in March . Ransomware is no longer just a nuisance . Now it 's quite literally a matter of life and death . A massive ransomware attackAttack.Ransombeing labeled as `` WannaCryAttack.Ransom`` has been reported around the world and is responsible for shutting down hospitals in the United Kingdom and encrypting files at Spanish telecom firm Telefonica . The WannaCry attackAttack.Ransomis not a zero-day flaw , but rather is based on an exploit that Microsoft patchedVulnerability-related.PatchVulnerabilitywith its MS17-010 advisory on March 14 in the SMB Server . However , Microsoft did not highlightVulnerability-related.DiscoverVulnerabilitythe SMB flaw until April 14 , when a hacker group known as the Shadow Brokers releasedVulnerability-related.DiscoverVulnerabilitya set of exploits , allegedly stolenAttack.Databreachfrom the U.S.National Security Agency . SMB , or Server Message Block , is a critical protocol used by Windows to enable file and folder sharing . It 's also the protocol that today 's WannaCry attackAttack.Ransomis exploiting to rapidly spread from one host to the next around the world , literally at the speed of light . The attack is what is known as a worm , `` slithering '' from one host to the next on connected networks . Among the first large organizations to be impacted by WannaCry is The National Health Service in the UK , which has publicly confirmed that it was attackedAttack.Ransomby the Wan na Decryptor. `` This attackAttack.Ransomwas not specifically targeted at the NHS and is affecting organisations from across a range of sectors , '' the NHS stated . `` At this stage we do not have any evidence that patient data has been accessedAttack.Databreach. '' Security firm Kaspersky Lab reported that by 2:30 p.m . ET May 12 it had already seen more than 45,000 WannaCry attacksAttack.Ransomin 74 countries . While the ransomware attackAttack.Ransomis making use of the SMB vulnerability to spread , the encryption of files is done by the Wanna Decryptor attackAttack.Ransomthat seeks out all files on a victim 's network . Once the ransomware has completed encrypting files , victims are presented with a screen demanding a ransomAttack.Ransom. Initially , the ransom requestedAttack.Ransomwas reported to be $ 300 worth of Bitcoin , according to Kaspersky Lab . `` Many of your documents , photos , videos , databases and other files are no longer accessible because they have been encrypted , '' the ransom note states . `` Maybe you are busy looking for a way to recover your files , but do not waste your time . Nobody can recover your files without our decryption service . '' It 's not clear who the original source of the global WannaCry attacksAttack.Ransomis at this point , or even if it 's a single threat actor or multiple actors . What is clear is that despite the fact that a software patch has been availableVulnerability-related.PatchVulnerabilitysince March for the SMB flaws , WannaCry is using tens of thousands of organizations that did n't patchVulnerability-related.PatchVulnerability.
As part of Microsoft 's monthly Patch Tuesday updates , a critical flaw in Windows has been patchedVulnerability-related.PatchVulnerabilitythat is actively being exploitedVulnerability-related.DiscoverVulnerability. A vulnerability in the VBScript engine allowed for a zero-day exploit to infect machines by opening specially crafted scripts that can corrupt memory leading to the opportunity for arbitrary code execution . In a web-based attack , specially designed web pages could exploit the same vulnerability when using Internet Explorer . Embedding AcitveX controls that were marked `` safe for initialization '' inside of a Microsoft Office document also allowed for unsafe code to be executed since the IE rendering engine is used . One of the more interesting parts of the attack is that it does not matter what a user 's default browser is . When using VBScript , it is possible to force a web page to be loaded using Internet Explorer even if Chrome , FireFox , Safari , Opera or another browser is set to default . This particular vulnerability has been foundVulnerability-related.DiscoverVulnerabilityin use and affectsVulnerability-related.DiscoverVulnerabilityWindows 7 and Windows Server 2008 and newer . Kasperksy Lab has provided a fairly detailed analysis of how the exploit functions . In short , a statement from their security researchers says it all . `` We expect this vulnerability to become one of the most exploited in the near future , as it won â t be long until exploit kit authors start abusing it in both drive-by ( via browser ) and spear-phishingAttack.Phishing( via document ) campaigns . '' In addition to the VBScript flaw discoveredVulnerability-related.DiscoverVulnerabilityand patchedVulnerability-related.PatchVulnerability, Microsoft has also patchedVulnerability-related.PatchVulnerabilitya privilege escalation vulnerability . A failure of the Win32k component allows for arbitrary code to be executed in kernel mode . This allows for a standard user account to obtain full system access , although it should be noted that a user must be logged in already to perform the exploit . In this case , both exploits have been patchedVulnerability-related.PatchVulnerabilitybut that does not mean end users and administrators are going to patchVulnerability-related.PatchVulnerabilitytheir systems in a timely manner . It is advised to manually check for updates to verify that all of the latest patches are installed . In total , 67 updates were issuedVulnerability-related.PatchVulnerabilitysolving 21 critically rated vulnerabilities .
A serious vulnerability in a widely used , and widely forked , jQuery file upload plugin may have been exploitedVulnerability-related.DiscoverVulnerabilityfor years by hackers to seize control of websites â and is only now patchedVulnerability-related.PatchVulnerability. Larry Cashdollar , a bug-hunter at Akamai , explainedVulnerability-related.DiscoverVulnerabilitylate last week how the security shortcoming , designatedVulnerability-related.DiscoverVulnerabilityCVE-2018-9206 , allows a miscreant to upload and execute arbitrary code as root on a website that uses the vulnerable code with the Apache web server . This would potentially allow an attacker to , among other things , upload and run a webshell to execute commands on the target machine to stealAttack.Databreachdata , change files , distribute malware , and so on . Cashdollar â real name , he swears â was able to trackVulnerability-related.DiscoverVulnerabilitythe flaw down to Sebastian Tschan 's open-source jQuery File Upload tool , and got the developer to fixVulnerability-related.PatchVulnerabilityit in version 9.22.1 . The flaw stems from a change to the Apache web server , from version 2.3.9 and onwards , that disabled support for .htaccess security configuration files , which left projects like jQuery File Upload open to exploitation . Additionally , Cashdollar notedVulnerability-related.DiscoverVulnerability, it is almost certain he was not the first person to come acrossVulnerability-related.DiscoverVulnerabilitythis simple vulnerability . Demonstration videos on YouTube suggest similar flaws are knownVulnerability-related.DiscoverVulnerabilityto miscreants , and have been targeted in some circles for years . `` The internet relies on many security controls every day in order to keep our systems , data , and transactions safe and secure , '' Cashdollar said . `` If one of these controls suddenly does n't exist it may put security at risk unknowingly to the users and software developers relying on them . '' So , it 's believed hackers have been quietly exploiting the bug for several years as the flaw itself is fairly trivial and also eight years old . Now that details of the vulnerability are publicVulnerability-related.DiscoverVulnerability, exploit code has been produced , for example , here , and may be handy if you wish to test whether or not your website is vulnerableVulnerability-related.DiscoverVulnerabilityto CVE-2018-9206 . In any case , loads of people now know about it , so that means more miscreants menacing and hijacking vulnerable websites .
