EDX-Explorer

A massive attack is spreading globally by way of a vulnerability in Microsoft 's Server Message Block that was patched Vulnerability-related.PatchVulnerability in March . Ransomware is no longer just a nuisance . Now it 's quite literally a matter of life and death . A massive ransomware attack Attack.Ransom being labeled as `` WannaCry Attack.Ransom `` has been reported around the world and is responsible for shutting down hospitals in the United Kingdom and encrypting files at Spanish telecom firm Telefonica . The WannaCry attack Attack.Ransom is not a zero-day flaw , but rather is based on an exploit that Microsoft patched Vulnerability-related.PatchVulnerability with its MS17-010 advisory on March 14 in the SMB Server . However , Microsoft did not highlight Vulnerability-related.DiscoverVulnerability the SMB flaw until April 14 , when a hacker group known as the Shadow Brokers released Vulnerability-related.DiscoverVulnerability a set of exploits , allegedly stolen Attack.Databreach from the U.S.National Security Agency . SMB , or Server Message Block , is a critical protocol used by Windows to enable file and folder sharing . It 's also the protocol that today 's WannaCry attack Attack.Ransom is exploiting to rapidly spread from one host to the next around the world , literally at the speed of light . The attack is what is known as a worm , `` slithering '' from one host to the next on connected networks . Among the first large organizations to be impacted by WannaCry is The National Health Service in the UK , which has publicly confirmed that it was attacked Attack.Ransom by the Wan na Decryptor. `` This attack Attack.Ransom was not specifically targeted at the NHS and is affecting organisations from across a range of sectors , '' the NHS stated . `` At this stage we do not have any evidence that patient data has been accessed Attack.Databreach . '' Security firm Kaspersky Lab reported that by 2:30 p.m . ET May 12 it had already seen more than 45,000 WannaCry attacks Attack.Ransom in 74 countries . While the ransomware attack Attack.Ransom is making use of the SMB vulnerability to spread , the encryption of files is done by the Wanna Decryptor attack Attack.Ransom that seeks out all files on a victim 's network . Once the ransomware has completed encrypting files , victims are presented with a screen demanding a ransom Attack.Ransom . Initially , the ransom requested Attack.Ransom was reported to be $ 300 worth of Bitcoin , according to Kaspersky Lab . `` Many of your documents , photos , videos , databases and other files are no longer accessible because they have been encrypted , '' the ransom note states . `` Maybe you are busy looking for a way to recover your files , but do not waste your time . Nobody can recover your files without our decryption service . '' It 's not clear who the original source of the global WannaCry attacks Attack.Ransom is at this point , or even if it 's a single threat actor or multiple actors . What is clear is that despite the fact that a software patch has been available Vulnerability-related.PatchVulnerability since March for the SMB flaws , WannaCry is using tens of thousands of organizations that did n't patch Vulnerability-related.PatchVulnerability .

The bugs let hackers crash IoT devices , leak Attack.Databreach their information , and completely take them over . Researchers have found Vulnerability-related.DiscoverVulnerability that a popular Internet of Things real-time operating system – FreeRTOS – is riddled with serious vulnerabilities . The bugs could allow hackers to crash connected devices in smart homes or critical infrastructure systems , leak Attack.Databreach information from the devices ’ memory , and take them over . And while patches have been issued Vulnerability-related.PatchVulnerability , researchers warn that it still may take time for smaller vendors to update Vulnerability-related.PatchVulnerability . Researcher Ori Karliner , with Zimperium ’ s zLabs team , recently analyzed some of the leading operating systems in the IoT market – including FreeRTOS , an open-source OS specifically designed for the microcontrollers that are within IoT devices . Within several versions of FreeRTOS , Karliner found Vulnerability-related.DiscoverVulnerability 13 vulnerabilities enabling an array of attacks , including remote code execution , information leak and denial-of-service bugs . “ During our research , we discovered Vulnerability-related.DiscoverVulnerability multiple vulnerabilities within FreeRTOS ’ s TCP/IP stack and in the AWS secure connectivity modules . The same vulnerabilities are present in Vulnerability-related.DiscoverVulnerability WHIS Connect TCP/IP component for OpenRTOS\SafeRTOS , ” according to a Thursday post by zLabs . The vulnerabilities specifically exist in Vulnerability-related.DiscoverVulnerability FreeRTOS ’ s TCP/IP stack and in the AWS secure connectivity modules ( in as well as in the WHIS Connect TCP/IP component for OpenRTOS\SafeRTOS ) . These vulnerabilities include four remote code execution bugs ( CVE-2018-16522 , CVE-2018-16525 , CVE-2018-16526 , and CVE-2018-16528 ) ; seven information leak vulnerabilities ( CVE-2018-16524 , CVE-2018-16527 , CVE-2018-16599 , CVE-2018-16600 , CVE-2018-16601 , CVE-2018-16602 , CVE-2018-16603 ) one denial of service flaw ( CVE-2018-16523 ) and a final ( CVE-2018-16598 ) that was unspecified . zLabs said Vulnerability-related.DiscoverVulnerability it has disclosed Vulnerability-related.DiscoverVulnerability the security issues to Amazon and collaborated with them to patch Vulnerability-related.PatchVulnerability the vulnerabilities . Those fixes were deployed Vulnerability-related.PatchVulnerability for AWS FreeRTOS versions 1.3.2 and onwards . The vulnerabilities in RTOS WHIS were also patched Vulnerability-related.PatchVulnerability . Amazon did not respond to a request for comment from Threatpost . Due to the amount of vendors impacted Vulnerability-related.DiscoverVulnerability by the bugs , the researchers said Vulnerability-related.DiscoverVulnerability that they would hold off on publishing Vulnerability-related.DiscoverVulnerability further details until all holes have been sealed Vulnerability-related.PatchVulnerability .

Adobe on Wednesday released Vulnerability-related.PatchVulnerability several unscheduled fixes for Flash Player , including a critical vulnerability that it said is being exploited Vulnerability-related.DiscoverVulnerability in the wild . The critical vulnerability , CVE-2018-15982 , is a use-after-free flaw enabling arbitrary code-execution in Flash . “ Adobe has released Vulnerability-related.PatchVulnerability security updates for Adobe Flash Player for Windows , macOS , Linux and Chrome OS , ” Adobe said in its release Vulnerability-related.PatchVulnerability . “ These updates address Vulnerability-related.PatchVulnerability one critical vulnerability in Adobe Flash Player and one important vulnerability in Adobe Flash Player installer . Successful exploitation could lead to arbitrary code-execution and privilege-escalation in the context of the current user respectively. ” The flaw was discovered Vulnerability-related.DiscoverVulnerability by Chenming Xu and Ed Miles of Gigamon ATR . Researchers also outlined Vulnerability-related.DiscoverVulnerability the further technical details about the exploit of the vulnerability . Impacted Vulnerability-related.DiscoverVulnerability is Adobe Flash Player Desktop Runtime , Adobe Flash Player for Google Chrome ; Adobe Flash Player for Microsoft Edge and Internet Explorer 11 ; all for versions 31.0.0.153 and earlier . Adobe Flash Player Installer versions 31.0.0.108 and earlier is also affected Vulnerability-related.DiscoverVulnerability . Users of these impacted products can update Vulnerability-related.PatchVulnerability to version 32.0.0.101 , according to Adobe . Users of Adobe Flash Player Installer can update Vulnerability-related.PatchVulnerability to version 31.0.0.122 . Adobe also patched Vulnerability-related.PatchVulnerability an important-rated insecure library loading ( via DLL hijacking ) vulnerability , CVE-2018-15983 , that could lead to privilege escalation via Adobe Flash . This is only the latest exploit to hit Adobe Flash – earlier in June , a zero-day Flash vulnerability was is being exploited Vulnerability-related.DiscoverVulnerability in the wild in targeted attacks against Windows users in the Middle East , according to researchers . Adobe dealt with another zero-day Flash vulnerability back in February , which was exploited Vulnerability-related.DiscoverVulnerability by North Korean hackers .

Struts bugs , Umbrella misconfig and router Guest accounts fixed Vulnerability-related.PatchVulnerability . Cisco has issued security alerts Vulnerability-related.DiscoverVulnerability for 30 vulnerabilities across a range of its products and services , with three being ranked Vulnerability-related.DiscoverVulnerability as critical and remotely exploitable . Some 20 different Cisco products contain Vulnerability-related.DiscoverVulnerability a vulnerable version of the Apache Struts 2 framework that is currently under active exploitation by miscreants dropping cryptocurrency miner malware on exposed systems . Of these , 18 are not vulnerable Vulnerability-related.DiscoverVulnerability to any exploitation vectors for the Struts flaw , Cisco said Vulnerability-related.DiscoverVulnerability . Five Cisco products , SocialMiner , Identity Services Engine , Finesse , Unified Contact Centre Enterprise and the Video Distribution Suite for Internet Streaming have received Vulnerability-related.PatchVulnerability patches for the Struts vulnerability . Cisco 's cloud-hosted Network Performance Analysis service is yet to get Vulnerability-related.PatchVulnerability a Struts update though . A critical flaw in the application programming interface ( API ) for Cisco 's cloud-based Umbrella allowed attackers to view and potentially modify data across multiple organisations using the secure internet gateway service . The vulnerability stems from insufficient authentication configurations for the Umbrella API , and has been patched Vulnerability-related.PatchVulnerability by Cisco with no user action required . Two high-impact vulnerabilities in the Umbrella Enterprise Roaming Client and Enterprise Roaming Module that could be exploited Vulnerability-related.DiscoverVulnerability by attackers to elevate user privileges to Administrator level have also been patched Vulnerability-related.PatchVulnerability by Cisco . A third critical vulnerability can be exploited Vulnerability-related.DiscoverVulnerability to run code remotely on the Cisco RV110W VPN firewall and RV130W and RV215W wireless VPN routers , or freeze the devices in denial of service attacks . Patches for the vulnerability address Vulnerability-related.PatchVulnerability an improper boundary restriction on input via the Guest user account in the devices ' web-based remote management interface , Cisco said . Cisco also patched Vulnerability-related.PatchVulnerability three high impact vulnerabilities in the above network devices , which could be exploited Vulnerability-related.DiscoverVulnerability to remotely execute arbitrary commands and read sensitive information on them . Of the thirty vulnerabilities disclosed Vulnerability-related.DiscoverVulnerability , 13 are ranked Vulnerability-related.DiscoverVulnerability as high impact .

Microsoft published earlier today the Patch Tuesday security bulletin for May 2018 , containing Vulnerability-related.PatchVulnerability fixes for 67 security issues . This month , Microsoft fixed Vulnerability-related.PatchVulnerability security flaws in Microsoft Windows , Internet Explorer , Microsoft Edge , ChakraCore , .NET Framework , Microsoft Exchange Server , Windows Host Compute Service Shim , and Microsoft Office and Microsoft Office Services and Web Apps . Microsoft patches Vulnerability-related.PatchVulnerability two zero-days The biggest issue patched Vulnerability-related.PatchVulnerability this month is a zero-day in Internet Explorer that has been abused by a cyber-espionage campaign earlier this month . The zero-day ( CVE-2018-8174 ) affects Vulnerability-related.DiscoverVulnerability not only IE but also any other projects that embed the IE web rendering engine . Microsoft credited researchers from both Qihoo 360 Core Security and Kaspersky Lab for discovering Vulnerability-related.DiscoverVulnerability this issue . The second zero-day is CVE-2018-8120 , an elevation-of-privilege vulnerability in the Win32k component . `` An attacker who successfully exploited Vulnerability-related.DiscoverVulnerability this vulnerability could run arbitrary code in kernel mode . An attacker could then install programs ; view , change , or delete data ; or create new accounts with full user rights , '' Microsoft says . But the flaw is not as dangerous as it sounds , as an attacker already needs a foothold on Windows systems to run his malicious code in the first place , to elevate his access rights . Microsoft also patched Vulnerability-related.PatchVulnerability CVE-2018-8141 ( Windows Kernel Information Disclosure Vulnerability ) and CVE-2018-8170 ( Windows Image Elevation of Privilege Vulnerability ) , for which exploitation details became public . Despite info about these two flaws being published Vulnerability-related.DiscoverVulnerability online , Microsoft says Vulnerability-related.DiscoverVulnerability none were exploited Vulnerability-related.DiscoverVulnerability in the wild . Flash fixes also included Last but not least , the Microsoft May 2018 Patch Tuesday also included a patch for an Adobe Flash Player vulnerability ( CVE-2018-4944 ) that Adobe patched Vulnerability-related.PatchVulnerability earlier today . Below is a table listing of all the security issues Microsoft fixed Vulnerability-related.PatchVulnerability this month . We used PowerShell and the Microsoft API to assemble the table below , but the report is much longer . We hosted the full report on GitHub , here .

