gained access to certain files in Equifax’s system from mid-May to July by exploiting a weak point in website software affecting 143 million customers worldwide.
  4. Hyatt Hack: Major Data Breach.  41 of its hotels spread across 13 countries confirmed unauthorized access to payment card information.  Hyatt suffered a similar breach affecting 250 hotels located in 50 countries back in 2015.
  5. HBO – Game of Thrones series stolen.  The recent HBO hack may have exposed up to 1.5 terabytes of data.  This is 7 times what Sony lost in the 2014 cyberattack.
  6. CIA Hacks.  Wikileaks recently published the article “Vault 7: CIA Hacking Tools Revealed.”   This list of compromised software includes Notepad++.  When Notepad++ is launched, the original scilexer.dll is replaced by a modified scilexer.dll built by the CIA.
  7. BadRabbit: Newest Ransomware to Target Corporate Networks.  The outbreak began in Russia, infecting big Russian media outlets, but it has already spread.  Several US and UK firms, with corporate entities in the Ukraine and Russia, have already been infected.
  8. Hidden Cobra: North Korea’s History of Hacking.  Since 2009, Hidden Cobra actors have leveraged their capabilities to target and compromise a range of victims; some intrusions have resulted in the exfiltration of data while others have been disruptive in nature.
  9. Invasion of the Body Hackers.  On August 29th, the FDA issued an alert regarding Abbott pacemakers.  Formerly known as St. Jude Medical, the Abbott pacemakers have vulnerabilities in their software.
  10. BitPaymer Ransomware Hits NHS.  The hack caused major disruption, leading to thousands of cancelled appointments.

BREAKING NEWS: 1.4 Billion credentials leaked on the Dark Web!

A huge data dump has been found on the dark web containing 1.4 clear text credentials.  At over 41 gigabytes in size, this will take some time to pass through however you can be assured sophisticated programs will be ready soon to exploit software, apps or websites you are using.  Robert Brown, Director of Services at Verismic said, “No matter how complex your passwords are, it is not going to be complex enough if your password is discovered in this data dump.  Two-factor authentication has been around for years, and Syxsense has been using Two-factor since the beginning to protect our customer identity.  Two-factor authentication within Syxsense requires an additional automatically generated password be entered via email or Google Authenticator ensuring no single password gives you full access to the system.  We would highly encourage our clients to leave it enabled as it is enabled by default.”

Companies Plan to Change Third-Party Vendors that Pose Highest Risks!

Global consulting firm Protiviti and the Shared Assessments Program’s annual Vendor Risk Management Benchmark Study finds that a majority (53 percent) of organizations surveyed are likely to exit or change (de-risk) relationships with some vendors due to heightened risk levels.  The study finds that 71 percent of these organizations will likely change their high-risk relationships over the next 12 months.  Robert Brown, Director of Services for Verismic said, “Deployment of Third-party updates to bring them into compliancy is simple if you are using the right systems management toolset & the right approach to deployment of detected updates.”  The full article can be found here.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]

[vc_single_image image=”10055″ img_size=”180×180 px” alignment=”center”]

[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”]

December Patch Tuesday Release

Microsoft addressed 32 vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft Edge, Microsoft Exchange, Microsoft Excel, Microsoft PowerPoint, and Microsoft SharePoint.  The vulnerabilities could allow an attacker to execute arbitrary code, gain elevated privileges, bypass security protections, view sensitive information, or cause a denial of service condition.  We have chosen a few updates to prioritise this month, this recommendation has been made using evidence from industry experts (including our own), anticipated business impact & most importantly the independent CVSS score for the vulnerability.  The independent CVSS scores used in the table below range from 0 to 10.  Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 are Medium, and 0-3.9 are Low.

 

CVE ID Vulnerability Alert CVSS Base Score Recommended
CVE-2017-11886 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11890 Microsoft Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11894 Microsoft Edge and Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11895 Microsoft Edge and Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11899 Microsoft Windows Security Feature Bypass Vulnerability 7.5 Yes
CVE-2017-11901 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11903 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11907 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11912 Microsoft Edge and Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11913 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11919 Microsoft Edge and Internet Explorer Information Disclosure Vulnerability 7.5 Yes
CVE-2017-11930 Microsoft Edge and Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11885 Microsoft Windows RRAS Arbitrary Code Execution Vulnerability 6.6 Yes
CVE-2017-11932 Microsoft Exchange Spoofing Vulnerability 5.4 Yes
CVE-2017-11936 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4 Yes
CVE-2017-11887 Microsoft Internet Explorer Scripting Engine Information Disclosure Vulnerability 4.3
CVE-2017-11906 Microsoft Internet Explorer Scripting Engine Information Disclosure Vulnerability 4.3
CVE-2017-11927 Microsoft Windows Information Disclosure Vulnerability 4.3
CVE-2017-11934 Microsoft PowerPoint Information Disclosure Vulnerability 4.3
CVE-2017-11888 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11889 Microsoft Edge Memory Corruption Vulnerability 4.2
CVE-2017-11893 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11905 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11908 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11909 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11910 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11911 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11914 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11916 Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11918 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11935 Microsoft Excel Arbitrary Code Execution Vulnerability 4.2
CVE-2017-11939 Microsoft Office Information Disclosure Vulnerability 3.1
[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”][dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]
|

November Patch Tuesday: High-Speed Malware

By News, Patch TuesdayNo Comments
[vc_single_image image=”13170″ img_size=”full”]

Russia Caught On Top

Towards the end of October, we started to see a flow of ransomware attacks from Russia with called Bad Rabbit.

This epidemic has been targeting organizations and consumers, mostly in Russia but there have also been reports of victims in Ukraine and across Europe. Bad Rabbit was the latest in a wave of recent ransomware attacks sweeping across the globe.