Adobe has patchedVulnerability-related.PatchVulnerabilitya number of security vulnerabilities on the last scheduled monthly update of this year . All these patches specifically addressedVulnerability-related.PatchVulnerabilitybugs in Adobe Reader and Acrobat . Allegedly , Adobe December Patch Tuesday Update fixedVulnerability-related.PatchVulnerabilityas much as 86 different vulnerabilities , including 38 critical security flaws . This week , Adobe rolled outVulnerability-related.PatchVulnerabilitythe last scheduled monthly updates for its products . While the previous month â s update included bug fixes in Flash Player , the Adobe December Patch Tuesday update bundle remained focused on Adobe Reader and Acrobat . As much as 38 different critical security bugs receivedVulnerability-related.PatchVulnerabilitypatches with this update . The vulnerabilities include 2 buffer errors , 2 Untrusted pointer dereference vulnerabilities , 5 out-of-bounds write vulnerabilities , 3 heap overflow bugs , and 23 use after free vulnerabilities . All these vulnerabilities could allegedly lead to arbitrary code execution by a potential attacker . In addition , 3 security bypass vulnerabilities also receivedVulnerability-related.PatchVulnerabilityfixes with this update . These flaws could allow privilege escalation on the targeted systems . In addition to the above , Adobe also releasedVulnerability-related.PatchVulnerabilityfixes for 48 important security vulnerabilities . These include , 43 out-of-bounds read vulnerabilities , 4 integer overflow bugs , and a single security bypass bug . All these could allegedly result in information disclosure . As stated in Adobe â s advisory , the affected software include the following for Windows , Acrobat DC and Acrobat Reader DC ( continuous track ) versions 2019.008.20081 and earlier , Adobe Acrobat 2017 and Acrobat Reader 2017 ( Classic 2017 track ) versions 2017.011.30106 and earlier , Acrobat DC and Acrobat Reader DC ( Classic 2015 track ) versions 2015.006.30457 and earlier . Whereas , in the case of MacOS , the affected programs include , Acrobat DC and Acrobat Reader DC ( continuous track ) versions including and prior to 2019.008.20080 , Adobe Acrobat 2017 and Acrobat Reader 2017 ( track Classic 2017 ) versions 2017.011.30105 and above , Acrobat DC and Acrobat Reader DC ( track Classic 2015 ) versions 2015.006.30456 and above . Adobe has patchedVulnerability-related.PatchVulnerabilityall 86 vulnerabilities in the recently released versions of the respective software . The patched versions include Acrobat DC and Acrobat Reader DC versions 2019.010.20064 ( continuous track ) , Acrobat 2017 and Acrobat Reader DC 2017 ( Classic 2017 ) version 2017.011.30110 , and Acrobat DC and Acrobat Reader DC ( track Classic 2015 ) version 2015.006.30461 . Users of both Windows and MacOS should , therefore , ensure updatingVulnerability-related.PatchVulnerabilitytheir systems and download the latest versions of the affected software to stay protected from these vulnerabilities . This month â s scheduled update bundle did not addressVulnerability-related.PatchVulnerabilityany security flaws in Flash Player . Nonetheless , lately , Adobe already patchedVulnerability-related.PatchVulnerabilitya critical Flash vulnerability already disclosedVulnerability-related.DiscoverVulnerabilityto the public .
It â s a new month which means another security patch from Google has been releasedVulnerability-related.PatchVulnerabilityand it â s currently rolling outVulnerability-related.PatchVulnerabilityto Pixel and select Nexus devices . The September 5 , 2018 patch includes fixes for almost 60 vulnerabilities that were foundVulnerability-related.DiscoverVulnerabilityin the AOSP repository . The update also includes in-car Bluetooth performance improvements for Pixel devices . Google resolvedVulnerability-related.PatchVulnerability24 problems on September 1 , 2018 , and patchedVulnerability-related.PatchVulnerabilityan additional 35 on September 5 , 2018 . Before the patch , a remote attacker could execute arbitrary code using a â specially crafted file âĤ within the context of a privileged process. â Fortunately , just like with most issues that â re fixedVulnerability-related.PatchVulnerabilitythrough security patches , Google states that it has not received a single report of an attacker using this vulnerability to harm a customer . In addition to the security fixes , Google has listed some of the improvements this update brings to its handsets : Improve battery charge in Retail Mode ( Pixel 2 , Pixel 2 XL ) Improve SW Version reporting ( Pixel , Pixel XL , Pixel 2 , Pixel 2 XL ) Improve audio quality over car speakers ( Pixel , Pixel XL , Pixel 2 , Pixel 2 XL ) If you don â t want to wait for the September security patch to make its way to your phone , you can download the latest factory image or OTA file from the links below . From there , you can either flash a fresh build to your phone or sideload the OTA update . And in usual Essential fashion , the company has begun rolling outVulnerability-related.PatchVulnerabilitythe September security patch to the Essential Phone within hours of it becoming available for Google â s hardware . On top of the fixed vulnerabilities , Essential states that the update includes various audio and accessibility fixes .
Yesterday , Oracle releasedVulnerability-related.PatchVulnerabilityits quarterly critical patch update ( CPU ) for Q3 2018 , the October edition , during which the company fixedVulnerability-related.PatchVulnerability301 vulnerabilities . Of the 301 flaws , 45 had a severity rating of 9.8 ( on a scale of 10 ) and one even received the maximum 10 rating . Vulnerabilities that receive this severity ratings this high can be exploitedVulnerability-related.DiscoverVulnerabilityremotely , with no authentication , and the exploit chain is accessible even to low-skilled attackers , even to those with no in-depth technical knowledge . Oracle 's security team will publish more information about each vulnerability in the coming days . This will give companies more time to updateVulnerability-related.PatchVulnerabilityaffected applications before details about each flaw are generally availableVulnerability-related.PatchVulnerabilityto everyone , including the bad guys . For now , little information is known , but the vulnerability that received the 10.0 rating impactsVulnerability-related.DiscoverVulnerabilityOracle GoldenGate , a data replication framework that can work with large quantities of information in real-time . This issue doesn't impactVulnerability-related.DiscoverVulnerabilitystandalone GoldenGate installations , but also the numerous other Oracle product setups where GoldenGate can be deployed as an add-in option , such as the Oracle Database Server , DB2 , MySQL , Sybase , Terradata , and others . As for vulnerabilities rated 9.8 on the severity scale , these were reported affectingVulnerability-related.DiscoverVulnerabilityproducts such as the Oracle Database Server , Oracle Communications , the Oracle Construction and Engineering Suite , the Oracle Enterprise Manager Products Suite , Oracle Fusion Middleware , Oracle Insurance Applications , Oracle JD Edwards , MySQL , Oracle Retail , the Oracle Siebel CRM , and the Oracle Sun Systems Products Suite . Despite the staggering number of patched flaws -- 301 -- , this is n't Oracle 's biggest recorded CPU . That title goes to July 2018 's CPU , which addressedVulnerability-related.PatchVulnerability334 vulnerabilities , 55 of which had a 9.8 severity rating . This was also Oracle 's last CPU for 2018 . According to the folks at ERPScan , in 2018 , Oracle patchedVulnerability-related.PatchVulnerability1119 vulnerabilities , the same number of flaws it patchedVulnerability-related.PatchVulnerabilitylast year in 2017 .