As part of Microsoft 's monthly Patch Tuesday updates , a critical flaw in Windows has been patched Vulnerability-related.PatchVulnerability that is actively being exploited Vulnerability-related.DiscoverVulnerability . A vulnerability in the VBScript engine allowed for a zero-day exploit to infect machines by opening specially crafted scripts that can corrupt memory leading to the opportunity for arbitrary code execution . In a web-based attack , specially designed web pages could exploit the same vulnerability when using Internet Explorer . Embedding AcitveX controls that were marked `` safe for initialization '' inside of a Microsoft Office document also allowed for unsafe code to be executed since the IE rendering engine is used . One of the more interesting parts of the attack is that it does not matter what a user 's default browser is . When using VBScript , it is possible to force a web page to be loaded using Internet Explorer even if Chrome , FireFox , Safari , Opera or another browser is set to default . This particular vulnerability has been found Vulnerability-related.DiscoverVulnerability in use and affects Vulnerability-related.DiscoverVulnerability Windows 7 and Windows Server 2008 and newer . Kasperksy Lab has provided a fairly detailed analysis of how the exploit functions . In short , a statement from their security researchers says it all . `` We expect this vulnerability to become one of the most exploited in the near future , as it won ’ t be long until exploit kit authors start abusing it in both drive-by ( via browser ) and spear-phishing Attack.Phishing ( via document ) campaigns . '' In addition to the VBScript flaw discovered Vulnerability-related.DiscoverVulnerability and patched Vulnerability-related.PatchVulnerability , Microsoft has also patched Vulnerability-related.PatchVulnerability a privilege escalation vulnerability . A failure of the Win32k component allows for arbitrary code to be executed in kernel mode . This allows for a standard user account to obtain full system access , although it should be noted that a user must be logged in already to perform the exploit . In this case , both exploits have been patched Vulnerability-related.PatchVulnerability but that does not mean end users and administrators are going to patch Vulnerability-related.PatchVulnerability their systems in a timely manner . It is advised to manually check for updates to verify that all of the latest patches are installed . In total , 67 updates were issued Vulnerability-related.PatchVulnerability solving 21 critically rated vulnerabilities .

An exploit discovered Vulnerability-related.DiscoverVulnerability by a pair of security researchers allowed them to hack an iPhone X and access a photo that was supposedly deleted from the device . Apple was informed Vulnerability-related.DiscoverVulnerability of the security hole and a fix is on the way . As first reported Vulnerability-related.DiscoverVulnerability by Forbes , hackers Richard Zhu and Amat Cama teamed up and discovered Vulnerability-related.DiscoverVulnerability the hole that allowed access to deleted files on iOS devices running iOS 12 . This is due to a weakness in the current public version of the Safari browser . As per the Mobile Pwn2Own contest in Tokyo , Apple has been informed and the hackers were able to walk away with $ 50,000 . The hack in question would be able to retrieve more than just photos . The vulnerablitiy is found Vulnerability-related.DiscoverVulnerability in a just-in-time compiler . These are programs that translate code while a computer rather than before . And because it ’ s software , it ’ s bound to have some vulnerabilities . Software vulnerabilities are a common occurrence due to its complex nature . While developers can continue fixing Vulnerability-related.PatchVulnerability bugs , there ’ s no guarantee new holes won’t emerge Vulnerability-related.DiscoverVulnerability . The hackers were able to exploit the JIT compiler with a malicious Wi-Fi access point . However , Apple isn ’ t the only company at fault here . The pair of hackers were able to use the same exploits on Android devices including the Samsung Galaxy S9 and the Xiaomi Mi6 . The pair earned the “ Master of Pwn ” title for discovering Vulnerability-related.DiscoverVulnerability the iPhone vulnerability along with several other exploits showcased during the event . Apple should have this exploit patched Vulnerability-related.PatchVulnerability within the next few weeks . The company will likely patch Vulnerability-related.PatchVulnerability this in the next beta version of iOS 12.1.1 .

Apple has issued Vulnerability-related.PatchVulnerability an update to fix Vulnerability-related.PatchVulnerability a number of issues in macOS Mojave leading to arbitrary code execution , the ability to read restricted memory and access local users Apple IDs among others . All were patched Vulnerability-related.PatchVulnerability with the release of macOS Mojave 10.14 on Sept 24. applePatchapplePatch The first issue , CVE-2018-5383 , impacted Vulnerability-related.DiscoverVulnerability a number of iMac , MacBook Air , Mac Pro and Mac mini server products . An input validation issue existed in Vulnerability-related.DiscoverVulnerability Bluetooth was fixed Vulnerability-related.PatchVulnerability that could have allowed an attacker in a privileged network position to intercept Bluetooth traffic . The App Store also patched Vulnerability-related.PatchVulnerability CVE-2018-4324 , an issue in the handling of Apple ID that could have been exploited Vulnerability-related.DiscoverVulnerability by a malicious application that would expose the Apple ID of the computer ’ s owner . Also , a validation issue that could expose Apple IDs was in Auto Unlock that was patched Vulnerability-related.PatchVulnerability with improved validation of the process entitlement . CVE-2018-4353 impacted Vulnerability-related.DiscoverVulnerability the application firewall where a sandboxed process may be able to circumvent sandbox restrictions , but this was addressed Vulnerability-related.PatchVulnerability by adding additional restrictions . In Crash Reporter a validation issue , CVE-2018-4333 , was addressed Vulnerability-related.PatchVulnerability that if exploited Vulnerability-related.DiscoverVulnerability would allow a malicious application to read restricted memory . Two Kernel problems were fixed Vulnerability-related.PatchVulnerability , CVE-2018-4336 and CVE-2018-4344 , that could let an application may be able to execute arbitrary code with kernel privileges . The final problem , CVE-2016-1777 , effected Security where an attacker could exploit a weaknesses in the RC4 cryptographic algorithm and was fixed Vulnerability-related.PatchVulnerability by removing RC4 .

Adobe 's scheduled October update for its Acrobat and Reader PDF software addresses Vulnerability-related.PatchVulnerability 85 vulnerabilities , including dozens of critical flaws that allow arbitrary code execution . The patches also address Vulnerability-related.PatchVulnerability multiple privilege-escalation and information-disclosure flaws , shoring up Adobe 's PDF software further following a patch for a critical Acrobat and Reader flaw plugged Vulnerability-related.PatchVulnerability two weeks ago . The bugs affect Vulnerability-related.DiscoverVulnerability Acrobat DC and Reader versions 2018.011.20063 and earlier from Adobe 's continuous track , Acrobat 2017 and Acrobat Reader 2017 2017.011.30102 , and Acrobat DC and Reader DC versions 2015.006.30452 and earlier from Adobe 's classic 2015 track . The flaws affect Vulnerability-related.DiscoverVulnerability the software running on Windows and macOS systems . This update Vulnerability-related.PatchVulnerability is the largest set of fixes Adobe 's PDF software since it swatted Vulnerability-related.PatchVulnerability 105 vulnerabilities in July . However , fortunately the company says it is not currently aware Vulnerability-related.DiscoverVulnerability of any exploits in the wild for bugs fixed Vulnerability-related.PatchVulnerability in this update Vulnerability-related.PatchVulnerability . Users and admins nonetheless should install fixed versions , according to Adobe , because if an attacker developed an exploit it could lead to arbitrary code execution in the context of the current user because the software is sandboxed . Since PDFs are still widely used in the enterprise , hackers continue to develop new techniques to break the sandbox by combining PDF attacks with operating system flaws . This happened earlier this year , prompting a warning Vulnerability-related.DiscoverVulnerability from Adobe in May after it was informed Vulnerability-related.DiscoverVulnerability by researchers at ESET and Microsoft that they 'd discovered Vulnerability-related.DiscoverVulnerability a malicious PDF using a zero-day remote code execution flaw in Reader with a sandbox-busting Windows privilege escalation flaw . Adobe credits researchers from Qihoo 360 , Cisco Talos , Beihang University , Palo Alto Networks , and Check Point for reporting Vulnerability-related.DiscoverVulnerability flaws patched Vulnerability-related.PatchVulnerability in the October update . Check Point researcher Omri Herscovici was responsible for reporting Vulnerability-related.DiscoverVulnerability 35 of this month 's bugs , all of which were information disclosure flaws .

Adobe has patched Vulnerability-related.PatchVulnerability 87 vulnerabilities for Acrobat and Reader in its December Patch Tuesday update , including a slew of critical flaws that would allow arbitrary code-execution . The scheduled update comes less than a week after Adobe released Vulnerability-related.PatchVulnerability several out-of-band fixes for Flash Player , including a critical vulnerability ( CVE-2018-15982 ) that it said is being exploited Vulnerability-related.DiscoverVulnerability in the wild . That ’ s a use-after-free flaw enabling arbitrary code-execution in Flash . The addressed critical vulnerabilities are myriad this month . The arbitrary code-execution problems include : two buffer errors ; two untrusted pointer dereference glitches ; three heap-overflow issues , five out-of-bounds write flaws , 24 use-after-free bugs . Adobe also patched Vulnerability-related.PatchVulnerability three other critical-rated issues that could lead to privilege escalation ; these are all security bypass problems . In addition to the critical bugs , Adobe also patched Vulnerability-related.PatchVulnerability 43 out-of-bounds read flaws , four integer overflow problems and two security bypass issues , all of which could allow information disclosure . Adobe has characterized all of the flaws , both critical and important , as “ priority two ” for patching Vulnerability-related.PatchVulnerability , which means that the software giant deems them to be unlikely to be imminently exploited Vulnerability-related.DiscoverVulnerability in the wild , but patching Vulnerability-related.PatchVulnerability within 30 days is recommended . The flaws are far-reaching and affect Vulnerability-related.DiscoverVulnerability various implementations of Acrobat DC , Acrobat Reader DC , Acrobat 2017 and Acrobat Reader 2017 for macOS and Windows , in classic 2015 , classic 2017 and continuous-track versions . All can be mitigated by updating Vulnerability-related.PatchVulnerability to the most current versions of the software .

This week , Adobe released Vulnerability-related.PatchVulnerability its monthly scheduled update bundle addressing Vulnerability-related.PatchVulnerability vulnerabilities within its different products . The Adobe patch Tuesday November updates allegedly fixed Vulnerability-related.PatchVulnerability numerous vulnerabilities leading to information disclosure . These vulnerabilities existed in Vulnerability-related.DiscoverVulnerability Adobe Acrobat/Reader , Flash Player , and Photoshop CC . The recently released Adobe Patch Tuesday November updates addressed Vulnerability-related.PatchVulnerability three different vulnerabilities – all resulting in information disclosure . The first one existed in Vulnerability-related.DiscoverVulnerability the Adobe Photoshop CC affecting Vulnerability-related.DiscoverVulnerability versions 19.1.6 and prior for both Windows and MacOS . As described in the security advisory , Adobe has fixed Vulnerability-related.PatchVulnerability this important Out-of-bounds read vulnerability ( CVE-2018-15980 ) in the Photoshop CC versions 19.1.7 and 20.0 . The second information disclosure flaw affected Vulnerability-related.DiscoverVulnerability Adobe Reader and Acrobat for Windows . Explaining about the flaw in their advisory , Adobe stated , “ Successful exploitation could lead to an inadvertent leak of the user ’ s hashed NTLM password. ” The vulnerability initially received the CVE Vulnerability-related.DiscoverVulnerability number CVE-2018-4993 , when Check Point Research first reported Vulnerability-related.DiscoverVulnerability the bug . However , as recently disclosed Vulnerability-related.DiscoverVulnerability by the EdgeSpot , Adobe only patched Vulnerability-related.PatchVulnerability a single variant of this bug . Whereas , the EdgeSpot team discovered Vulnerability-related.DiscoverVulnerability other variants that hinted towards a failed patching Vulnerability-related.PatchVulnerability of the bug instead of a new vulnerability . The patched vulnerability has now received CVE Vulnerability-related.DiscoverVulnerability number CVE-2018-15979 “ to reflect that the patch is available Vulnerability-related.PatchVulnerability ” . The third vulnerability addressed Vulnerability-related.PatchVulnerability this month is an out-of-bounds Read vulnerability ( CVE-2018-15978 ) in the Adobe Flash Player . The affected versions include 31.0.0.122 and earlier for Windows , Linux , and MacOS . Unlike previous months , the Adobe Patch Tuesday November update bundle addressed Vulnerability-related.PatchVulnerability fewer bugs . Moreover , none of the patched vulnerabilities had a critical severity impact . In October , Adobe patched Vulnerability-related.PatchVulnerability 86 different vulnerabilities including 47 critical ones . Whereas , in September , they addressed Vulnerability-related.PatchVulnerability 6 critical flaws . Adobe has fixed Vulnerability-related.PatchVulnerability the bugs CVE-2018-15980 and CVE-2018-15978 in Adobe Photoshop CC versions 19.1.7 and 20.0 and Adobe Flash Player version 31.0.0.148 , respectively . Whereas , CVE-2018-15979 has received Vulnerability-related.PatchVulnerability a patch in Adobe Acrobat DC and Reader DC version 2019.008.20081 , Acrobat 2017 and Acrobat Reader DC 2017 version 2017.011.30106 , and Acrobat DC and Acrobat Reader DC ( Classic 2015 ) version 2015.006.30457 . For protection against the three important vulnerabilities addressed Vulnerability-related.PatchVulnerability in November updates , users should make sure to upgrade Vulnerability-related.PatchVulnerability their software to the patched versions at the earliest convenience .

