As part of its monthly Update Tuesday , Microsoft announced Vulnerability-related.PatchVulnerability this week that they ’ ve released Vulnerability-related.PatchVulnerability a preliminary fix for a vulnerability rated important , and present in Vulnerability-related.DiscoverVulnerability all supported versions of Windows in circulation ( basically any client or server version of Windows from 2008 onward ) . The flaw affects Vulnerability-related.DiscoverVulnerability the Credential Security Support Provider ( CredSSP ) protocol , which is used in all instances of Windows ’ Remote Desktop Protocol ( RDP ) and Remote Management ( WinRM ) . The vulnerability , CVE-2018-0886 , could allow remote code execution via a physical or wifi-based Man-in-the-Middle attack , where the attacker steals Attack.Databreach session data , including local user credentials , during the CredSSP authentication process . Although Microsoft says Vulnerability-related.DiscoverVulnerability the bug has not yet been exploited Vulnerability-related.DiscoverVulnerability , it could cause serious damage if left unpatched . RDP is widely used in enterprise environments and an attacker who successfully exploits Vulnerability-related.DiscoverVulnerability this bug could use it to gain a foothold from which to pivot and escalate . It ’ s also popular with small businesses who outsource their IT administration and , needless to say , an attacker with an admin account has all the aces . Security researchers at Preempt say Vulnerability-related.DiscoverVulnerability they discovered and disclosed Vulnerability-related.DiscoverVulnerability this vulnerability to Microsoft last August , and Microsoft has been working since then to create Vulnerability-related.PatchVulnerability the patch released Vulnerability-related.PatchVulnerability this week . Now it ’ s out there , it ’ s a race against time to make sure you aren ’ t an easy target for an attacker who wants to try and kick the tires on this vulnerability . Obviously , patch as soon as possible and please follow Microsoft ’ s guidance carefully : Mitigation consists of installing the update on all eligible client and server operating systems and then using included Group Policy settings or registry-based equivalents to manage the setting options on the client and server computers . We recommend that administrators apply the policy and set it to “ Force updated clients ” or “ Mitigated ” on client and server computers as soon as possible . These changes will require a reboot of the affected systems . Pay close attention to Group Policy or registry settings pairs that result in “ Blocked ” interactions between clients and servers in the compatibility table later in this article . Both the “ Force updated clients ” and “ Mitigated ” settings prevent RDP clients from falling back to insecure versions of CredSSP . The “ Force updated clients ” setting will not allow services that use CredSSP to accept unpatched clients but “ Mitigated ” will .

It has not been a good week for PDF programs . We had an Adobe Acrobat & Reader update released Vulnerability-related.PatchVulnerability yesterday that fixed Vulnerability-related.PatchVulnerability 86 vulnerabilities , including numerous critical ones . Not to be beaten , an update for Foxit PDF Reader and Foxit PhantomPDF was released Vulnerability-related.PatchVulnerability last Friday that fixes Vulnerability-related.PatchVulnerability a whopping 116 vulnerabilities , with 18 of them being discovered Vulnerability-related.DiscoverVulnerability by the Cisco Talos group . All of the 18 vulnerabilities found Vulnerability-related.DiscoverVulnerability by Cisco Talos , as well as many others fixed Vulnerability-related.PatchVulnerability by this update , are labeled as critical because they could lead to code execution . This would allow attackers to create Attack.Phishing specially crafted web pages or PDFs that could exploit these vulnerabilities to execute commands or install malware on vulnerable computers . Of the 18 vulnerabilities disclosed Vulnerability-related.DiscoverVulnerability by Cisco , 12 of them could be exploited Vulnerability-related.DiscoverVulnerability simply by visiting a web site when the Foxit PDF browser plugin is enabled . Foxit suggests that all users of Foxit PDF Reader and Foxit PhantomPDF upgrade Vulnerability-related.PatchVulnerability to version 9.3 to resolve Vulnerability-related.PatchVulnerability these vulnerabilities . Foxit PDF Reader 9.3 can be downloaded here and Foxit PhantomPDF can be downloaded here . It is strongly suggested that all users install this update . The full list of patched vulnerabilities is below and more information about who discovered Vulnerability-related.DiscoverVulnerability the vulnerabilities can be found Vulnerability-related.DiscoverVulnerability in Foxit 's security bulletin .