Yesterday , Oracle releasedVulnerability-related.PatchVulnerabilityits quarterly critical patch update ( CPU ) for Q3 2018 , the October edition , during which the company fixedVulnerability-related.PatchVulnerability301 vulnerabilities . Of the 301 flaws , 45 had a severity rating of 9.8 ( on a scale of 10 ) and one even received the maximum 10 rating . Vulnerabilities that receive this severity ratings this high can be exploitedVulnerability-related.DiscoverVulnerabilityremotely , with no authentication , and the exploit chain is accessible even to low-skilled attackers , even to those with no in-depth technical knowledge . Oracle 's security team will publish more information about each vulnerability in the coming days . This will give companies more time to updateVulnerability-related.PatchVulnerabilityaffected applications before details about each flaw are generally availableVulnerability-related.PatchVulnerabilityto everyone , including the bad guys . For now , little information is known , but the vulnerability that received the 10.0 rating impactsVulnerability-related.DiscoverVulnerabilityOracle GoldenGate , a data replication framework that can work with large quantities of information in real-time . This issue doesn't impactVulnerability-related.DiscoverVulnerabilitystandalone GoldenGate installations , but also the numerous other Oracle product setups where GoldenGate can be deployed as an add-in option , such as the Oracle Database Server , DB2 , MySQL , Sybase , Terradata , and others . As for vulnerabilities rated 9.8 on the severity scale , these were reported affectingVulnerability-related.DiscoverVulnerabilityproducts such as the Oracle Database Server , Oracle Communications , the Oracle Construction and Engineering Suite , the Oracle Enterprise Manager Products Suite , Oracle Fusion Middleware , Oracle Insurance Applications , Oracle JD Edwards , MySQL , Oracle Retail , the Oracle Siebel CRM , and the Oracle Sun Systems Products Suite . Despite the staggering number of patched flaws -- 301 -- , this is n't Oracle 's biggest recorded CPU . That title goes to July 2018 's CPU , which addressedVulnerability-related.PatchVulnerability334 vulnerabilities , 55 of which had a 9.8 severity rating . This was also Oracle 's last CPU for 2018 . According to the folks at ERPScan , in 2018 , Oracle patchedVulnerability-related.PatchVulnerability1119 vulnerabilities , the same number of flaws it patchedVulnerability-related.PatchVulnerabilitylast year in 2017 .
Oracle releasedVulnerability-related.PatchVulnerabilityits latest Critical Patch Update on July 18 , fixingVulnerability-related.PatchVulnerability334 vulnerabilities across the company 's product portfolio . The company rated 61 of the vulnerabilities as having critical impact . Among the products patchedVulnerability-related.PatchVulnerabilityby Oracle are Oracle Database Server , Oracle Global Lifecycle Management , Oracle Fusion Middleware , Oracle E-Business Suite , Oracle PeopleSoft , Oracle Siebel CRM , Oracle Industry Applications , Oracle Java SE , Oracle Virtualization , Oracle MySQL and Oracle Sun Systems Products Suite . While there are issues of varying severity in the update , Oracle is blaming third-party components as being the cause of the majority of the critical issues . `` It is fair to note that bugs in third-party components make up a disproportionate amount of severe vulnerabilities in this Critical Patch Update , '' Eric Maurice , director of security assurance at Oracle , wrote in a blog post . `` 90 percent of the critical vulnerabilities addressedVulnerability-related.PatchVulnerabilityin this Critical Patch Update are for non-Oracle CVEs . '' Of the 334 issues fixedVulnerability-related.PatchVulnerabilityin the July Critical Patch Update , 37 percent were for third-party components included in Oracle product distributions . While many flaws were from third-party libraries , there were also flaws in Oracle 's own development efforts . Oracle 's namesake database was patchedVulnerability-related.PatchVulnerabilityfor three issues , one of which is remotely exploitable without user authentication . Oracle 's Financial Services application receivedVulnerability-related.PatchVulnerabilitythe highest total number of patches at 56 , with 21 identified as being remotely exploitable without user authentication . Oracle 's Fusion Middleware , on the other hand , gotVulnerability-related.PatchVulnerability44 new security fixes , with 38 of them rated as being critical . Oracle Enterprise Manager Products were patchedVulnerability-related.PatchVulnerabilityfor 16 issues , all of which are remotely exploitable without authentication . Looking at flaws in Java , Oracle 's July CPU providesVulnerability-related.PatchVulnerabilityeight security fixes , though organizations likely need to be cautious when applyingVulnerability-related.PatchVulnerabilitythe patches , as certain functionality has been removed . `` Several actions taken to fixVulnerability-related.PatchVulnerabilityJava SE vulnerabilities in the July CPU are likely to break the functionality of certain applications , '' security firm Waratek warned in an advisory . `` Application owners who applyVulnerability-related.PatchVulnerabilitybinary patches should be extremely cautious and thoroughly test their applications before puttingVulnerability-related.PatchVulnerabilitypatches into production . '' The reason why the Oracle fixes could break application functionality is because Oracle has decided to remove multiple vulnerable components from its Java Development Kit ( JDK ) . At 334 fixed flaws , the July update is larger than last Critical Patch Update releasedVulnerability-related.PatchVulnerabilityon Jan 15 , which providedVulnerability-related.PatchVulnerabilitypatches for 237 flaws . While the number of patches issues has grown , Matias Mevied , Oracle security researcher at Onapsis , commented that Oracle is working in the right way , fixingVulnerability-related.PatchVulnerabilitythe reported vulnerabilities and is getting faster every year . `` Unfortunately , based in our experience , the missing part is that the companies still do n't implement the patches as soon as they should be , '' Mevied told eWEEK .
CIsco has issuedVulnerability-related.PatchVulnerabilitya critical patch of a patch for a Cisco Prime License Manager SQL fix . Cisco this week said it patchedVulnerability-related.PatchVulnerabilitya â critical â patch for its Prime License Manager ( PLM ) software that would let attackers execute random SQL queries . The Cisco Prime License Manager offers enterprise-wide management of user-based licensing , including license fulfillment . ReleasedVulnerability-related.PatchVulnerabilityin November , the first version of the Prime License Manager patch caused its own â functional â problems that Cisco was then forced to fixVulnerability-related.PatchVulnerability. That patch , called ciscocm.CSCvk30822_v1.0.k3.cop.sgn addressedVulnerability-related.PatchVulnerabilitythe SQL vulnerability but caused backup , upgrade and restore problems , and should no longer be used Cisco said . Cisco wrote that â customers who have previously installedVulnerability-related.PatchVulnerabilitythe ciscocm.CSCvk30822_v1.0.k3.cop.sgn patch should upgradeVulnerability-related.PatchVulnerabilityto the ciscocm.CSCvk30822_v2.0.k3.cop.sgn patch to remediate the functional issues . InstallingVulnerability-related.PatchVulnerabilitythe v2.0 patch will first rollback the v1.0 patch and then installVulnerability-related.PatchVulnerabilitythe v2.0 patch. â As for the vulnerability that started this process , Cisco says it â is due to a lack of proper validation of user-supplied input in SQL queries . An attacker could exploit this vulnerability by sending crafted HTTP POST requests that contain malicious SQL statements to an affected application . A successful exploit could allow the attacker to modify and delete arbitrary data in the PLM database or gain shell access with the privileges of the postgres [ SQL ] user. â The vulnerability impactsVulnerability-related.DiscoverVulnerabilityCisco Prime License Manager Releases 11.0.1 and later .