A serious vulnerability in a widely used , and widely forked , jQuery file upload plugin may have been exploited Vulnerability-related.DiscoverVulnerability for years by hackers to seize control of websites – and is only now patched Vulnerability-related.PatchVulnerability . Larry Cashdollar , a bug-hunter at Akamai , explained Vulnerability-related.DiscoverVulnerability late last week how the security shortcoming , designated Vulnerability-related.DiscoverVulnerability CVE-2018-9206 , allows a miscreant to upload and execute arbitrary code as root on a website that uses the vulnerable code with the Apache web server . This would potentially allow an attacker to , among other things , upload and run a webshell to execute commands on the target machine to steal Attack.Databreach data , change files , distribute malware , and so on . Cashdollar – real name , he swears – was able to track Vulnerability-related.DiscoverVulnerability the flaw down to Sebastian Tschan 's open-source jQuery File Upload tool , and got the developer to fix Vulnerability-related.PatchVulnerability it in version 9.22.1 . The flaw stems from a change to the Apache web server , from version 2.3.9 and onwards , that disabled support for .htaccess security configuration files , which left projects like jQuery File Upload open to exploitation . Additionally , Cashdollar noted Vulnerability-related.DiscoverVulnerability , it is almost certain he was not the first person to come across Vulnerability-related.DiscoverVulnerability this simple vulnerability . Demonstration videos on YouTube suggest similar flaws are known Vulnerability-related.DiscoverVulnerability to miscreants , and have been targeted in some circles for years . `` The internet relies on many security controls every day in order to keep our systems , data , and transactions safe and secure , '' Cashdollar said . `` If one of these controls suddenly does n't exist it may put security at risk unknowingly to the users and software developers relying on them . '' So , it 's believed hackers have been quietly exploiting the bug for several years as the flaw itself is fairly trivial and also eight years old . Now that details of the vulnerability are public Vulnerability-related.DiscoverVulnerability , exploit code has been produced , for example , here , and may be handy if you wish to test whether or not your website is vulnerable Vulnerability-related.DiscoverVulnerability to CVE-2018-9206 . In any case , loads of people now know about it , so that means more miscreants menacing and hijacking vulnerable websites .

Last month , Microsoft Patch Tuesday addressed Vulnerability-related.PatchVulnerability 60 vulnerabilities that also included two zero-day flaws . This month also , the tech giant released Vulnerability-related.PatchVulnerability a huge patch update to mitigate Vulnerability-related.PatchVulnerability various flaws in its products . The Microsoft September patch fixed Vulnerability-related.PatchVulnerability around 61 different vulnerabilities . The patch bundle also included a fix for the recently discovered APLC zero-day vulnerability that has already created trouble . Recently , a zero-day vulnerability disclosed Vulnerability-related.DiscoverVulnerability on Twitter has created a lot of chaos as it was immediately exploited Vulnerability-related.DiscoverVulnerability in a malware campaign . The APLC zero-day flaw gained attention after a Twitter user with the alias SandboxEscaper disclosed Vulnerability-related.DiscoverVulnerability it in a tweet . Later , a CERT/CC researcher verified Vulnerability-related.DiscoverVulnerability the bug . This vulnerability in the Windows Task Scheduler allowed an attacker to gain System-level access . As promised at that time by the firm , the Microsoft September patch has addressed Vulnerability-related.PatchVulnerability this Advanced Local Procedure Call ( ALPC ) flaw . As disclosed Vulnerability-related.DiscoverVulnerability in their advisory , Microsoft acknowledged Vulnerability-related.DiscoverVulnerability the exploitation of this vulnerability ( CVE-2018-8440 ) . Explaining the details about the bug and the patch released Vulnerability-related.PatchVulnerability , Microsoft states , “ To exploit this vulnerability , an attacker would first have to log on to the system . An attacker could then run a specially crafted application that could exploit the vulnerability and take control over an affected system . The update addresses Vulnerability-related.PatchVulnerability the vulnerability by correcting how Windows handles calls to ALPC. ” Besides the single APLC zero-day flaw , Microsoft also patched Vulnerability-related.PatchVulnerability 61 other flaws in various products , including 17 critical vulnerabilities . The affected software receiving Vulnerability-related.PatchVulnerability the bug fixes include Microsoft Windows , Microsoft Edge , ChakraCore , Microsoft Office and Web Apps , Microsoft.Data.OData , Internet Explorer , ASP.NET and the .NET Framework . In addition , the Microsoft September patch also addressed Vulnerability-related.PatchVulnerability a flaw in the Adobe Flash Player ( CVE-2018-15967 ) . Although Adobe also released Vulnerability-related.PatchVulnerability a fix for this vulnerability along with other fixes released Vulnerability-related.PatchVulnerability this week in the September Update pack .

Adobe has patched Vulnerability-related.PatchVulnerability a number of security vulnerabilities on the last scheduled monthly update of this year . All these patches specifically addressed Vulnerability-related.PatchVulnerability bugs in Adobe Reader and Acrobat . Allegedly , Adobe December Patch Tuesday Update fixed Vulnerability-related.PatchVulnerability as much as 86 different vulnerabilities , including 38 critical security flaws . This week , Adobe rolled out Vulnerability-related.PatchVulnerability the last scheduled monthly updates for its products . While the previous month ’ s update included bug fixes in Flash Player , the Adobe December Patch Tuesday update bundle remained focused on Adobe Reader and Acrobat . As much as 38 different critical security bugs received Vulnerability-related.PatchVulnerability patches with this update . The vulnerabilities include 2 buffer errors , 2 Untrusted pointer dereference vulnerabilities , 5 out-of-bounds write vulnerabilities , 3 heap overflow bugs , and 23 use after free vulnerabilities . All these vulnerabilities could allegedly lead to arbitrary code execution by a potential attacker . In addition , 3 security bypass vulnerabilities also received Vulnerability-related.PatchVulnerability fixes with this update . These flaws could allow privilege escalation on the targeted systems . In addition to the above , Adobe also released Vulnerability-related.PatchVulnerability fixes for 48 important security vulnerabilities . These include , 43 out-of-bounds read vulnerabilities , 4 integer overflow bugs , and a single security bypass bug . All these could allegedly result in information disclosure . As stated in Adobe ’ s advisory , the affected software include the following for Windows , Acrobat DC and Acrobat Reader DC ( continuous track ) versions 2019.008.20081 and earlier , Adobe Acrobat 2017 and Acrobat Reader 2017 ( Classic 2017 track ) versions 2017.011.30106 and earlier , Acrobat DC and Acrobat Reader DC ( Classic 2015 track ) versions 2015.006.30457 and earlier . Whereas , in the case of MacOS , the affected programs include , Acrobat DC and Acrobat Reader DC ( continuous track ) versions including and prior to 2019.008.20080 , Adobe Acrobat 2017 and Acrobat Reader 2017 ( track Classic 2017 ) versions 2017.011.30105 and above , Acrobat DC and Acrobat Reader DC ( track Classic 2015 ) versions 2015.006.30456 and above . Adobe has patched Vulnerability-related.PatchVulnerability all 86 vulnerabilities in the recently released versions of the respective software . The patched versions include Acrobat DC and Acrobat Reader DC versions 2019.010.20064 ( continuous track ) , Acrobat 2017 and Acrobat Reader DC 2017 ( Classic 2017 ) version 2017.011.30110 , and Acrobat DC and Acrobat Reader DC ( track Classic 2015 ) version 2015.006.30461 . Users of both Windows and MacOS should , therefore , ensure updating Vulnerability-related.PatchVulnerability their systems and download the latest versions of the affected software to stay protected from these vulnerabilities . This month ’ s scheduled update bundle did not address Vulnerability-related.PatchVulnerability any security flaws in Flash Player . Nonetheless , lately , Adobe already patched Vulnerability-related.PatchVulnerability a critical Flash vulnerability already disclosed Vulnerability-related.DiscoverVulnerability to the public .

Adobe has resolved Vulnerability-related.PatchVulnerability 11 security flaws in this month 's patch update on the heels of a far larger security round last month in which over a hundred bugs were squashed Vulnerability-related.PatchVulnerability . The patch release impacts Vulnerability-related.PatchVulnerability Adobe Flash , Acrobat and Reader , Experience Manager , and Creative Cloud . Two of the vulnerabilities disclosed Vulnerability-related.DiscoverVulnerability in the release are described Vulnerability-related.DiscoverVulnerability as critical and affect Vulnerability-related.DiscoverVulnerability Acrobat and Reader . In July , Adobe issued Vulnerability-related.PatchVulnerability a security update which patched Vulnerability-related.PatchVulnerability a total of 112 vulnerabilities . The majority of bugs were uncovered Vulnerability-related.DiscoverVulnerability in Adobe Acrobat , but a critical code execution flaw was also resolved Vulnerability-related.PatchVulnerability in Adobe Flash . The critical bugs in this release impact Vulnerability-related.DiscoverVulnerability Adobe Acrobat 2017 , Acrobat DC , and Acrobat Reader DC on Windows and macOS machines . The tech giant says Vulnerability-related.DiscoverVulnerability that exploitation of the security flaws , an out of bounds write issue ( CVE-2018-12808 ) and an untrusted pointer dereference problem ( CVE-2018-12799 ) can lead to arbitrary code execution . The vulnerabilities resolved Vulnerability-related.PatchVulnerability include five bugs in Adobe Flash . An out of bounds read flaw ( CVE-2018-12824 ) , a security bypass error ( CVE-2018-12825 ) , two information disclosure vulnerabilities ( CVE-2018-12826 , CVE-2018-12827 ) , and a privilege escalation flaw ( CVE-2018-12828 ) have all been patched Vulnerability-related.PatchVulnerability . A reflected cross-site scripting flaw ( CVE-2018-12806 ) , input validation bypass ( CVE-2018-12807 ) , and cross-site scripting ( XSS ) bug ( CVE-2018-5005 ) have been patched Vulnerability-related.PatchVulnerability in Adobe Experience Manager versions 6.0 -- 6.4 on all platforms . If exploited Vulnerability-related.DiscoverVulnerability , the security flaws can facilitate sensitive information disclosure and data modification . In addition , a single bug in Adobe Creative Cloud Desktop affecting Vulnerability-related.DiscoverVulnerability versions 4.5.0.324 and earlier versions on Windows systems has been resolved Vulnerability-related.PatchVulnerability . The DLL hijacking vulnerability ( CVE-2018-5003 ) can be exploited Vulnerability-related.DiscoverVulnerability in order for an attacker to escalate privileges on an account . Adobe recommends that users update their software as quickly as possible . Researchers from Trend Micro 's Zero Day Initiative , Palo Alto Networks , Google Project Zero , TenCent , and Cognizant Technology Solutions , among others , were thanked for reporting Vulnerability-related.DiscoverVulnerability the bugs . On Tuesday , Microsoft 's latest round of patches tackled Vulnerability-related.PatchVulnerability a total of 60 vulnerabilities , 19 of which were deemed critical . Two severe security flaws resolved Vulnerability-related.PatchVulnerability in the update are zero-day vulnerabilities which are being actively exploited Vulnerability-related.DiscoverVulnerability in the wild .

Tenable was behind one software update to fix Vulnerability-related.PatchVulnerability security flaws that ’ s circulating Vulnerability-related.PatchVulnerability this week . The research arm of the Columbia-based cybersecurity company discovered Vulnerability-related.DiscoverVulnerability a vulnerability in Zoom ’ s conferencing platform that would allow attackers to take control of a user ’ s desktop remotely during a meeting . After being alerted , Tenable said that Zoom quickly updated Vulnerability-related.PatchVulnerability the software . According to Tenable , the security flaw , if exploited Vulnerability-related.DiscoverVulnerability , would allow attackers to do the following : Hijack control of a screen , allowing them to download and execute malware . Impersonate others in the meeting through chat messages . Kick out other attendees of the meeting . A blog post from the company states the vulnerability was discovered Vulnerability-related.DiscoverVulnerability by Tenable ’ s David Wells . “ This impacts both one-on-one ( P2P ) meetings as well as group meetings streamed through Zoom servers , ” the blog post states , adding that the vulnerability could also be exploited Vulnerability-related.DiscoverVulnerability over Wide Area Network ( WAN ) . The vulnerability could ’ ve put 750,000 companies that use Zoom at risk . To fix Vulnerability-related.PatchVulnerability the vulnerability , Zoom patched Vulnerability-related.PatchVulnerability servers and released Vulnerability-related.PatchVulnerability new versions of the software . The company is urging users to ensure their software is up-to-date . This vulnerability is the perfect example of the cyber attack surface that is expanded by seemingly innocuous services , like Zoom , ” Tenable CTO Renaud Deraison said in a statement .

It ’ s a new month which means another security patch from Google has been released Vulnerability-related.PatchVulnerability and it ’ s currently rolling out Vulnerability-related.PatchVulnerability to Pixel and select Nexus devices . The September 5 , 2018 patch includes fixes for almost 60 vulnerabilities that were found Vulnerability-related.DiscoverVulnerability in the AOSP repository . The update also includes in-car Bluetooth performance improvements for Pixel devices . Google resolved Vulnerability-related.PatchVulnerability 24 problems on September 1 , 2018 , and patched Vulnerability-related.PatchVulnerability an additional 35 on September 5 , 2018 . Before the patch , a remote attacker could execute arbitrary code using a “ specially crafted file … within the context of a privileged process. ” Fortunately , just like with most issues that ’ re fixed Vulnerability-related.PatchVulnerability through security patches , Google states that it has not received a single report of an attacker using this vulnerability to harm a customer . In addition to the security fixes , Google has listed some of the improvements this update brings to its handsets : Improve battery charge in Retail Mode ( Pixel 2 , Pixel 2 XL ) Improve SW Version reporting ( Pixel , Pixel XL , Pixel 2 , Pixel 2 XL ) Improve audio quality over car speakers ( Pixel , Pixel XL , Pixel 2 , Pixel 2 XL ) If you don ’ t want to wait for the September security patch to make its way to your phone , you can download the latest factory image or OTA file from the links below . From there , you can either flash a fresh build to your phone or sideload the OTA update . And in usual Essential fashion , the company has begun rolling out Vulnerability-related.PatchVulnerability the September security patch to the Essential Phone within hours of it becoming available for Google ’ s hardware . On top of the fixed vulnerabilities , Essential states that the update includes various audio and accessibility fixes .