Over a quarter of a million devices used with DVRs around the globe are susceptible to a new botnet its discoverers have dubbed Amnesia . Unit 42 researchers at Palo Alto Networks announced on Thursday their detection of a new variant of the IoT/Linux botnet Tsunami , which they are referring to as Amnesia . The Amnesia botnet looks for an unpatched remote code execution vulnerability affecting Vulnerability-related.DiscoverVulnerability DVR ( digital video recorder ) appliances manufactured by China-based TVT Digital and identified Vulnerability-related.DiscoverVulnerability in nearly identical products from more than 70 global vendors . Unit 42 is claiming Vulnerability-related.DiscoverVulnerability that the flaw is impacting Vulnerability-related.DiscoverVulnerability about 227,000 devices all over the planet , with Taiwan , the United States , Israel , Turkey , and India being the most susceptible . Further , the researchers believe this is the first Linux malware to adopt virtual machine evasion techniques to defeat malware analysis sandboxes . Not only that , should the code recognize it has reached into VirtualBox , VMware or a QEMU-based virtual machine , it will wipe the virtualized Linux system by deleting all the files in file system , the post stated . `` This affects not only Linux malware analysis sandboxes but also some QEMU based Linux servers on VPS or on public cloud , '' the researchers said . The power is in how the malware can exploit the remote code execution vulnerability to scan for , locate and attack vulnerable systems . Once connected , the malware enables the remote attackers to gain full control of the affected device . The researchers speculate that bad actors could potentially use the Amnesia botnet to launch wide-scale DDoS attacks on a scale previously seen in the fall 2016 with the Mirai botnet . Apparently , no patches have yet been issued to address Vulnerability-related.PatchVulnerability the flaw , the researchers said . As to why a patch has yet to be issued to fix Vulnerability-related.PatchVulnerability this year-old flaw , Ryan Olson , intelligence director of Unit 42 at Palo Alto Networks , told SC Media on Thursday that it 's up to the manufacturer to create Vulnerability-related.PatchVulnerability a patch . His team has n't found any evidence they have released one . The vulnerable DVRs are typically connected to closed circuit TV ( CCTV ) equipment , which are often installed in offices and stores , Olson said . `` The people operating these should limit access to those devices from the internet so they are not exposed to potential malicious actors . '' This , he added , is typically accomplished using a firewall that stops the traffic before it reaches the vulnerable device . The fact that the actors behind this malware are using VM-detection mechanisms in a Linux malware family indicates that they likely have prior experience creating malware , Olson explained . The good news is that no large-scale attacks have yet been launched using the Amnesia botnet , though judging by the harm from Mirai , the researchers at Palo Alto warned the damage large-scale IoT-based botnets could do is substantial . They recommended users have `` the latest protections '' installed and to block traffic to Amnesia 's command-and-control server ( listed in their post )

Researchers have discovered over 300 cybersquatting domains masquerading as Attack.Phishing real UK banking sites , many of which are designed to trick Attack.Phishing customers into handing over personal details . DomainTools used its PhishEye tool to search for domains registered by individuals to mimic Attack.Phishing those of Barclays , HSBC , Natwest , Lloyd ’ s and Standard Chartered . It found a whopping 324 registered domains abusing the trademarks of these lenders , including lloydstbs [ . ] com , standardchartered-bank [ . ] com and barclaysbank-plc [ . ] co.uk . “ Imitation has long been thought to be the sincerest form of flattery , but not when it comes to domains , ” explained DomainTools senior security researcher , Kyle Wilhoit . “ While domain squatters of the past were mostly trying to profit from the domain itself , these days they ’ re often sophisticated cyber-criminals using the spoofed domain names for more malicious endeavors. ” Cybersquatting can be used for a variety of ends , including redirecting the user to pay-per-click ads for the victim company ’ s competitors ; for-profit survey sites , or ransomware and other forms of drive-by malware . However , one of the most common is to create Attack.Phishing a phishing page similar to the spoofed bank ’ s original , which will ask for log-ins or other banking and personal information . This years ’ Verizon Data Breach Investigations Report ( DBIR ) claimed phishing Attack.Phishing has soared in popularity , present in a fifth ( 21 % ) of attacks , up from just 8 % last year . “ Many [ cybersquatters ] will simply add a letter to a brand name , such as Domaintoools.com , while others will add letters or an entire word such as ‘ login ’ to either side of a brand name . Users should remember to carefully inspect every domain they are clicking on or entering in their browser . Also , ensure you are watching redirects when you are going from site to site , ” advised Wilhoit . “ Brands can and should start monitoring for fraudulent domain name registrations and defensively register their own typo variants . It is better to lock down typo domains than to leave them available to someone else and at an average of £12 per year per domain , this is a relatively cheap insurance policy . ”