A Google Project Zero researcher has published a macOS exploit to demonstrate that Apple is exposing its users to security risks by patchingVulnerability-related.PatchVulnerabilityserious flaws in iOS but not revealing the fact until it fixesVulnerability-related.PatchVulnerabilitythe same bugs in macOS a week later . This happened during Apple 's updateVulnerability-related.PatchVulnerabilityfor critical flaws in iOS 12 , tvOS 12 and Safari 12 on September 17 . A Wayback Machine snapshot of the original advisory does n't mentionVulnerability-related.DiscoverVulnerabilityany of the bugs that Project Zero researcher Ivan Fratric had reportedVulnerability-related.DiscoverVulnerabilityto Apple , and which were actually fixedVulnerability-related.PatchVulnerability. Then , a week later , after Apple patchedVulnerability-related.PatchVulnerabilitythe same bugs in macOS , the company updatedVulnerability-related.PatchVulnerabilityits original advisory with details about the nine flaws that Fratric had reportedVulnerability-related.DiscoverVulnerability, six of which affectedVulnerability-related.DiscoverVulnerabilitySafari . The update fixedVulnerability-related.PatchVulnerabilitya Safari bug that allowed arbitrary code execution on macOS if a vulnerable version of Safari browsed to a website hosting an exploit for the bugs . While Fratric concedes that Apple is probably concealingVulnerability-related.PatchVulnerabilitythe fix in iOS to buy time to patchVulnerability-related.PatchVulnerabilitymacOS , he argues the end result is that people may ignore an important security update because they were n't properly informed by Apple in the security advisory . `` This practice is misleading because customers interested in the Apple security advisories would most likely read them only once , when they are first released and the impression they would get is that the product updates fix far fewer vulnerabilities and less severe vulnerabilities than is actually the case . '' Even worse , a skilled attacker could use the update for iOS to reverse-engineer a patch , develop an exploit for macOS , and then deploy it against a macOS user-base that does n't have a patch . Users also do n't know that Apple has released information that could make their systems vulnerable to attack . Fratric developed an exploit for one of the Safari bugs he reported and publishedVulnerability-related.DiscoverVulnerabilitythe attack on Thursday . The bugs were all foundVulnerability-related.DiscoverVulnerabilityusing a publicly available fuzzing tool he developed , called Domato , meaning anyone else , including highly advanced attackers , could use it too . `` If a public tool was able to find that many bugs , it is expected that private ones might be even more successful , '' he noted . He was n't aiming to write a reliable or sophisticated exploit , but the bug is useful enough for a skilled exploit writer to develop an attack to spread malware and `` potentially do a lot of damage even with an unreliable exploit '' . Fratric said he successfully tested the exploit on Mac OS 10.13.6 High Sierra , build version 17G65 . `` If you are still using this version , you might want to update , '' noted Fratric . On the upside , it appears Apple and its Safari WebKit team have improved the security of the browser compared with the results of Fratric 's Domato fuzzing efforts last year , which turned up way more bugs in Safari than in Chrome , Internet Explorer , and Edge . Last year he foundVulnerability-related.DiscoverVulnerability17 Safari flaws using the fuzzing tool . His final word of warning is not to discount any of the bugs he found just because no one 's seen them being attacked in the wild . `` While it is easy to brush away such bugs as something we have n't seen actual attackers use , that does n't mean it 's not happening or that it could n't happen , '' the researcher noted .
Overall , the chip giant patchedVulnerability-related.PatchVulnerabilityfive vulnerabilities across an array of its products . Intel on Tuesday patchedVulnerability-related.PatchVulnerabilitythree high-severity vulnerabilities that could allow the escalation of privileges across an array of products . Overall , the chip giant fixedVulnerability-related.PatchVulnerabilityfive bugs â three rated high-severity , and two medium-severity . The most concerning of these bugs is an escalation-of-privilege glitch in Intel â s PROset/Wireless Wi-Fi software , which is its wireless connection management tool . The vulnerability , CVE-2018-12177 , has a â high â CVSS score of 7.8 , according to Intel â s update . â Intel is releasingVulnerability-related.PatchVulnerabilitysoftware updates to mitigateVulnerability-related.PatchVulnerabilitythis potential vulnerability , â it said , urging users to updateVulnerability-related.PatchVulnerabilityto version 20.90.0.7 or later of the software . The vulnerability , reportedVulnerability-related.DiscoverVulnerabilityby Thomas Hibbert of Insomnia Security , stems from improper directory permissions plaguing the software â s ZeroConfig service in versions before 20.90.0.7 . The issue could allow an authorized user to potentially enable escalation of privilege via local access . The other high-severity bug exists inVulnerability-related.DiscoverVulnerabilitythe company â s System Support Utility for Windows , which offers support for Intel-packed Windows device users . This bug ( CVE-2019-0088 ) is due to insufficient path checking in the support utility , allowing an already-authenticated user to potentially gain escalation of privilege via local access . The vulnerability has a CVSS score of 7.5 . Versions of System Support Utility for Windows before 2.5.0.15 are impactedVulnerability-related.DiscoverVulnerability; Intel recommendsVulnerability-related.PatchVulnerabilityusers updateVulnerability-related.PatchVulnerabilityto versions 2.5.0.15 or later . Independent security researcher Alec Blance was credited with discoveringVulnerability-related.DiscoverVulnerabilitythe flaw . The chip-maker also patchedVulnerability-related.PatchVulnerabilitya high-severity and medium-severity flaw in its Software Guard Extensions ( SGX ) platform and software , which help application developers to protect select code and data from disclosure or modification . â Multiple potential security vulnerabilities in Intel SGX SDK and Intel SGX Platform Software may allow escalation of privilege or information disclosure , â saidVulnerability-related.DiscoverVulnerabilityIntel . The high-severity flaw in SGX ( CVE-2018-18098 ) has a CVSS score of 7.5 and could allow an attacker with local access to gain escalated privileges . The vulnerability is rooted inVulnerability-related.DiscoverVulnerabilityimproper file verification in the install routine for Intel â s SGX SDK and Platform Software for Windows before 2.2.100 . It was discoveredVulnerability-related.DiscoverVulnerabilityby researcher Saif Allah ben Massaoud . Another vulnerability in the platform ( CVE-2018-12155 ) is only medium in severity , but could allow an unprivileged user to cause information disclosure via local access . That â s due to data leakageAttack.Databreachin the cryptographic libraries of the SGX platform â s Integrated Performance Primitives , a function that provides developers with building blocks for image and data processing . And finally , a medium escalation of privilege vulnerability in Intel â s SSD data-center tool for Windows has been patchedVulnerability-related.PatchVulnerability. â Improper directory permissions in the installer for the Intel SSD Data Center Tool for Windows before v3.0.17 may allow authenticated users to potentially enable an escalation of privilege via local access , â saidVulnerability-related.DiscoverVulnerabilityIntel â s update . The company recommends users update to v3.0.17 or later . Intel â s patch comesVulnerability-related.PatchVulnerabilityduring a busy patch Tuesday week , which includes fixes from Adobe and Microsoft .