Yesterday , Oracle released Vulnerability-related.PatchVulnerability its quarterly critical patch update ( CPU ) for Q3 2018 , the October edition , during which the company fixed Vulnerability-related.PatchVulnerability 301 vulnerabilities . Of the 301 flaws , 45 had a severity rating of 9.8 ( on a scale of 10 ) and one even received the maximum 10 rating . Vulnerabilities that receive this severity ratings this high can be exploited Vulnerability-related.DiscoverVulnerability remotely , with no authentication , and the exploit chain is accessible even to low-skilled attackers , even to those with no in-depth technical knowledge . Oracle 's security team will publish more information about each vulnerability in the coming days . This will give companies more time to update Vulnerability-related.PatchVulnerability affected applications before details about each flaw are generally available Vulnerability-related.PatchVulnerability to everyone , including the bad guys . For now , little information is known , but the vulnerability that received the 10.0 rating impacts Vulnerability-related.DiscoverVulnerability Oracle GoldenGate , a data replication framework that can work with large quantities of information in real-time . This issue doesn't impact Vulnerability-related.DiscoverVulnerability standalone GoldenGate installations , but also the numerous other Oracle product setups where GoldenGate can be deployed as an add-in option , such as the Oracle Database Server , DB2 , MySQL , Sybase , Terradata , and others . As for vulnerabilities rated 9.8 on the severity scale , these were reported affecting Vulnerability-related.DiscoverVulnerability products such as the Oracle Database Server , Oracle Communications , the Oracle Construction and Engineering Suite , the Oracle Enterprise Manager Products Suite , Oracle Fusion Middleware , Oracle Insurance Applications , Oracle JD Edwards , MySQL , Oracle Retail , the Oracle Siebel CRM , and the Oracle Sun Systems Products Suite . Despite the staggering number of patched flaws -- 301 -- , this is n't Oracle 's biggest recorded CPU . That title goes to July 2018 's CPU , which addressed Vulnerability-related.PatchVulnerability 334 vulnerabilities , 55 of which had a 9.8 severity rating . This was also Oracle 's last CPU for 2018 . According to the folks at ERPScan , in 2018 , Oracle patched Vulnerability-related.PatchVulnerability 1119 vulnerabilities , the same number of flaws it patched Vulnerability-related.PatchVulnerability last year in 2017 .

For the second time in roughly a year , D-Link has failed to act on warnings Vulnerability-related.DiscoverVulnerability from security researchers involving the company ’ s routers . The latest incident arose after Silesian University of Technology researcher Błazej Adamczyk contacted Vulnerability-related.DiscoverVulnerability D-Link last May about three vulnerabilities affecting Vulnerability-related.DiscoverVulnerability eight router models . Following the warning Vulnerability-related.DiscoverVulnerability , D-Link patched Vulnerability-related.PatchVulnerability two of the affected routers , but did not initially reveal Vulnerability-related.DiscoverVulnerability how it would proceed for the remaining six models . After further prompting Vulnerability-related.DiscoverVulnerability from Adamczyk , D-Link revealed Vulnerability-related.DiscoverVulnerability that the remaining six routers would not get Vulnerability-related.PatchVulnerability a security patch because they were considered end-of-life models , leaving affected owners out in the cold . “ The D-Link models affected Vulnerability-related.DiscoverVulnerability are the DWR-116 , DWR-140L , DWR-512 , DWR-640L , DWR-712 , DWR-912 , DWR-921 , and DWR-111 , six of which date from 2013 , with the DIR-640L first appearing Vulnerability-related.DiscoverVulnerability in 2012 and the DWR-111 in 2014 , ” Naked Security reported . Though these are not current models in D-Link ’ s portfolio , many of the listed models are still likely to be in use . As a result of this impasse , Adamczyk released details Vulnerability-related.DiscoverVulnerability about the security flaws , following responsible security protocols after giving D-Link notice and the opportunity to address Vulnerability-related.PatchVulnerability the issues . Of significance is that this is the second time in about a year that D-Link has failed to address Vulnerability-related.PatchVulnerability security vulnerabilities affecting Vulnerability-related.DiscoverVulnerability its products after being notified Vulnerability-related.DiscoverVulnerability by researchers . The security researcher noted Vulnerability-related.DiscoverVulnerability that the new flaw arose Vulnerability-related.DiscoverVulnerability after D-Link reported that it had fixed Vulnerability-related.PatchVulnerability a prior security flaw . Also known as “ directory traversal ” or “ dot dot slash ” attacks , these flaws allow a malicious attacker to gain access to system files with a simple HTTP request . Despite D-Link ’ s spotty history with supporting older router models , the manufacturer is not alone in leaving routers unpatched Vulnerability-related.PatchVulnerability . The American Consumer Institute reported Vulnerability-related.DiscoverVulnerability that of the 186 routers it had tested , 155 contained Vulnerability-related.DiscoverVulnerability firmware vulnerabilities . In total , ACI discovered Vulnerability-related.DiscoverVulnerability more than 32,000 known vulnerabilities in its study . “ Our analysis shows that , on average , routers contained Vulnerability-related.DiscoverVulnerability 12 critical vulnerabilities and 36 high-risk vulnerabilities , across the entire sample , ” ACI noted in its report . “ The most common vulnerabilities were medium-risk , with an average of 103 vulnerabilities per router. ” For shoppers who are in the market for a new router , it ’ s probably best to also check with the manufacturer to see what the supported lifespan of the router is . If the router is nearing its end of life , as in the case illustrated here , you may not get Vulnerability-related.PatchVulnerability patches , regardless of how serious a security vulnerability may be . If you have an older router , you may want to consider checking out our guide for the best router options before you decide to upgrade .

Oracle released Vulnerability-related.PatchVulnerability its latest Critical Patch Update on July 18 , fixing Vulnerability-related.PatchVulnerability 334 vulnerabilities across the company 's product portfolio . The company rated 61 of the vulnerabilities as having critical impact . Among the products patched Vulnerability-related.PatchVulnerability by Oracle are Oracle Database Server , Oracle Global Lifecycle Management , Oracle Fusion Middleware , Oracle E-Business Suite , Oracle PeopleSoft , Oracle Siebel CRM , Oracle Industry Applications , Oracle Java SE , Oracle Virtualization , Oracle MySQL and Oracle Sun Systems Products Suite . While there are issues of varying severity in the update , Oracle is blaming third-party components as being the cause of the majority of the critical issues . `` It is fair to note that bugs in third-party components make up a disproportionate amount of severe vulnerabilities in this Critical Patch Update , '' Eric Maurice , director of security assurance at Oracle , wrote in a blog post . `` 90 percent of the critical vulnerabilities addressed Vulnerability-related.PatchVulnerability in this Critical Patch Update are for non-Oracle CVEs . '' Of the 334 issues fixed Vulnerability-related.PatchVulnerability in the July Critical Patch Update , 37 percent were for third-party components included in Oracle product distributions . While many flaws were from third-party libraries , there were also flaws in Oracle 's own development efforts . Oracle 's namesake database was patched Vulnerability-related.PatchVulnerability for three issues , one of which is remotely exploitable without user authentication . Oracle 's Financial Services application received Vulnerability-related.PatchVulnerability the highest total number of patches at 56 , with 21 identified as being remotely exploitable without user authentication . Oracle 's Fusion Middleware , on the other hand , got Vulnerability-related.PatchVulnerability 44 new security fixes , with 38 of them rated as being critical . Oracle Enterprise Manager Products were patched Vulnerability-related.PatchVulnerability for 16 issues , all of which are remotely exploitable without authentication . Looking at flaws in Java , Oracle 's July CPU provides Vulnerability-related.PatchVulnerability eight security fixes , though organizations likely need to be cautious when applying Vulnerability-related.PatchVulnerability the patches , as certain functionality has been removed . `` Several actions taken to fix Vulnerability-related.PatchVulnerability Java SE vulnerabilities in the July CPU are likely to break the functionality of certain applications , '' security firm Waratek warned in an advisory . `` Application owners who apply Vulnerability-related.PatchVulnerability binary patches should be extremely cautious and thoroughly test their applications before putting Vulnerability-related.PatchVulnerability patches into production . '' The reason why the Oracle fixes could break application functionality is because Oracle has decided to remove multiple vulnerable components from its Java Development Kit ( JDK ) . At 334 fixed flaws , the July update is larger than last Critical Patch Update released Vulnerability-related.PatchVulnerability on Jan 15 , which provided Vulnerability-related.PatchVulnerability patches for 237 flaws . While the number of patches issues has grown , Matias Mevied , Oracle security researcher at Onapsis , commented that Oracle is working in the right way , fixing Vulnerability-related.PatchVulnerability the reported vulnerabilities and is getting faster every year . `` Unfortunately , based in our experience , the missing part is that the companies still do n't implement the patches as soon as they should be , '' Mevied told eWEEK .

CIsco has issued Vulnerability-related.PatchVulnerability a critical patch of a patch for a Cisco Prime License Manager SQL fix . Cisco this week said it patched Vulnerability-related.PatchVulnerability a “ critical ” patch for its Prime License Manager ( PLM ) software that would let attackers execute random SQL queries . The Cisco Prime License Manager offers enterprise-wide management of user-based licensing , including license fulfillment . Released Vulnerability-related.PatchVulnerability in November , the first version of the Prime License Manager patch caused its own “ functional ” problems that Cisco was then forced to fix Vulnerability-related.PatchVulnerability . That patch , called ciscocm.CSCvk30822_v1.0.k3.cop.sgn addressed Vulnerability-related.PatchVulnerability the SQL vulnerability but caused backup , upgrade and restore problems , and should no longer be used Cisco said . Cisco wrote that “ customers who have previously installed Vulnerability-related.PatchVulnerability the ciscocm.CSCvk30822_v1.0.k3.cop.sgn patch should upgrade Vulnerability-related.PatchVulnerability to the ciscocm.CSCvk30822_v2.0.k3.cop.sgn patch to remediate the functional issues . Installing Vulnerability-related.PatchVulnerability the v2.0 patch will first rollback the v1.0 patch and then install Vulnerability-related.PatchVulnerability the v2.0 patch. ” As for the vulnerability that started this process , Cisco says it “ is due to a lack of proper validation of user-supplied input in SQL queries . An attacker could exploit this vulnerability by sending crafted HTTP POST requests that contain malicious SQL statements to an affected application . A successful exploit could allow the attacker to modify and delete arbitrary data in the PLM database or gain shell access with the privileges of the postgres [ SQL ] user. ” The vulnerability impacts Vulnerability-related.DiscoverVulnerability Cisco Prime License Manager Releases 11.0.1 and later .

Mozilla has recently fixed Vulnerability-related.PatchVulnerability multiple security flaws in its Thunderbird 60.3 email client . These vulnerabilities also include a critical security bug that allegedly affected Vulnerability-related.DiscoverVulnerability Mozilla ’ s Firefox and Firefox ESR browsers as well . Last week , Mozilla patched Vulnerability-related.PatchVulnerability multiple security flaws altogether in its latest Thunderbird 60.3 including a critical security flaw . As explained in Mozilla ’ s security advisory , numerous community members and developers at Mozilla discovered Vulnerability-related.DiscoverVulnerability reported memory safety bugs that only affected Vulnerability-related.DiscoverVulnerability Thunderbird email client , but also had impacted Vulnerability-related.DiscoverVulnerability Firefox and Firefox ESR . Describing the bugs ( CVE-2018-12390 ) , Mozilla stated , Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited Vulnerability-related.DiscoverVulnerability to run arbitrary code . Mozilla has fixed Vulnerability-related.PatchVulnerability the bugs in Firefox 63 , Firefox ESR 60.3 , and Thunderbird 60.3 respectively . Apart from the critical memory safety bugs , Mozilla also released Vulnerability-related.PatchVulnerability fixes for several other vulnerabilities affecting Vulnerability-related.DiscoverVulnerability Thunderbird . These include three vulnerabilities with a high severity level , and low severity level memory safety bugs ( CVE-2018-12389 ) . The three high severity flaws include : CVE-2018-12391 : HTTP Live Stream audio data accessible cross-origin ( affected Firefox for Android only ) . The bug could allow accessing audio data across origins during HTTP live stream playback on the Firefox browser for Android . CVE-2018-12392 : Crash with nested event loops . An attacker could trigger an exploitable crash by exploiting the bug . CVE-2018-12393 : Integer overflow during Unicode conversion while loading JavaScript . This out-of-bounds write vulnerability only affected 32-bit builds . With regards to the conditions for the exploit , Mozilla elaborated , In general , these flaws can not be exploited Vulnerability-related.DiscoverVulnerability through email in the Thunderbird product because scripting is disabled when reading mail , but are potentially risks in browser or browser-like contexts . Mozilla patched Vulnerability-related.PatchVulnerability multiple vulnerabilities in the previous versions of Thunderbird and Firefox last month . That time too , Mozilla released Vulnerability-related.PatchVulnerability a fix for critical code execution vulnerability affecting Vulnerability-related.DiscoverVulnerability Thunderbird 60.2 , Firefox 61 and Firefox ESR 60.1 .