This new exploit reiterated the fact that Microsoft patching alone is not sufficient to protect yourself or your infrastructure from these kind of attacks. This particular exploit needs to be exploited manually, a user is “duped” into thinking they are downloading a seemingly innocent Adobe Flash player update from what looks to be a legitimate website. Once activated Bad Rabbit then triggers the EthernalRomance exploit infection vector to spread within corporate networks in the same way as WannaCry and NotPetya.

James Rowney, Service Manager for Verismic said in an email “Patch management in this day and age is paramount, your platform of choice should be able to protect all major Operating Systems and vendor applications. Syxsense supports updates for Microsoft, Linux, Macintosh and long list of third party vendor applications so with CMS you can be assured that you have the ability to protect yourself.”

Malware speeds its way across the UK

Last week closer to home reports started to come in that fake speeding notices have been sent out across the UK which are being used to deliver malware. This new threat to the public is aimed at home users and is sent in the form of an email entitled Notice of Prosecution which claims to have photographic evidence and supplies a link. Clicking on the link will download banking malware to the victim’s device.

Should you receive an email of this kind the first things to look for are any grammatical errors or spelling mistakes, the mails also tend to have ridiculously high speeds recorded, 90mph in a 30mph zone for example.

Should you receive an email of this kind the first things to look for are any grammatical errors or spelling mistakes, the mails also tend to have ridiculously high speeds recorded, 90mph in a 30mph zone for example.

Police have advised people to delete any mails relating to Notice of Prosecution without opening them as all prosecution notices are send to the registered address of the vehicle by post. There was a similar strategy used in December 2016 so it seems the cyber criminals are out to ruin the holidays for some poor victims again this year.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRAIL[/dt_default_button]

[vc_single_image image=”12852″ img_size=”180×180 px” alignment=”center”]

[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”]

November Microsoft Patch Tuesday Release

Microsoft published its monthly security updates on November 14, 2017, addressing 53 vulnerabilities in Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, ASP.NET Core and .NET Core, Chakra Core. The vulnerabilities could allow an attacker to execute arbitrary code, gain elevated privileges, bypass security protections, view sensitive information, or cause a denial of service. Full details of the complete Security Update Guide can be found here.

We have chosen a few updates to prioritise this month, this recommendation has been made using evidence from industry experts (including our own), anticipated business impact and most importantly the independent CVSS score for the vulnerability. The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 are Medium, and 0-3.9 are Low.

ID Vulnerability Alert CVSS Base Score Recommended
CVE-2017-11876 Microsoft Project Privilege Escalation Vulnerability 8.8 Yes
CVE-2017-11827 Microsoft Edge and Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11855 Microsoft Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11856 Microsoft Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11869 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11847 Microsoft Windows Kernel Privilege Escalation Vulnerability 7 Yes
CVE-2017-11770 Microsoft ASP.NET Core Denial Of Service Vulnerability 5.9  
CVE-2017-11788 Microsoft Windows Search Denial of Service Vulnerability 5.9  
CVE-2017-11830 Microsoft Windows Device Guard Security Feature Bypass Vulnerability 5.3  
CVE-2017-11883 Microsoft ASP.NET Core Request Handling Denial Of Service Vulnerability 5.3  
CVE-2017-11831 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7  
CVE-2017-11832 Microsoft Windows Embedded OpenType Font Engine Information Disclosure Vulnerability 4.7  
CVE-2017-11835 Microsoft Windows Embedded OpenType Font Engine Information Disclosure Vulnerability 4.7  
CVE-2017-11842 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7  
CVE-2017-11849 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7  
CVE-2017-11850 Microsoft Windows Graphics Component Information Disclosure Vulnerability 4.7
CVE-2017-11851 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-11852 Microsoft Windows Graphics Component Information Disclosure Vulnerability 4.7
CVE-2017-11853 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-11880 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-11877 Microsoft Excel Security Feature Bypass Vulnerability 4.4
CVE-2017-8700 Microsoft ASP.NET Core Information Disclosure Vulnerability 4.3  
CVE-2017-11791 Microsoft Edge and Internet Explorer Scripting Engine Information Disclosure Vulnerability 4.3  
CVE-2017-11803 Microsoft Edge Information Disclosure Vulnerability 4.3  
CVE-2017-11833 Microsoft Edge Information Disclosure Vulnerability 4.3
CVE-2017-11834 Microsoft Internet Explorer Scripting Engine Information Disclosure Vulnerability 4.3
CVE-2017-11844 Microsoft Edge Information Disclosure Vulnerability 4.3
CVE-2017-11848 Microsoft Internet Explorer Information Disclosure Vulnerability 4.3
CVE-2017-11872 Microsoft Edge Security Feature Bypass Vulnerability 4.3
CVE-2017-11879 Microsoft ASP.NET Core URL Redirection Vulnerability 4.3
CVE-2017-11836 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11837 Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11838 Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11839 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11840 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11841 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11843 Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11845 Microsoft Edge Memory Corruption Vulnerability 4.2
CVE-2017-11846 Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11854 Microsoft Word Memory Corruption Vulnerability 4.2
CVE-2017-11858 Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11861 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11862 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11863 Microsoft Edge Security Feature Bypass Vulnerability 4.2
CVE-2017-11866 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11870 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11871 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11873 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11874 Microsoft Edge Security Feature Bypass Vulnerability 4.2
CVE-2017-11878 Microsoft Excel Memory Corruption Vulnerability 4.2
CVE-2017-11882 Microsoft Office Memory Corruption Vulnerability 4.2
CVE-2017-11768 Microsoft Windows Media Player Information Disclosure Vulnerability 2.5
[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”][dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]