Overall , the chip giant patchedVulnerability-related.PatchVulnerabilityfive vulnerabilities across an array of its products . Intel on Tuesday patchedVulnerability-related.PatchVulnerabilitythree high-severity vulnerabilities that could allow the escalation of privileges across an array of products . Overall , the chip giant fixedVulnerability-related.PatchVulnerabilityfive bugs â three rated high-severity , and two medium-severity . The most concerning of these bugs is an escalation-of-privilege glitch in Intel â s PROset/Wireless Wi-Fi software , which is its wireless connection management tool . The vulnerability , CVE-2018-12177 , has a â high â CVSS score of 7.8 , according to Intel â s update . â Intel is releasingVulnerability-related.PatchVulnerabilitysoftware updates to mitigateVulnerability-related.PatchVulnerabilitythis potential vulnerability , â it said , urging users to updateVulnerability-related.PatchVulnerabilityto version 20.90.0.7 or later of the software . The vulnerability , reportedVulnerability-related.DiscoverVulnerabilityby Thomas Hibbert of Insomnia Security , stems from improper directory permissions plaguing the software â s ZeroConfig service in versions before 20.90.0.7 . The issue could allow an authorized user to potentially enable escalation of privilege via local access . The other high-severity bug exists inVulnerability-related.DiscoverVulnerabilitythe company â s System Support Utility for Windows , which offers support for Intel-packed Windows device users . This bug ( CVE-2019-0088 ) is due to insufficient path checking in the support utility , allowing an already-authenticated user to potentially gain escalation of privilege via local access . The vulnerability has a CVSS score of 7.5 . Versions of System Support Utility for Windows before 2.5.0.15 are impactedVulnerability-related.DiscoverVulnerability; Intel recommendsVulnerability-related.PatchVulnerabilityusers updateVulnerability-related.PatchVulnerabilityto versions 2.5.0.15 or later . Independent security researcher Alec Blance was credited with discoveringVulnerability-related.DiscoverVulnerabilitythe flaw . The chip-maker also patchedVulnerability-related.PatchVulnerabilitya high-severity and medium-severity flaw in its Software Guard Extensions ( SGX ) platform and software , which help application developers to protect select code and data from disclosure or modification . â Multiple potential security vulnerabilities in Intel SGX SDK and Intel SGX Platform Software may allow escalation of privilege or information disclosure , â saidVulnerability-related.DiscoverVulnerabilityIntel . The high-severity flaw in SGX ( CVE-2018-18098 ) has a CVSS score of 7.5 and could allow an attacker with local access to gain escalated privileges . The vulnerability is rooted inVulnerability-related.DiscoverVulnerabilityimproper file verification in the install routine for Intel â s SGX SDK and Platform Software for Windows before 2.2.100 . It was discoveredVulnerability-related.DiscoverVulnerabilityby researcher Saif Allah ben Massaoud . Another vulnerability in the platform ( CVE-2018-12155 ) is only medium in severity , but could allow an unprivileged user to cause information disclosure via local access . That â s due to data leakageAttack.Databreachin the cryptographic libraries of the SGX platform â s Integrated Performance Primitives , a function that provides developers with building blocks for image and data processing . And finally , a medium escalation of privilege vulnerability in Intel â s SSD data-center tool for Windows has been patchedVulnerability-related.PatchVulnerability. â Improper directory permissions in the installer for the Intel SSD Data Center Tool for Windows before v3.0.17 may allow authenticated users to potentially enable an escalation of privilege via local access , â saidVulnerability-related.DiscoverVulnerabilityIntel â s update . The company recommends users update to v3.0.17 or later . Intel â s patch comesVulnerability-related.PatchVulnerabilityduring a busy patch Tuesday week , which includes fixes from Adobe and Microsoft .
Overall , the chip giant patchedVulnerability-related.PatchVulnerabilityfive vulnerabilities across an array of its products . Intel on Tuesday patchedVulnerability-related.PatchVulnerabilitythree high-severity vulnerabilities that could allow the escalation of privileges across an array of products . Overall , the chip giant fixedVulnerability-related.PatchVulnerabilityfive bugs â three rated high-severity , and two medium-severity . The most concerning of these bugs is an escalation-of-privilege glitch in Intel â s PROset/Wireless Wi-Fi software , which is its wireless connection management tool . The vulnerability , CVE-2018-12177 , has a â high â CVSS score of 7.8 , according to Intel â s update . â Intel is releasingVulnerability-related.PatchVulnerabilitysoftware updates to mitigateVulnerability-related.PatchVulnerabilitythis potential vulnerability , â it said , urging users to updateVulnerability-related.PatchVulnerabilityto version 20.90.0.7 or later of the software . The vulnerability , reportedVulnerability-related.DiscoverVulnerabilityby Thomas Hibbert of Insomnia Security , stems from improper directory permissions plaguing the software â s ZeroConfig service in versions before 20.90.0.7 . The issue could allow an authorized user to potentially enable escalation of privilege via local access . The other high-severity bug exists inVulnerability-related.DiscoverVulnerabilitythe company â s System Support Utility for Windows , which offers support for Intel-packed Windows device users . This bug ( CVE-2019-0088 ) is due to insufficient path checking in the support utility , allowing an already-authenticated user to potentially gain escalation of privilege via local access . The vulnerability has a CVSS score of 7.5 . Versions of System Support Utility for Windows before 2.5.0.15 are impactedVulnerability-related.DiscoverVulnerability; Intel recommendsVulnerability-related.PatchVulnerabilityusers updateVulnerability-related.PatchVulnerabilityto versions 2.5.0.15 or later . Independent security researcher Alec Blance was credited with discoveringVulnerability-related.DiscoverVulnerabilitythe flaw . The chip-maker also patchedVulnerability-related.PatchVulnerabilitya high-severity and medium-severity flaw in its Software Guard Extensions ( SGX ) platform and software , which help application developers to protect select code and data from disclosure or modification . â Multiple potential security vulnerabilities in Intel SGX SDK and Intel SGX Platform Software may allow escalation of privilege or information disclosure , â saidVulnerability-related.DiscoverVulnerabilityIntel . The high-severity flaw in SGX ( CVE-2018-18098 ) has a CVSS score of 7.5 and could allow an attacker with local access to gain escalated privileges . The vulnerability is rooted inVulnerability-related.DiscoverVulnerabilityimproper file verification in the install routine for Intel â s SGX SDK and Platform Software for Windows before 2.2.100 . It was discoveredVulnerability-related.DiscoverVulnerabilityby researcher Saif Allah ben Massaoud . Another vulnerability in the platform ( CVE-2018-12155 ) is only medium in severity , but could allow an unprivileged user to cause information disclosure via local access . That â s due to data leakageAttack.Databreachin the cryptographic libraries of the SGX platform â s Integrated Performance Primitives , a function that provides developers with building blocks for image and data processing . And finally , a medium escalation of privilege vulnerability in Intel â s SSD data-center tool for Windows has been patchedVulnerability-related.PatchVulnerability. â Improper directory permissions in the installer for the Intel SSD Data Center Tool for Windows before v3.0.17 may allow authenticated users to potentially enable an escalation of privilege via local access , â saidVulnerability-related.DiscoverVulnerabilityIntel â s update . The company recommends users update to v3.0.17 or later . Intel â s patch comesVulnerability-related.PatchVulnerabilityduring a busy patch Tuesday week , which includes fixes from Adobe and Microsoft .