A Google Project Zero researcher has published a macOS exploit to demonstrate that Apple is exposing its users to security risks by patching Vulnerability-related.PatchVulnerability serious flaws in iOS but not revealing the fact until it fixes Vulnerability-related.PatchVulnerability the same bugs in macOS a week later . This happened during Apple 's update Vulnerability-related.PatchVulnerability for critical flaws in iOS 12 , tvOS 12 and Safari 12 on September 17 . A Wayback Machine snapshot of the original advisory does n't mention Vulnerability-related.DiscoverVulnerability any of the bugs that Project Zero researcher Ivan Fratric had reported Vulnerability-related.DiscoverVulnerability to Apple , and which were actually fixed Vulnerability-related.PatchVulnerability . Then , a week later , after Apple patched Vulnerability-related.PatchVulnerability the same bugs in macOS , the company updated Vulnerability-related.PatchVulnerability its original advisory with details about the nine flaws that Fratric had reported Vulnerability-related.DiscoverVulnerability , six of which affected Vulnerability-related.DiscoverVulnerability Safari . The update fixed Vulnerability-related.PatchVulnerability a Safari bug that allowed arbitrary code execution on macOS if a vulnerable version of Safari browsed to a website hosting an exploit for the bugs . While Fratric concedes that Apple is probably concealing Vulnerability-related.PatchVulnerability the fix in iOS to buy time to patch Vulnerability-related.PatchVulnerability macOS , he argues the end result is that people may ignore an important security update because they were n't properly informed by Apple in the security advisory . `` This practice is misleading because customers interested in the Apple security advisories would most likely read them only once , when they are first released and the impression they would get is that the product updates fix far fewer vulnerabilities and less severe vulnerabilities than is actually the case . '' Even worse , a skilled attacker could use the update for iOS to reverse-engineer a patch , develop an exploit for macOS , and then deploy it against a macOS user-base that does n't have a patch . Users also do n't know that Apple has released information that could make their systems vulnerable to attack . Fratric developed an exploit for one of the Safari bugs he reported and published Vulnerability-related.DiscoverVulnerability the attack on Thursday . The bugs were all found Vulnerability-related.DiscoverVulnerability using a publicly available fuzzing tool he developed , called Domato , meaning anyone else , including highly advanced attackers , could use it too . `` If a public tool was able to find that many bugs , it is expected that private ones might be even more successful , '' he noted . He was n't aiming to write a reliable or sophisticated exploit , but the bug is useful enough for a skilled exploit writer to develop an attack to spread malware and `` potentially do a lot of damage even with an unreliable exploit '' . Fratric said he successfully tested the exploit on Mac OS 10.13.6 High Sierra , build version 17G65 . `` If you are still using this version , you might want to update , '' noted Fratric . On the upside , it appears Apple and its Safari WebKit team have improved the security of the browser compared with the results of Fratric 's Domato fuzzing efforts last year , which turned up way more bugs in Safari than in Chrome , Internet Explorer , and Edge . Last year he found Vulnerability-related.DiscoverVulnerability 17 Safari flaws using the fuzzing tool . His final word of warning is not to discount any of the bugs he found just because no one 's seen them being attacked in the wild . `` While it is easy to brush away such bugs as something we have n't seen actual attackers use , that does n't mean it 's not happening or that it could n't happen , '' the researcher noted .

Overall , the chip giant patched Vulnerability-related.PatchVulnerability five vulnerabilities across an array of its products . Intel on Tuesday patched Vulnerability-related.PatchVulnerability three high-severity vulnerabilities that could allow the escalation of privileges across an array of products . Overall , the chip giant fixed Vulnerability-related.PatchVulnerability five bugs – three rated high-severity , and two medium-severity . The most concerning of these bugs is an escalation-of-privilege glitch in Intel ’ s PROset/Wireless Wi-Fi software , which is its wireless connection management tool . The vulnerability , CVE-2018-12177 , has a “ high ” CVSS score of 7.8 , according to Intel ’ s update . “ Intel is releasing Vulnerability-related.PatchVulnerability software updates to mitigate Vulnerability-related.PatchVulnerability this potential vulnerability , ” it said , urging users to update Vulnerability-related.PatchVulnerability to version 20.90.0.7 or later of the software . The vulnerability , reported Vulnerability-related.DiscoverVulnerability by Thomas Hibbert of Insomnia Security , stems from improper directory permissions plaguing the software ’ s ZeroConfig service in versions before 20.90.0.7 . The issue could allow an authorized user to potentially enable escalation of privilege via local access . The other high-severity bug exists in Vulnerability-related.DiscoverVulnerability the company ’ s System Support Utility for Windows , which offers support for Intel-packed Windows device users . This bug ( CVE-2019-0088 ) is due to insufficient path checking in the support utility , allowing an already-authenticated user to potentially gain escalation of privilege via local access . The vulnerability has a CVSS score of 7.5 . Versions of System Support Utility for Windows before 2.5.0.15 are impacted Vulnerability-related.DiscoverVulnerability ; Intel recommends Vulnerability-related.PatchVulnerability users update Vulnerability-related.PatchVulnerability to versions 2.5.0.15 or later . Independent security researcher Alec Blance was credited with discovering Vulnerability-related.DiscoverVulnerability the flaw . The chip-maker also patched Vulnerability-related.PatchVulnerability a high-severity and medium-severity flaw in its Software Guard Extensions ( SGX ) platform and software , which help application developers to protect select code and data from disclosure or modification . “ Multiple potential security vulnerabilities in Intel SGX SDK and Intel SGX Platform Software may allow escalation of privilege or information disclosure , ” said Vulnerability-related.DiscoverVulnerability Intel . The high-severity flaw in SGX ( CVE-2018-18098 ) has a CVSS score of 7.5 and could allow an attacker with local access to gain escalated privileges . The vulnerability is rooted in Vulnerability-related.DiscoverVulnerability improper file verification in the install routine for Intel ’ s SGX SDK and Platform Software for Windows before 2.2.100 . It was discovered Vulnerability-related.DiscoverVulnerability by researcher Saif Allah ben Massaoud . Another vulnerability in the platform ( CVE-2018-12155 ) is only medium in severity , but could allow an unprivileged user to cause information disclosure via local access . That ’ s due to data leakage Attack.Databreach in the cryptographic libraries of the SGX platform ’ s Integrated Performance Primitives , a function that provides developers with building blocks for image and data processing . And finally , a medium escalation of privilege vulnerability in Intel ’ s SSD data-center tool for Windows has been patched Vulnerability-related.PatchVulnerability . “ Improper directory permissions in the installer for the Intel SSD Data Center Tool for Windows before v3.0.17 may allow authenticated users to potentially enable an escalation of privilege via local access , ” said Vulnerability-related.DiscoverVulnerability Intel ’ s update . The company recommends users update to v3.0.17 or later . Intel ’ s patch comes Vulnerability-related.PatchVulnerability during a busy patch Tuesday week , which includes fixes from Adobe and Microsoft .

Yesterday , on Microsoft ’ s Patch Tuesday the company released Vulnerability-related.PatchVulnerability its monthly security patches that fixed Vulnerability-related.PatchVulnerability 62 security flaws . These fixes also included a fix for a zero-day vulnerability that was under active exploitation before these patches were made available Vulnerability-related.PatchVulnerability . Microsoft also announced the re-release of its Windows 10 version 1809 and Windows Server 2019 . Microsoft credited Kaspersky Lab researchers for discovering Vulnerability-related.DiscoverVulnerability this zero-day , which is also known as Vulnerability-related.DiscoverVulnerability CVE-2018-8589 and impacts Vulnerability-related.DiscoverVulnerability the Windows Win32k component . A Kaspersky spokesperson told ZDNet , “ they discovered Vulnerability-related.DiscoverVulnerability the zero-day being exploited Vulnerability-related.DiscoverVulnerability by multiple cyber-espionage groups ( APTs ) . ” The zero-day had been used to elevate privileges on 32-bit Windows 7 versions . This is the second Windows elevation of privilege zero-day patched Vulnerability-related.PatchVulnerability by Microsoft discovered Vulnerability-related.DiscoverVulnerability by Kaspersky researchers . Last month , Microsoft patched Vulnerability-related.PatchVulnerability CVE-2018-8453 , another zero-day that had been used by a state-backed cyber-espionage group known as FruityArmor . However , in this month ’ s Patch Tuesday , Microsoft has not patched Vulnerability-related.PatchVulnerability a zero-day that is affecting Vulnerability-related.DiscoverVulnerability the Windows Data Sharing Service ( dssvc.dll ) . This zero-day was disclosed Vulnerability-related.DiscoverVulnerability on Twitter at the end of October . According to ZDNet , “ Microsoft has published this month a security advisory to instruct users on how to properly configure BitLocker when used together with solid-state drives ( SSDs ) . ” As reported by Microsoft , the Windows 10 October 2018 update caused user ’ s data loss post updating . Due to this , the company decided to pause the update . However , yesterday , Microsoft announced that it is re-releasing Windows 10 version 1809 . John Cable , the director of Program Management for Windows Servicing and Delivery at Microsoft said , “ the data-destroying bug that triggered that unprecedented decision , as well as other quality issues that emerged during the unscheduled hiatus , have been thoroughly investigated and resolved. ” Microsoft also announced the re-release of Windows Server 2019 , which was affected Vulnerability-related.DiscoverVulnerability by the same issue . According to ZDNet , “ The first step in the re-release is to restore the installation files to its Windows 10 Download page so that “ seekers ” ( the Microsoft term for advanced users who go out of their way to install a new Windows version ) can use the ISO files to upgrade PCs running older Windows 10 versions. ” Michael Fortin , Windows Corporate Vice President , in a blog post , offered some context behind the recent issues and announced changes to the way the company approaches communications and also the transparency around their process . Per Fortin , “ We obsess over these metrics as we strive to improve product quality , comparing current quality levels across a variety of metrics to historical trends and digging into any anomaly. ” To know more about this in detail , visit Microsoft ’ s official blog post .

Microsoft rolled out Vulnerability-related.PatchVulnerability 60 patches for its Patch Tuesday release , impacting 19 critical flaws and 39 important flaws . Microsoft has rolled out Vulnerability-related.PatchVulnerability its August Patch Tuesday fixes , addressing Vulnerability-related.PatchVulnerability 19 critical vulnerabilities , including fixes for two zero-day vulnerabilities that are under active attack . Overall , the company patched Vulnerability-related.PatchVulnerability a total of 60 flaws , spanning Microsoft Windows , Edge , Internet Explorer ( IE ) , Office , .NET Framework , ChakraCore , Exchange Server , Microsoft SQL Server and Visual Studio . Of those , 19 were critical , 39 were rated important , one was moderate and one was rated low in severity . The patch release includes two exploited flaws , CVE-2018-8373 and CVE-2018-8414 , which were previously disclosed Vulnerability-related.DiscoverVulnerability by researchers . The first zero-day , CVE-2018-8373 , could result in remote code-execution ( RCE ) and grants the same privileges as a logged-in user , including administrative rights . The vulnerability exists in Vulnerability-related.DiscoverVulnerability IE 9 , 10 and 11 , impacting Vulnerability-related.DiscoverVulnerability all Windows operating systems from Server 2008 to Windows 10 . Meanwhile , CVE-2018-8414 also enables RCE with the privileges of the logged-in user , and exists on Vulnerability-related.DiscoverVulnerability Windows 10 versions 1703 and newer , as well as Server 1709 and Server 1803 . “ The two zero-day vulnerabilities are … publicly disclosed Vulnerability-related.DiscoverVulnerability and exploited Vulnerability-related.DiscoverVulnerability , ” said Chris Goettl , director of product management , security , for Ivanti , in an email . “ CVE-2018-8373 is a vulnerability that exists in Vulnerability-related.DiscoverVulnerability the way that the scripting engine handles objects in memory in Internet Explorer . CVE-2018-8414 code-execution vulnerability exists Vulnerability-related.DiscoverVulnerability when the Windows Shell does not properly validate file paths. ” Microsoft also issued Vulnerability-related.PatchVulnerability fixes for security issues that don ’ t impact Windows , but the company thought they were important enough to package into its OS updates , dubbed advisories . Microsoft ’ s Patch Tuesday comes after the company found itself in hot water last month after its new update model caused stability issues for Windows operating systems and applications , particularly in July . The model irked customers so much that enterprise patching veteran Susan Bradley wrote an open letter to Microsoft executives expressing the “ dissatisfaction your customers have with the updates released Vulnerability-related.PatchVulnerability for Windows desktops and servers in recent months . ”