Yesterday , on Microsoft â s Patch Tuesday the company releasedVulnerability-related.PatchVulnerabilityits monthly security patches that fixedVulnerability-related.PatchVulnerability62 security flaws . These fixes also included a fix for a zero-day vulnerability that was under active exploitation before these patches were made availableVulnerability-related.PatchVulnerability. Microsoft also announced the re-release of its Windows 10 version 1809 and Windows Server 2019 . Microsoft credited Kaspersky Lab researchers for discoveringVulnerability-related.DiscoverVulnerabilitythis zero-day , which is also known asVulnerability-related.DiscoverVulnerabilityCVE-2018-8589 and impactsVulnerability-related.DiscoverVulnerabilitythe Windows Win32k component . A Kaspersky spokesperson told ZDNet , â they discoveredVulnerability-related.DiscoverVulnerabilitythe zero-day being exploitedVulnerability-related.DiscoverVulnerabilityby multiple cyber-espionage groups ( APTs ) . â The zero-day had been used to elevate privileges on 32-bit Windows 7 versions . This is the second Windows elevation of privilege zero-day patchedVulnerability-related.PatchVulnerabilityby Microsoft discoveredVulnerability-related.DiscoverVulnerabilityby Kaspersky researchers . Last month , Microsoft patchedVulnerability-related.PatchVulnerabilityCVE-2018-8453 , another zero-day that had been used by a state-backed cyber-espionage group known as FruityArmor . However , in this month â s Patch Tuesday , Microsoft has not patchedVulnerability-related.PatchVulnerabilitya zero-day that is affectingVulnerability-related.DiscoverVulnerabilitythe Windows Data Sharing Service ( dssvc.dll ) . This zero-day was disclosedVulnerability-related.DiscoverVulnerabilityon Twitter at the end of October . According to ZDNet , â Microsoft has published this month a security advisory to instruct users on how to properly configure BitLocker when used together with solid-state drives ( SSDs ) . â As reported by Microsoft , the Windows 10 October 2018 update caused user â s data loss post updating . Due to this , the company decided to pause the update . However , yesterday , Microsoft announced that it is re-releasing Windows 10 version 1809 . John Cable , the director of Program Management for Windows Servicing and Delivery at Microsoft said , â the data-destroying bug that triggered that unprecedented decision , as well as other quality issues that emerged during the unscheduled hiatus , have been thoroughly investigated and resolved. â Microsoft also announced the re-release of Windows Server 2019 , which was affectedVulnerability-related.DiscoverVulnerabilityby the same issue . According to ZDNet , â The first step in the re-release is to restore the installation files to its Windows 10 Download page so that â seekers â ( the Microsoft term for advanced users who go out of their way to install a new Windows version ) can use the ISO files to upgrade PCs running older Windows 10 versions. â Michael Fortin , Windows Corporate Vice President , in a blog post , offered some context behind the recent issues and announced changes to the way the company approaches communications and also the transparency around their process . Per Fortin , â We obsess over these metrics as we strive to improve product quality , comparing current quality levels across a variety of metrics to historical trends and digging into any anomaly. â To know more about this in detail , visit Microsoft â s official blog post .
Yesterday , on Microsoft â s Patch Tuesday the company releasedVulnerability-related.PatchVulnerabilityits monthly security patches that fixedVulnerability-related.PatchVulnerability62 security flaws . These fixes also included a fix for a zero-day vulnerability that was under active exploitation before these patches were made availableVulnerability-related.PatchVulnerability. Microsoft also announced the re-release of its Windows 10 version 1809 and Windows Server 2019 . Microsoft credited Kaspersky Lab researchers for discoveringVulnerability-related.DiscoverVulnerabilitythis zero-day , which is also known asVulnerability-related.DiscoverVulnerabilityCVE-2018-8589 and impactsVulnerability-related.DiscoverVulnerabilitythe Windows Win32k component . A Kaspersky spokesperson told ZDNet , â they discoveredVulnerability-related.DiscoverVulnerabilitythe zero-day being exploitedVulnerability-related.DiscoverVulnerabilityby multiple cyber-espionage groups ( APTs ) . â The zero-day had been used to elevate privileges on 32-bit Windows 7 versions . This is the second Windows elevation of privilege zero-day patchedVulnerability-related.PatchVulnerabilityby Microsoft discoveredVulnerability-related.DiscoverVulnerabilityby Kaspersky researchers . Last month , Microsoft patchedVulnerability-related.PatchVulnerabilityCVE-2018-8453 , another zero-day that had been used by a state-backed cyber-espionage group known as FruityArmor . However , in this month â s Patch Tuesday , Microsoft has not patchedVulnerability-related.PatchVulnerabilitya zero-day that is affectingVulnerability-related.DiscoverVulnerabilitythe Windows Data Sharing Service ( dssvc.dll ) . This zero-day was disclosedVulnerability-related.DiscoverVulnerabilityon Twitter at the end of October . According to ZDNet , â Microsoft has published this month a security advisory to instruct users on how to properly configure BitLocker when used together with solid-state drives ( SSDs ) . â As reported by Microsoft , the Windows 10 October 2018 update caused user â s data loss post updating . Due to this , the company decided to pause the update . However , yesterday , Microsoft announced that it is re-releasing Windows 10 version 1809 . John Cable , the director of Program Management for Windows Servicing and Delivery at Microsoft said , â the data-destroying bug that triggered that unprecedented decision , as well as other quality issues that emerged during the unscheduled hiatus , have been thoroughly investigated and resolved. â Microsoft also announced the re-release of Windows Server 2019 , which was affectedVulnerability-related.DiscoverVulnerabilityby the same issue . According to ZDNet , â The first step in the re-release is to restore the installation files to its Windows 10 Download page so that â seekers â ( the Microsoft term for advanced users who go out of their way to install a new Windows version ) can use the ISO files to upgrade PCs running older Windows 10 versions. â Michael Fortin , Windows Corporate Vice President , in a blog post , offered some context behind the recent issues and announced changes to the way the company approaches communications and also the transparency around their process . Per Fortin , â We obsess over these metrics as we strive to improve product quality , comparing current quality levels across a variety of metrics to historical trends and digging into any anomaly. â To know more about this in detail , visit Microsoft â s official blog post .
Microsoft rolled outVulnerability-related.PatchVulnerability60 patches for its Patch Tuesday release , impacting 19 critical flaws and 39 important flaws . Microsoft has rolled outVulnerability-related.PatchVulnerabilityits August Patch Tuesday fixes , addressingVulnerability-related.PatchVulnerability19 critical vulnerabilities , including fixes for two zero-day vulnerabilities that are under active attack . Overall , the company patchedVulnerability-related.PatchVulnerabilitya total of 60 flaws , spanning Microsoft Windows , Edge , Internet Explorer ( IE ) , Office , .NET Framework , ChakraCore , Exchange Server , Microsoft SQL Server and Visual Studio . Of those , 19 were critical , 39 were rated important , one was moderate and one was rated low in severity . The patch release includes two exploited flaws , CVE-2018-8373 and CVE-2018-8414 , which were previously disclosedVulnerability-related.DiscoverVulnerabilityby researchers . The first zero-day , CVE-2018-8373 , could result in remote code-execution ( RCE ) and grants the same privileges as a logged-in user , including administrative rights . The vulnerability exists inVulnerability-related.DiscoverVulnerabilityIE 9 , 10 and 11 , impactingVulnerability-related.DiscoverVulnerabilityall Windows operating systems from Server 2008 to Windows 10 . Meanwhile , CVE-2018-8414 also enables RCE with the privileges of the logged-in user , and exists onVulnerability-related.DiscoverVulnerabilityWindows 10 versions 1703 and newer , as well as Server 1709 and Server 1803 . â The two zero-day vulnerabilities are âĤ publicly disclosedVulnerability-related.DiscoverVulnerabilityand exploitedVulnerability-related.DiscoverVulnerability, â said Chris Goettl , director of product management , security , for Ivanti , in an email . â CVE-2018-8373 is a vulnerability that exists inVulnerability-related.DiscoverVulnerabilitythe way that the scripting engine handles objects in memory in Internet Explorer . CVE-2018-8414 code-execution vulnerability existsVulnerability-related.DiscoverVulnerabilitywhen the Windows Shell does not properly validate file paths. â Microsoft also issuedVulnerability-related.PatchVulnerabilityfixes for security issues that don â t impact Windows , but the company thought they were important enough to package into its OS updates , dubbed advisories . Microsoft â s Patch Tuesday comes after the company found itself in hot water last month after its new update model caused stability issues for Windows operating systems and applications , particularly in July . The model irked customers so much that enterprise patching veteran Susan Bradley wrote an open letter to Microsoft executives expressing the â dissatisfaction your customers have with the updates releasedVulnerability-related.PatchVulnerabilityfor Windows desktops and servers in recent months . â
Sensitive information related to the United States Air Force has been found exposed publiclyAttack.Databreachon the internet , allowing anyone with a web connection to peruse them without authorisation and no need for a password . The discoveryVulnerability-related.DiscoverVulnerabilitywas made by security researchers at MacKeeper who said that they had foundVulnerability-related.DiscoverVulnerabilitygigabytes of files on an internet-connected backup drive that was not password-protected : The most shocking document was a spreadsheet of open investigations that included the name , rank , location , and a detailed description of the accusations . The investigations range from discrimination and sexual harassment to more serious claims . One example is an investigation into a Major General who is accused of accepting $ 50k a year from a sports commission that was supposedly funneled into the National Guard . As ZDNet reports , the names and addresses , ranks , and social security numbers of more than 4000 US Air Force officers were included in the stash of personal information . Further documents included phone numbers and contact information for workers and their spouses . Clearly some of the details exposedAttack.Databreachthrough the security lapse would be of value to foreign intelligence agencies and criminal gangs , and could lead to blackmail attempts or identity theft . What we don â t know is how long the information has been accessibleAttack.Databreachonline , and we also do not know if anyone other than the security researchers had managed to stumble acrossAttack.Databreachthe exposed information . But the truth of the matter is that we shouldn â t ever have to find ourselves in a question to ask such questions . Whenever you decide to store information on the internet , particularly sensitive data , you should be doing your utmost to ensure that you have minimised the risk of it falling into the wrong hands . That means always keeping your computer patchedVulnerability-related.PatchVulnerabilityand running an up-to-date anti-virus , using encryption , enabling passwords and ensuring that the password chosen is a strong one , turning on additional authentication checks such as two-step verification and restricting the range of trusted IP addresses from where users can login from
Several developments this week recentered the security spotlight on some of the enterprise 's most critical business systems as cybersecurity experts deal with the reality that enterprise resource planning ( ERP ) software needs heightened attention . On the vulnerability front , SAP this week patchedVulnerability-related.PatchVulnerabilitya new , highly critical vulnerability for SAP HANA with one of the highest severity ratings available . Meanwhile , a new survey report shows that security professionals are finally waking up to the fact that attackers are looking to leverage vulnerabilities like these , with indicated expectations of increased ERP attacks in the near future . SAP HANA is an in-memory data platform used by enterprises to crunch data from across their business software stacks . Organizations use it to perform advanced analytics that inform critical business processes and fuel innovative applications , and as such it contains some of the most sensitive data pertaining to customers , business processes and intellectual property . The major vulnerability was discoveredVulnerability-related.DiscoverVulnerabilityby ERP security firm Onapsis in SAP HANA 's User Self-Service component and scored a CVSS vulnerability rating of 9.8 , garnering a Hot News designation in this month 's SAP Security Notes . If exploited , it would allow full remote compromise without access to any credentials . `` This level of access would allow an attacker to perform any actionAttack.Databreachover the business information and processes supported by HANA , including creating , stealingAttack.Databreach, altering , and/or deleting sensitive information , '' says Sebastian Bortnik , head of research for Onapsis . SAP patchedVulnerability-related.PatchVulnerabilitythe problem in this month 's round of SAP Security Notes , which included 35 vulnerabilities across its portfolio . Among them there were eight vulnerabilities with a high priority rating . Last year , the threats posedVulnerability-related.DiscoverVulnerabilityby these vulnerabilities tipped over from the theoretical realm to one of documented reality when US-CERT released a report that warned of at least 36 organizations worldwide impacted by attacks that leveraged a vulnerability in SAP 's Invoker Servlet functionality running on SAP Java platforms . This week , a new report from Crowd Research Partners found that 89 % of security experts anticipate more attacks against ERP systems . Approximately 1 in 3 experts expect a significant increase in these attacks . As things stand , most enterprises are still dreadfully unprepared for any attacks , let alone an increased volume of them . A report last year from Ponemon Institute showed that more than half of enterprises admit it would take their firm a year or longer to detect a breach in the SAP platform .