Sensitive information related to the United States Air Force has been found exposed publicly Attack.Databreach on the internet , allowing anyone with a web connection to peruse them without authorisation and no need for a password . The discovery Vulnerability-related.DiscoverVulnerability was made by security researchers at MacKeeper who said that they had found Vulnerability-related.DiscoverVulnerability gigabytes of files on an internet-connected backup drive that was not password-protected : The most shocking document was a spreadsheet of open investigations that included the name , rank , location , and a detailed description of the accusations . The investigations range from discrimination and sexual harassment to more serious claims . One example is an investigation into a Major General who is accused of accepting $ 50k a year from a sports commission that was supposedly funneled into the National Guard . As ZDNet reports , the names and addresses , ranks , and social security numbers of more than 4000 US Air Force officers were included in the stash of personal information . Further documents included phone numbers and contact information for workers and their spouses . Clearly some of the details exposed Attack.Databreach through the security lapse would be of value to foreign intelligence agencies and criminal gangs , and could lead to blackmail attempts or identity theft . What we don ’ t know is how long the information has been accessible Attack.Databreach online , and we also do not know if anyone other than the security researchers had managed to stumble across Attack.Databreach the exposed information . But the truth of the matter is that we shouldn ’ t ever have to find ourselves in a question to ask such questions . Whenever you decide to store information on the internet , particularly sensitive data , you should be doing your utmost to ensure that you have minimised the risk of it falling into the wrong hands . That means always keeping your computer patched Vulnerability-related.PatchVulnerability and running an up-to-date anti-virus , using encryption , enabling passwords and ensuring that the password chosen is a strong one , turning on additional authentication checks such as two-step verification and restricting the range of trusted IP addresses from where users can login from

Several developments this week recentered the security spotlight on some of the enterprise 's most critical business systems as cybersecurity experts deal with the reality that enterprise resource planning ( ERP ) software needs heightened attention . On the vulnerability front , SAP this week patched Vulnerability-related.PatchVulnerability a new , highly critical vulnerability for SAP HANA with one of the highest severity ratings available . Meanwhile , a new survey report shows that security professionals are finally waking up to the fact that attackers are looking to leverage vulnerabilities like these , with indicated expectations of increased ERP attacks in the near future . SAP HANA is an in-memory data platform used by enterprises to crunch data from across their business software stacks . Organizations use it to perform advanced analytics that inform critical business processes and fuel innovative applications , and as such it contains some of the most sensitive data pertaining to customers , business processes and intellectual property . The major vulnerability was discovered Vulnerability-related.DiscoverVulnerability by ERP security firm Onapsis in SAP HANA 's User Self-Service component and scored a CVSS vulnerability rating of 9.8 , garnering a Hot News designation in this month 's SAP Security Notes . If exploited , it would allow full remote compromise without access to any credentials . `` This level of access would allow an attacker to perform any action Attack.Databreach over the business information and processes supported by HANA , including creating , stealing Attack.Databreach , altering , and/or deleting sensitive information , '' says Sebastian Bortnik , head of research for Onapsis . SAP patched Vulnerability-related.PatchVulnerability the problem in this month 's round of SAP Security Notes , which included 35 vulnerabilities across its portfolio . Among them there were eight vulnerabilities with a high priority rating . Last year , the threats posed Vulnerability-related.DiscoverVulnerability by these vulnerabilities tipped over from the theoretical realm to one of documented reality when US-CERT released a report that warned of at least 36 organizations worldwide impacted by attacks that leveraged a vulnerability in SAP 's Invoker Servlet functionality running on SAP Java platforms . This week , a new report from Crowd Research Partners found that 89 % of security experts anticipate more attacks against ERP systems . Approximately 1 in 3 experts expect a significant increase in these attacks . As things stand , most enterprises are still dreadfully unprepared for any attacks , let alone an increased volume of them . A report last year from Ponemon Institute showed that more than half of enterprises admit it would take their firm a year or longer to detect a breach in the SAP platform .

It ’ s safe to say that 2016 was the year of ransomware . More specifically , the year of crypto-ransomware , that nefarious variant that encrypts files and holds them captive until a ransom is paid Attack.Ransom . Since the release of Cryptolocker in late 2013 , crypto-ransomware has exploded , and 2016 was a banner year . As a matter of fact , according to the FBI , cyber criminals used ransomware to steal Attack.Ransom more than $ 209 million from U.S. businesses in just the first quarter of 2016 . And according to a recent report from Kaspersky Labs , from January to September of 2016 , ransomware attacks targeting companies increased by a whopping 300 percent . With threat actors realizing ransomware ’ s lucrative potential , they bombarded the industry with new attacks in 2016 . This variant hit the wild in early 2016 , infecting systems using AES encryption . It not only infects mapped file shares , but any networked share , so remote drives are at risk . This attack was so potent experts estimate it infected more than 100,000 victims per day at its peak . More recently , hackers went after the beloved San Francisco Municipal Transport Agency ( MUNI ) . If you were in the area in late November , you may have gotten the message “ You Hacked ” at public transit ticket kiosks . The city ’ s light rail was hit by ransomware that forced them to offer Attack.Ransom free rides for two days while they recovered the files . Or , what about Popcorn , the ingenious little in-development ransomware variant in December that turned victims into attackers by incentivizing them with a pyramid scheme-style discount . Send the infection to two of your friends , and you get your files back for free . Ransomware perhaps hit Attack.Ransom healthcare the hardest in 2016 , with some reports claiming 88 percent of all ransomware affected hospitals . Whether large or small , no provider could hide from hackers looking to nab and encrypt patient data , disrupting care until the provider paid up Attack.Ransom or recovered files . The New Jersey Spine Center and Marin Healthcare District were attacked Attack.Ransom by Cryptowall , which encrypted electronic health records , backup files and the phone system . MedStar , which operates 10 hospitals in the D.C and Baltimore area , was forced to shut down its entire IT system and revert to paper records . And the list goes on and on with names like California ’ s Hollywood Presbyterian Medical Center , The University of Southern California ’ s Keck and Norris Hospital , Kansas Heart Hospital , Alvarado Medical Center , King ’ s Daughter ’ s Health , Chino Valley Medical Center and Desert Valley Hospital , and more . Criminals have obviously realized the awesome money-making potential of ransomware , and you should expect them to double-down in 2017 . That said , how can they make an already effective threat even more widespread ? Every year I try to predict changes and evolutions to the threat and security landscape . In this year ’ s predictions , I forecast that you ’ ll see the first ever , wide-spread ransomworm . This new variant will dramatically accelerate the spread of ransomware . Years ago , network worms like CodeRed , SQL Slammer , and more recently , Conficker were pretty common . As you probably know , a worm is a type of malware that automatically spreads itself over a network , using either legitimate network file sharing features , or network software vulnerabilities . In the past , the fastest spreading worms – like the examples mentioned above – exploited Vulnerability-related.DiscoverVulnerability network software flaws to automatically propagate through networks ( whether the Internet or just your internal network ) . Although we haven ’ t seen many wildly successful network worms lately , they ’ re still a threat . All it takes is for one black hat to find Vulnerability-related.DiscoverVulnerability a new zero-day networking software flaw and wide-spread ransomworm becomes a real possibility . In fact , attackers may not even need to know a new networking flaw to create a successful ransomware . By stealing Attack.Databreach a computer ’ s local credentials , attackers can use normal Windows networking , or tools like Powershell to spread through an internal Windows network without leveraging any vulnerability at all . Now , imagine ransomware attached to such a network worm . After infecting one victim , it could tirelessly copy itself to every computer it could reach on your local network . Whether or not you want to imagine such a scenario , criminals have already added network-scanning capabilities to some ransomware variants , and there ’ s a high likelihood they will more aggressively merge ransomware and worm capabilities next year . In 2017 , I suspect you ’ ll see a ransomworm that automatically spreads very quickly and successfully , at least on local networks , if not the Internet . Since falling victim to ransomware can be a costly and time-consuming affair , how can you prepare to combat these evolving threats ? Backup – Sure , I know most people just want to prevent ransomware , but you ’ ll never have 100 percent assurances of that in information security . Backing up your data is an important part of security for reasons far beyond just recovering from a ransomware attack . If you don ’ t already backup your important data , ransomware is the best reason yet to do so . Patch your software – There are many ways ransomware might get on your systems , including just users manually doing foolish things . However , in order to forcefully or automatically install malware on your system , attackers must exploit software flaws . That said , vendors have already fixed Vulnerability-related.PatchVulnerability a huge percent of the vulnerabilities hackers use to spread malware . If you simply keep your patches up to date Vulnerability-related.PatchVulnerability , you won ’ t succumb to many of these forced or automated attacks , which could even help against ransomworms , assuming the network flaw they used was also patched Vulnerability-related.PatchVulnerability . Implement Killchain Defense – You won ’ t find one security technology that can protect you from 100 percent of ransomware by itself . However , there are many security controls that help protect you from various stages of a ransomware attack . For instance , Intrusion Prevention Systems ( IPS ) can prevent some of the exploits criminals use to spread ransomware . AntiVirus can catch some of the most common ransomware variants , and more modern advanced threat protection solutions can even identify and block new zero-day ransomware samples . However , none of these defenses are fool proof alone . The best way to protect your computer or organization is to combine all of them . Unified Threat Management ( UTM ) solutions often offer the easiest option for placing all these protections under one pane of glass

Ransomware scammers have been exploiting a flaw in Apple 's Mobile Safari browser in a campaign to extort fees Attack.Ransom from uninformed users . The scammers particularly target those who viewed porn or other controversial content . Apple patched Vulnerability-related.PatchVulnerability the vulnerability on Monday with the release Vulnerability-related.PatchVulnerability of iOS version 10.3 . The flaw involved the way that Safari displayed JavaScript pop-up windows . In fact , recovering from the pop-up loop was as easy as going into the device settings and clearing the browser cache . This simple fix was possibly lost on some uninformed targets who were too uncomfortable to ask for outside help . `` The attackers effectively used fear as a factor to get what they wanted before the victim realized that there was little actual risk , '' Lookout researchers Andrew Blaich and Jeremy Richards wrote in Monday 's post . The user provided the screenshot shown above , which attempts to instill fear with the claim the device was being locked `` for illegal pornography . '' Below those words was a pop-up Window that said `` Can not Open Page . '' Each time the person clicked on the accompanying OK button , a new window would open again . The JavaScript used in the attack shows signs of being used to exploit the same Safari flaw present in Vulnerability-related.DiscoverVulnerability iOS version 8 , which was released in 2014 . The attackers , the Lookout researchers said , purchased a large number of domains in an attempt to `` catch users that are seeking controversial content on the internet and coerce them into paying a ransom Attack.Ransom to them . '' Sites tailored the messages they delivered based on country identifiers . The campaign in many respects resembles one that hit Attack.Ransom Android users in 2014 . That one demanded Attack.Ransom a $ 300 ransom paid Attack.Ransom in the form of mechanisms such as Paysafecard or uKash

Researchers at Germany-based security firm Cure53 have conducted a 32-day audit of the Network Time Protocol ( NTP ) and the NTPsec project and discovered Vulnerability-related.DiscoverVulnerability more than a dozen vulnerabilities . Experts identified Vulnerability-related.DiscoverVulnerability a total of 16 security-related issues , including 8 weaknesses that only affect Vulnerability-related.DiscoverVulnerability NTP and two that only impact Vulnerability-related.DiscoverVulnerability NTPsec , which is meant to be a secure , hardened and improved implementation of NTP . Cure53 has published separate reports focusing on the NTP and NTPsec problems . The Network Time Foundation addressed Vulnerability-related.PatchVulnerability the flaws earlier this month with the release of ntp-4.2.8p10 . Cure53 has classified Vulnerability-related.DiscoverVulnerability one vulnerability as being critical . CVE-2017-6460 , which only affects Vulnerability-related.DiscoverVulnerability NTP , has been described Vulnerability-related.DiscoverVulnerability as a stack-based buffer overflow that can be triggered by a malicious server when a client requests the restriction list . The flaw can be exploited Vulnerability-related.DiscoverVulnerability to cause a crash and possibly to execute arbitrary code . The security holes rated Vulnerability-related.DiscoverVulnerability by Cure53 as high severity are CVE-2017-6463 and CVE-2017-6464 , both of which can be exploited Vulnerability-related.DiscoverVulnerability for DoS attacks . It ’ s worth noting that while some of the vulnerabilities have been classified Vulnerability-related.DiscoverVulnerability as critical and high severity by Cure53 , NTP developers have only assigned Vulnerability-related.DiscoverVulnerability medium , low and informational-level severity ratings to the discovered flaws . Ntp-4.2.8p10 patches Vulnerability-related.PatchVulnerability a total of 15 vulnerabilities and also includes just as many non-security fixes and improvements . Of the 15 security holes resolved Vulnerability-related.PatchVulnerability in the latest version , 14 were discovered Vulnerability-related.DiscoverVulnerability by Cure53 , which also noticed Vulnerability-related.DiscoverVulnerability that a flaw initially patched Vulnerability-related.PatchVulnerability in December 2014 was reintroduced Vulnerability-related.DiscoverVulnerability in November 2016 . One of the vulnerabilities fixed Vulnerability-related.PatchVulnerability in ntp-4.2.8p10 was reported Vulnerability-related.DiscoverVulnerability by researchers at Cisco Talos . Experts identified Vulnerability-related.DiscoverVulnerability a DoS vulnerability affecting Vulnerability-related.DiscoverVulnerability the origin timestamp check functionality

A broad array of Android phones are vulnerable Vulnerability-related.DiscoverVulnerability to attacks that use booby-trapped Wi-Fi signals to achieve full device takeover , a researcher has demonstrated Vulnerability-related.DiscoverVulnerability . The vulnerability resides in Vulnerability-related.DiscoverVulnerability a widely used Wi-Fi chipset manufactured by Broadcom and used in both iOS and Android devices . Apple patched Vulnerability-related.PatchVulnerability the vulnerability with Monday 's release Vulnerability-related.PatchVulnerability of iOS 10.3.1 . `` An attacker within range may be able to execute arbitrary code on the Wi-Fi chip , '' Apple 's accompanying advisory warned Vulnerability-related.DiscoverVulnerability . In a highly detailed blog post published Vulnerability-related.DiscoverVulnerability Tuesday , the Google Project Zero researcher who discovered Vulnerability-related.DiscoverVulnerability the flaw said Vulnerability-related.DiscoverVulnerability it allowed the execution of malicious code on a fully updated 6P `` by Wi-Fi proximity alone , requiring no user interaction . '' Google is in the process of releasing Vulnerability-related.PatchVulnerability an update in its April security bulletin . The fix is available Vulnerability-related.PatchVulnerability only to a select number of device models , and even then it can take two weeks or more to be available as an over-the-air update to those who are eligible . Company representatives did n't respond to an e-mail seeking comment for this post . The proof-of-concept exploit developed by Project Zero researcher Gal Beniamini uses Wi-Fi frames that contain irregular values . The values , in turn , cause the firmware running on Broadcom 's wireless system-on-chip to overflow its stack . By using the frames to target timers responsible for carrying out regularly occurring events such as performing scans for adjacent networks , Beniamini managed to overwrite specific regions of device memory with arbitrary shellcode . Beniamini 's code does nothing more than write a benign value to a specific memory address . Attackers could obviously exploit the same series of flaws to surreptitiously execute malicious code on vulnerable devices within range of a rogue access point . Besides the specific stack overflow bugs exploited Vulnerability-related.DiscoverVulnerability by the proof-of-concept attack , Beniamini said Vulnerability-related.DiscoverVulnerability a lack of security protections built into many software and hardware platforms made the Broadcom chipset a prime target . `` We ’ ve seen that while the firmware implementation on the Wi-Fi SoC is incredibly complex , it still lags behind in terms of security , '' he wrote . `` Specifically , it lacks all basic exploit mitigations—including stack cookies , safe unlinking and access permission protection ( by means of [ a memory protection unit . ] ) '' The Broadcom chipset contains an MPU , but the researcher found that it 's implemented in a way that effectively makes all memory readable , writeable , and executable . `` We can conveniently execute our code directly from the heap . '' He said that Broadcom has informed him that newer versions of the chipset implement the MPU more effectively and also add unspecified additional security mechanisms . Given the severity of the vulnerability , people with affected Vulnerability-related.DiscoverVulnerability devices should install Vulnerability-related.PatchVulnerability a patch as soon as it 's available . For those with vulnerable iPhones , that 's easy enough . As is all too often the case for Android users , there 's no easy way to get Vulnerability-related.PatchVulnerability a fix immediately , if at all . That 's because Google continues to stagger the release Vulnerability-related.PatchVulnerability of its monthly patch bundle for the minority of devices that are eligible to receive it . At the moment , it 's not clear if there are effective workarounds available for vulnerable devices . Turning off Wi-Fi is one possibility , but as revealed in recent research into an unrelated Wi-Fi-related weakness involving Android phones , devices often relay Wi-Fi frames even when Wi-Fi is turned off

Six months of relative quiet around exploit kits recently changed when a public proof-of-concept attack disclosed Vulnerability-related.DiscoverVulnerability by a Texas startup was integrated into the Sundown Exploit Kit . The proof-of-concept exploit was developed Vulnerability-related.DiscoverVulnerability by Theori , a research and development firm in Austin , which opened its doors last spring . The PoC targets two vulnerabilities , CVE-2016-7200 and CVE-2016-7201 , in Microsoft Edge that were patched Vulnerability-related.PatchVulnerability in November in MS16-129 and privately disclosed Vulnerability-related.DiscoverVulnerability to Microsoft by Google Project Zero researcher Natalie Silvanovich . French researcher Kafeine said on Saturday that he had spotted weaponized versions of the Theori exploits in Sundown two days after they were made public . The payload is most likely the Zloader DLL injector , but Sundown has also moved other malware in the past including banking Trojans such as Zeus Panda and Dreambot , and even Bitcoin mining software . Kafeine said this is the first significant exploit kit activity he ’ s seen in six months . This is the second time a Theori proof-of-concept exploit has ended up in an exploit kit , Kafeine said Vulnerability-related.DiscoverVulnerability , harkening back to CVE-2016-0189 , which was patched Vulnerability-related.PatchVulnerability in May by Microsoft and yet eventually found its way into Neutrino , RIG , Sundown and Magnitude . Kafeine said he expects other exploit kits to quickly integrate this attack as well , but activity could be slowed by Christmas and New Year holidays in the West , and the recently concluded Russian holiday season . A request for comment from researchers at Theori was not returned in time for publication . In the Readme for the exploits posted to Github , Theori said its PoC was tested on the latest version of Edge running on Windows 10 . The vulnerabilities are in the Chakra JavaScript engine developed for Microsoft in Internet Explorer 9 . The Theori exploits trigger information leak and type confusion vulnerabilities in the browser , leading to remote code execution . The bugs were patched Vulnerability-related.PatchVulnerability Nov. 8 by Microsoft in a cumulative update for the Edge browser ; Microsoft characterized Vulnerability-related.DiscoverVulnerability them as memory corruption flaws and rated them both critical for Windows clients and moderate for Windows server . An attacker could also embed an ActiveX control marked ‘ safe for initialization ’ in an application or Microsoft Office document that hosts the Edge rendering engine . The integration of new exploits , however , has slowed significantly since the erasure of Angler and other popular kits from the underground . Angler ’ s disappearance coincided with the June arrests of 50 people in Russia allegedly connected to the development and distribution of the Lurk Trojan . Researchers at Kaspersky Lab who investigated the infrastructure supporting Lurk said there was little doubt that the criminals behind Lurk were also responsible for Angler ’ s constant development and profit-making . Since the end of the summer , however , exploit kit development has all but ended while attackers have returned to large-scale spamming campaigns and a resurgence of macro malware to move attacks along . “ Regarding the why , I don ’ t know for sure , ” Kafeine said . “ Either it ’ s harder to code those , [ or ] those who were providing fully working exploits ( for Angler for instance ) are not anymore into this . “ I think [ exploit kits ] have not been so far behind in years ” . Microsoft patched Vulnerability-related.PatchVulnerability this on Nov 8th , bug the huge problem is that whenever you buy a new computer , it doesn ’ t come with that pacth… You have to run the updates once you set up the new computer . And from what I have been finding over the last 6 months , is that the moment you open a brand new laptop with windows 10 and start to try to update it , the vulnerability is wide open for attack . The WORST part is that if you are a regular person not knowing anything about security , and you set up windows 10 with the “ express settings ” the computer is setup to connect to any open wifi hotspot and Bluetooth devices ! So if you live in NYC or any heavy populated area , or your home wifi is already infected by Miria Botnet , you are screwed instantly… I have proof that it is happening to everyone and no one knows it . The internet is going to implode within the next 3-4 months and the government will have to shut it down .

The saga of CVE-2017-0199 , a recently patched zero-day vulnerability affecting Vulnerability-related.DiscoverVulnerability Microsoft Office and WordPad , just got a little stranger yesterday after cyber-security firm FireEye revealed Vulnerability-related.DiscoverVulnerability the vulnerability was used by both cyber-criminals pushing mundane malware , and also by state-sponsored cyber-espionage groups . This twisted tale starts in July 2016 , when security researcher Ryan Hanson discovered Vulnerability-related.DiscoverVulnerability a flaw in RTF files that he could exploit to execute code on the underlying operating system . After finishing his research , Hanson submitted a write-up Vulnerability-related.DiscoverVulnerability on the three bugs he found Vulnerability-related.DiscoverVulnerability to Microsoft in October 2016 , via the company 's bug bounty program . Uncharacteristic to Microsoft , the company took almost six months to fix Vulnerability-related.PatchVulnerability the three bugs discovered Vulnerability-related.DiscoverVulnerability by Hanson , delivering Vulnerability-related.PatchVulnerability patches for all three ( CVE-2017-0106 , CVE-2017-0199 , and CVE-2017-0204 ) in April 's Patch Tuesday . A few days before Microsoft patched Vulnerability-related.PatchVulnerability the zero-day , news about it broke via blog posts from McAfee and FireEye , both companies revealing Vulnerability-related.DiscoverVulnerability the zero-day was under active exploitation . Unfortunately , this long patching period gave others the time to discover Vulnerability-related.DiscoverVulnerability the same flaw . While initially McAfee and FireEye restrained from revealing Vulnerability-related.DiscoverVulnerability any details about the zero-day , now that a patch is available Vulnerability-related.PatchVulnerability , several security firms are now sharing more behind-the-scenes details . According to FireEye , the zero-day first came on their radar on January 25 , 2017 , when they discovered Vulnerability-related.DiscoverVulnerability a FinSpy module exploiting the flaw . While FireEye discovered only this campaign , the cyber-security firm believes Gamma Group made available this new Microsoft zero-day to all of its clients , meaning it was likely used in other countries where the company sold its `` lawful intercept '' spyware . Two months after this campaign , towards the end of March , FireEye says it detected Vulnerability-related.DiscoverVulnerability the zero-day again , but this time used by a group of cyber-criminals spreading LatentBot , a sophisticated backdoor trojan , usually found Vulnerability-related.DiscoverVulnerability in enterprise environments and used for economic espionage campaigns . This group apparently started a yard sale after McAfee and FireEye disclosed Vulnerability-related.DiscoverVulnerability the zero-day in public . Fearing that a patch was coming Vulnerability-related.PatchVulnerability , this group shared Vulnerability-related.DiscoverVulnerability ( most likely sold ) the zero-day exploit with other crimeware groups . While initially this zero-day was classified Vulnerability-related.DiscoverVulnerability as an Office vulnerability , Microsoft 's security advisory revealed Vulnerability-related.DiscoverVulnerability this vulnerability also affected Vulnerability-related.DiscoverVulnerability WordPad , a free document viewer included by default with all Windows versions . This means that if users did n't have Office installed , they were at risk if they chose to open the booby-trapped files with WordPad . In this case , the exploit packed within the file would execute , download an HTA ( HTML application ) file disguised as an RTF , which in turn would run PowerShell commands that exploited the user 's computer .

To understand why it is so difficult to defend computers from even moderately capable hackers , consider the case of the security flaw officially known as Vulnerability-related.DiscoverVulnerability CVE-2017-0199 . The bug was unusually dangerous but of a common genre : it was in Microsoft software , could allow a hacker to seize control of a personal computer with little trace , and was fixed Vulnerability-related.PatchVulnerability April 11 in Microsoft ’ s regular monthly security update . But it had traveled a rocky , nine-month journey from discovery to resolution , which cyber security experts say is an unusually long time . Google ’ s security researchers , for example , give vendors just 90 days’ warning Vulnerability-related.DiscoverVulnerability before publishing Vulnerability-related.DiscoverVulnerability flaws they find Vulnerability-related.DiscoverVulnerability . Microsoft Corp ( MSFT.O ) declined to say how long it usually takes to patch Vulnerability-related.PatchVulnerability a flaw . While Microsoft investigated , hackers found Vulnerability-related.DiscoverVulnerability the flaw and manipulated the software to spy on unknown Russian speakers , possibly in Ukraine . And a group of thieves used it to bolster their efforts to steal Attack.Databreach from millions of online bank accounts in Australia and other countries . Those conclusions and other details emerged from interviews with researchers at cyber security firms who studied the events and analyzed versions of the attack code . Microsoft confirmed the sequence of events . The tale began last July , when Ryan Hanson , a 2010 Idaho State University graduate and consultant at boutique security firm Optiv Inc in Boise , found Vulnerability-related.DiscoverVulnerability a weakness in the way that Microsoft Word processes documents from another format . That allowed him to insert a link to a malicious program that would take control of a computer . The company often pays a modest bounty of a few thousands dollars for the identification of security risks . Soon after that point six months ago , Microsoft could have fixed Vulnerability-related.PatchVulnerability the problem , the company acknowledged Vulnerability-related.DiscoverVulnerability . But it was not that simple . A quick change in the settings on Word by customers would do the trick , but if Microsoft notified Vulnerability-related.DiscoverVulnerability customers about the bug and the recommended changes Vulnerability-related.PatchVulnerability , it would also be telling hackers about how to break in . Alternatively , Microsoft could have created Vulnerability-related.PatchVulnerability a patch that would be distributed Vulnerability-related.PatchVulnerability as part of its monthly software updates . But the company did not patch immediately Vulnerability-related.PatchVulnerability and instead dug deeper . It was not aware that anyone was using Hanson ’ s method , and it wanted to be sure it had a comprehensive solution . “ We performed Vulnerability-related.PatchVulnerability an investigation to identify other potentially similar methods and ensure that our fix addresses [ sic ] more than just the issue reported , ” Microsoft said through a spokesman , who answered emailed questions on the condition of anonymity . “ This was a complex investigation. ” Hanson declined interview requests . The saga shows that Microsoft ’ s progress on security issues , as well as that of the software industry as a whole , remains uneven in an era when the stakes are growing dramatically . Finally , on the Tuesday , about six months after hearing from Hanson , Microsoft made Vulnerability-related.PatchVulnerability the patch available Vulnerability-related.PatchVulnerability . As always , some computer owners are lagging behind and have not installed it . Ben-Gurion University employees in Israel were hacked , after the patch , by attackers linked to Iran who took over their email accounts and sent infected documents to their contacts at technology companies and medical professionals , said Michael Gorelik , vice president of cyber security firm Morphisec . When Microsoft patched Vulnerability-related.PatchVulnerability , it thanked Hanson , a FireEye researcher and its own staff . A six-month delay is bad but not unheard of , said Marten Mickos , chief executive of HackerOne , which coordinates patching efforts between researchers and vendors . “ Normal fixing times are a matter of weeks , ” Mickos said . Privately-held Optiv said through a spokeswoman that it usually gives vendors 45 days to make Vulnerability-related.PatchVulnerability fixes before publishing research Vulnerability-related.DiscoverVulnerability when appropriate , and that it “ materially followed ” that practice in this case . If the patching Vulnerability-related.PatchVulnerability took time , others who learned of the flaw moved quickly . On the final weekend before the patch , the criminals could have sold it along to the Dridex hackers , or the original makers could have cashed in a third time , Hultquist said , effectively staging a last clearance sale before it lost peak effectiveness . It is unclear how many people were ultimately infected or how much money was stolen .

A zero-day vulnerability exists in Vulnerability-related.DiscoverVulnerability WordPress Core that in some instances could allow an attacker to reset a user ’ s password and gain access to their account . Researcher Dawid Golunski of Legal Hackers disclosed Vulnerability-related.DiscoverVulnerability the vulnerability on Wednesday via his new ExploitBox service . All versions of WordPress , including the latest , 4.7.4 , are vulnerable Vulnerability-related.DiscoverVulnerability , the researcher said . The vulnerability ( CVE-2017-8295 ) happens because WordPress uses what Golunski calls untrusted data by default when it creates a password reset email . In a proof-of-concept writeup , Golunski points out that WordPress uses a variable , SERVER_NAME , to get the hostname to create a From/Return-Path header for the password reset email . Since that variable , by its nature , can be customized , an attacker could insert a domain of his choosing and make it so an outgoing email could be sent to a malicious address , the researcher says . The attacker would then receive the reset email and be able to change the account password and take over . “ Depending on the configuration of the mail server , it may result in an email that gets sent to the victim WordPress user with such malicious From/Return-Path address set in the email headers , ” Golunski wrote . “ This could possibly allow the attacker to intercept the email containing the password reset link in some cases requiring user interaction as well as without user interaction. ” Golunski writes that there are three scenarios in which a user could be tricked Attack.Phishing , and only one of them relies on user interaction . In one , an attacker could perform a denial of service attack on the victim ’ s email account in order to prevent the password reset email from reaching the victim ’ s account . Instead , it could bounce back to the malicious sender address , pointed at the attacker . Second , Golunski says some auto-responders may attach a copy of the email sent in the body of the auto-replied message . Third , by sending multiple password reset emails , he says the attacker could trigger the victim to ask for an explanation , below , which could contain the malicious password link . Golunski said Vulnerability-related.DiscoverVulnerability he reported Vulnerability-related.DiscoverVulnerability the issue to WordPress ’ s security team multiple times , initially more than 10 months ago in July 2016 . The researcher told Threatpost that WordPress never outright rejected his claim – he says WordPress told him it was working on the issue – but acknowledged that too much time has passed without a clear resolution , something which prompted him to release details Vulnerability-related.DiscoverVulnerability on the bug on Wednesday . Campbell said that it ’ s possible WordPress will patch Vulnerability-related.PatchVulnerability the issue , even if just for poorly configured servers , but acknowledged he didn ’ t have a timetable for the fix . Concerned WordPress users should follow a public ticket that was started for the issue last July , Campbell added . While there ’ s no official fix available Vulnerability-related.PatchVulnerability yet , Golunski says users can enable the UseCanonicalName setting on Apache to enforce a static SERVER_NAME value to ensure it doesn ’ t get modified . Golunski has had his hands full finding Vulnerability-related.DiscoverVulnerability vulnerabilities related to PHP-based email platforms . He discovered Vulnerability-related.DiscoverVulnerability a remote code execution bug in SquirrelMail in January that disclosed Vulnerability-related.DiscoverVulnerability and quickly patched Vulnerability-related.PatchVulnerability last month and similar RCE bugs in PHPMailer and SwiftMailer , libraries used to send emails via PHP , at the end of 2016 .

A ransomware threat called SLocker , which accounted for one-fifth of Android malware attacks in 2015 , is back with avengeance , according to security firm Wandera . SLocker encrypts images , documents and videos on Android devices and demands a ransom Attack.Ransom to decrypt the files . Once the malware is executed , it runs in the background of a user 's device without their knowledge or consent . Once it has encrypted files on the phone , the malware hijacks the device , blocking the user 's access , and attempts to intimidate them into paying a ransom Attack.Ransom to unlock it . Last year , security company Bitdefender said that ransomware was the largest malware risk to Android users in the second half of 2015 - with SLocker accounting for 22 per cent of Android malware threats in the UK in that period . The malware also topped the ransomware charts in Germany and Australia , and Bitdefender claimed that 44 per cent of Android users it asked had already paid out a ransom Attack.Ransom in order to regain access to their devices . The malware continued to cause problems and , in mid-2016 , its attacks Attack.Ransom were estimated to have resulted in tens of millions of dollars in ransoms paid Attack.Ransom . Weeks after the initial wave of attacks , security companies patched Vulnerability-related.PatchVulnerability the issue for their enterprise customers , devices were updated Vulnerability-related.PatchVulnerability and the threat disappeared . That is until now . Mobile security firm Wandera said that its mobile intelligence engine MI : RIAM had detected more than 400 variants of the same malware . It said that these strains were targeting businesses ' mobile fleets through easily accessible third-party app stores and websites where security checks are not as rigorous as they ought to be . According to Wandera , the variants have been redesigned and repackaged to avoid all known detection techniques . `` They utilise a wide variety of disguises including altered icons , package names , resources and executable files in order to evade signature-based detection , '' the company said . Third-party app stores and unknown vendors should be avoided by Android users , while corporate administrators should be wary of SLocker returning and put in place security measures to monitor devices accordingly .

Argentinean security researcher Manuel Caballero has discovered Vulnerability-related.DiscoverVulnerability another vulnerability in Microsoft 's Edge browser that can be exploited Vulnerability-related.DiscoverVulnerability to bypass a security protection feature and steal data such as passwords from other sites , or cookie files that contain sensitive information . The vulnerability is a bypass of Edge 's Same Origin Policy ( SOP ) , a security feature that prevents a website from loading resources and code from other domains except its own . To exploit the flaw , Caballero says that an attacker can use server redirect requests combined with data URIs , which would allow him to confuse Edge 's SOP filter and load unauthorized resources on sensitive domains . The expert explains the attack step by step on his blog . In the end , the attacker will be able to inject a password form on another domain , which the built-in Edge password manager will automatically fill in with the user 's credentials for that domain . Below is a video of the attack . Additionally , an attacker can steal cookies in a similar manner . More demos are available on a page Caballero set up here . Two weeks ago , Caballero found Vulnerability-related.DiscoverVulnerability another SOP bypass in Edge , which an attacker could also exploit to steal cookies and passwords . That particular exploit relied on a combination of data URIs , meta refresh tag , and domainless pages , such as about : blank . Compared to the previous SOP bypass , the technique Caballero disclosed Vulnerability-related.DiscoverVulnerability yesterday has the advantage that it 's faster to execute compared to the first , which required the attacker to log users out of their accounts and re-authenticate them in order to collect their credentials . Caballero has a history of finding Vulnerability-related.DiscoverVulnerability severe bugs in Microsoft browsers . He previously also bypassed the Edge SOP using Edge 's new Reading Mode , showed how you could abuse the SmartScreen security filter for tech support scams , and found a serious JavaScript attack in Internet Explorer 11 ( still unpatched ) . What 's more worrisome is that Microsoft has not patched Vulnerability-related.PatchVulnerability any of the SOP bypass issues the expert discovered Vulnerability-related.DiscoverVulnerability . `` We have 3 SOP bypasses right now , '' Caballero told Bleeping Computer today when asked to confirm the status of the three bugs . This month 's Patch Tuesday , released Vulnerability-related.PatchVulnerability two days ago , patched Vulnerability-related.PatchVulnerability the Edge SmartScreen issue Caballero discovered Vulnerability-related.DiscoverVulnerability last December , but the researcher found a way to bypass Microsoft 's patch within minutes .

The ransomware attack Attack.Ransom targeting global hospitals , governments and telecoms using a leaked National Security Agency ( NSA ) exploit may be the result of a `` targeted attack gone horribly wrong '' , according to a team of well-regarded security researchers . Experts from Recorded Future , a threat intelligence company headquartered in the US , say analysis of the hackers ' bitcoin addresses – set up to receive money from infected computers – indicates the attackers were unprepared for such a widespread incident . `` A part of carefully planned large-scale ransomware attack Attack.Ransom requires a separate bitcoin address for each victim , guaranteeing the miscreant controlling the operation would later be able to identify the payment Attack.Ransom and decrypt the correct system , '' wrote security expert John Wetzel in a blog post . He said in the WannaCry ransomware campaign Attack.Ransom , however , only a `` handful '' of wallets were used . `` Such unusual behaviour suggests the current epidemic was never planned by criminals , and resulted from targeted attacks going horribly wrong , '' he added . At the time of writing , the criminals ' bitcoin wallets have received over $ 40,000 worth of bitcoin , a type of cryptocurrency . All funds remain untouched . The security firm said the inaction is likely due to `` intense scrutiny '' of police and investigators . `` Unintended or not , the scale and scope of damage in this attack is unprecedented . Criminals will utilise any method available in their pursuit of monetary gain . While the gain in this attack was limited , the damage was massive , and possibly avoidable , '' Wetzel noted . Recorded Future is just one of many firms probing the malware – which was exploiting the same Microsoft Windows vulnerability as a leaked NSA exploit called EternalBlue . The bug , patched Vulnerability-related.PatchVulnerability in March 2017 , targeted the SMB ( Server Message Block ) , experts found Vulnerability-related.DiscoverVulnerability . Microsoft has been outspoken on the topic of the NSA storing vulnerabilities for its software . `` Repeatedly , exploits in the hands of governments have leaked into the public domain and caused widespread damage , '' said the firm 's president , Brad Smith , on 14 May . `` We expect to see further attacks from variants of this malware , '' warned Recorded Future , adding : `` The best advice is to update your antivirus on endpoints , to ensure that all Windows systems are fully patched Vulnerability-related.PatchVulnerability , to configure firewalls to block access to SMB and RDP ports . '' On 15 May , as the UK working week was set to begin , fears mounted that a second round of infections could take place . According to Kaspersky Lab 's Costin Raiu , the malware was still in circulation , but appeared to be less widespread than previously predicted . `` Kaspersky Lab has noted about 500 new attempted WannaCry attacks Attack.Ransom across its customer base – by comparison , on 12 May ( Friday ) there were six times as many attempts during the first hour alone . This suggests the infection may be coming under control , '' Raiu said . Security experts , including MalwareTech and Matt Suiche , worked through the weekend ( 13-14 May ) to locate so-called `` kill-switches '' that could curb the spread of the ransomware . At the same , law enforcement around the world launched investigations into the incident .

The 'WannaCrypt ' ransomware has been a worldwide dilemma , impacting many countries . Luckily , the malware only impacts older versions of Microsoft 's operating system -- Windows 10 is not vulnerable . Also immune to WannaCrypt is macOS and Linux distributions . Unfortunately , many people run older versions of Windows , but Microsoft has been very active in issuing Vulnerability-related.PatchVulnerability patches for them -- including for the now-unsupported XP . Patches aside , security software can protect vulnerable computers too . In fact , today , Symantec announces that it has successfully blocked almost 22 million WannaCrypt attacks Attack.Ransom . The company even leveraged machine learning in its fight against the ransomware . The company explains that it , `` blocked nearly 22 million WannaCry infection attempts across 300,000 endpoints , providing full protection for Symantec customers through its advanced exploit protection technology . The WannaCry ransomware attacks Attack.Ransom targeted and affected users in various countries across the globe by encrypting data files on infected computers and demanding Attack.Ransom users pay Attack.Ransom a $ 300USD ransom Attack.Ransom in bitcoin to decrypt their files . The protection of Symantec customers was enabled in part due to the integration of real-time threat intelligence shared across both Symantec Endpoint Protection and the Blue Coat ProxySG , which provided real-time threat awareness across the endpoint , network and cloud . '' Mike Fey , president and chief operating officer at Symantec explains , `` The WannaCry ransomware attack Attack.Ransom is the largest we 've ever seen of its kind and we 're pleased to share that Symantec customers benefited from multiple layers of protection even before it happened , through innovations and new capabilities in our Integrated Cyber Defense Platform . Our proactive network protection and advanced machine learning technologies provided real-time , zero-day , protection for all SEP and Norton customers when WannaCry was released last week . And , our Global Intelligence Network automatically shares WannaCry intelligence between Symantec endpoint , email and Blue Coat network products , providing full protection across all control points , including the cloud . '' While Symantec 's announcement highlights the importance of security software for both home and business users , it should n't distract from the fact that it is also imperative to apply operating system updates in a timely matter . Also important is using supported software . Yes , Microsoft patched Vulnerability-related.PatchVulnerability the unsupported Windows XP , but that OS should really not even be in use anymore .

Data: CASIE

Trigger word: patched

Event Types (Count): Vulnerability-related.PatchVulnerability (64)

Negative Trigger