Several developments this week recentered the security spotlight on some of the enterprise 's most critical business systems as cybersecurity experts deal with the reality that enterprise resource planning ( ERP ) software needs heightened attention . On the vulnerability front , SAP this week patchedVulnerability-related.PatchVulnerabilitya new , highly critical vulnerability for SAP HANA with one of the highest severity ratings available . Meanwhile , a new survey report shows that security professionals are finally waking up to the fact that attackers are looking to leverage vulnerabilities like these , with indicated expectations of increased ERP attacks in the near future . SAP HANA is an in-memory data platform used by enterprises to crunch data from across their business software stacks . Organizations use it to perform advanced analytics that inform critical business processes and fuel innovative applications , and as such it contains some of the most sensitive data pertaining to customers , business processes and intellectual property . The major vulnerability was discoveredVulnerability-related.DiscoverVulnerabilityby ERP security firm Onapsis in SAP HANA 's User Self-Service component and scored a CVSS vulnerability rating of 9.8 , garnering a Hot News designation in this month 's SAP Security Notes . If exploited , it would allow full remote compromise without access to any credentials . `` This level of access would allow an attacker to perform any actionAttack.Databreachover the business information and processes supported by HANA , including creating , stealingAttack.Databreach, altering , and/or deleting sensitive information , '' says Sebastian Bortnik , head of research for Onapsis . SAP patchedVulnerability-related.PatchVulnerabilitythe problem in this month 's round of SAP Security Notes , which included 35 vulnerabilities across its portfolio . Among them there were eight vulnerabilities with a high priority rating . Last year , the threats posedVulnerability-related.DiscoverVulnerabilityby these vulnerabilities tipped over from the theoretical realm to one of documented reality when US-CERT released a report that warned of at least 36 organizations worldwide impacted by attacks that leveraged a vulnerability in SAP 's Invoker Servlet functionality running on SAP Java platforms . This week , a new report from Crowd Research Partners found that 89 % of security experts anticipate more attacks against ERP systems . Approximately 1 in 3 experts expect a significant increase in these attacks . As things stand , most enterprises are still dreadfully unprepared for any attacks , let alone an increased volume of them . A report last year from Ponemon Institute showed that more than half of enterprises admit it would take their firm a year or longer to detect a breach in the SAP platform .
It â s safe to say that 2016 was the year of ransomware . More specifically , the year of crypto-ransomware , that nefarious variant that encrypts files and holds them captive until a ransom is paidAttack.Ransom. Since the release of Cryptolocker in late 2013 , crypto-ransomware has exploded , and 2016 was a banner year . As a matter of fact , according to the FBI , cyber criminals used ransomware to stealAttack.Ransommore than $ 209 million from U.S. businesses in just the first quarter of 2016 . And according to a recent report from Kaspersky Labs , from January to September of 2016 , ransomware attacks targeting companies increased by a whopping 300 percent . With threat actors realizing ransomware â s lucrative potential , they bombarded the industry with new attacks in 2016 . This variant hit the wild in early 2016 , infecting systems using AES encryption . It not only infects mapped file shares , but any networked share , so remote drives are at risk . This attack was so potent experts estimate it infected more than 100,000 victims per day at its peak . More recently , hackers went after the beloved San Francisco Municipal Transport Agency ( MUNI ) . If you were in the area in late November , you may have gotten the message â You Hacked â at public transit ticket kiosks . The city â s light rail was hit by ransomware that forced them to offerAttack.Ransomfree rides for two days while they recovered the files . Or , what about Popcorn , the ingenious little in-development ransomware variant in December that turned victims into attackers by incentivizing them with a pyramid scheme-style discount . Send the infection to two of your friends , and you get your files back for free . Ransomware perhaps hitAttack.Ransomhealthcare the hardest in 2016 , with some reports claiming 88 percent of all ransomware affected hospitals . Whether large or small , no provider could hide from hackers looking to nab and encrypt patient data , disrupting care until the provider paid upAttack.Ransomor recovered files . The New Jersey Spine Center and Marin Healthcare District were attackedAttack.Ransomby Cryptowall , which encrypted electronic health records , backup files and the phone system . MedStar , which operates 10 hospitals in the D.C and Baltimore area , was forced to shut down its entire IT system and revert to paper records . And the list goes on and on with names like California â s Hollywood Presbyterian Medical Center , The University of Southern California â s Keck and Norris Hospital , Kansas Heart Hospital , Alvarado Medical Center , King â s Daughter â s Health , Chino Valley Medical Center and Desert Valley Hospital , and more . Criminals have obviously realized the awesome money-making potential of ransomware , and you should expect them to double-down in 2017 . That said , how can they make an already effective threat even more widespread ? Every year I try to predict changes and evolutions to the threat and security landscape . In this year â s predictions , I forecast that you â ll see the first ever , wide-spread ransomworm . This new variant will dramatically accelerate the spread of ransomware . Years ago , network worms like CodeRed , SQL Slammer , and more recently , Conficker were pretty common . As you probably know , a worm is a type of malware that automatically spreads itself over a network , using either legitimate network file sharing features , or network software vulnerabilities . In the past , the fastest spreading worms â like the examples mentioned above â exploitedVulnerability-related.DiscoverVulnerabilitynetwork software flaws to automatically propagate through networks ( whether the Internet or just your internal network ) . Although we haven â t seen many wildly successful network worms lately , they â re still a threat . All it takes is for one black hat to findVulnerability-related.DiscoverVulnerabilitya new zero-day networking software flaw and wide-spread ransomworm becomes a real possibility . In fact , attackers may not even need to know a new networking flaw to create a successful ransomware . By stealingAttack.Databreacha computer â s local credentials , attackers can use normal Windows networking , or tools like Powershell to spread through an internal Windows network without leveraging any vulnerability at all . Now , imagine ransomware attached to such a network worm . After infecting one victim , it could tirelessly copy itself to every computer it could reach on your local network . Whether or not you want to imagine such a scenario , criminals have already added network-scanning capabilities to some ransomware variants , and there â s a high likelihood they will more aggressively merge ransomware and worm capabilities next year . In 2017 , I suspect you â ll see a ransomworm that automatically spreads very quickly and successfully , at least on local networks , if not the Internet . Since falling victim to ransomware can be a costly and time-consuming affair , how can you prepare to combat these evolving threats ? Backup â Sure , I know most people just want to prevent ransomware , but you â ll never have 100 percent assurances of that in information security . Backing up your data is an important part of security for reasons far beyond just recovering from a ransomware attack . If you don â t already backup your important data , ransomware is the best reason yet to do so . Patch your software â There are many ways ransomware might get on your systems , including just users manually doing foolish things . However , in order to forcefully or automatically install malware on your system , attackers must exploit software flaws . That said , vendors have already fixedVulnerability-related.PatchVulnerabilitya huge percent of the vulnerabilities hackers use to spread malware . If you simply keep your patches up to dateVulnerability-related.PatchVulnerability, you won â t succumb to many of these forced or automated attacks , which could even help against ransomworms , assuming the network flaw they used was also patchedVulnerability-related.PatchVulnerability. Implement Killchain Defense â You won â t find one security technology that can protect you from 100 percent of ransomware by itself . However , there are many security controls that help protect you from various stages of a ransomware attack . For instance , Intrusion Prevention Systems ( IPS ) can prevent some of the exploits criminals use to spread ransomware . AntiVirus can catch some of the most common ransomware variants , and more modern advanced threat protection solutions can even identify and block new zero-day ransomware samples . However , none of these defenses are fool proof alone . The best way to protect your computer or organization is to combine all of them . Unified Threat Management ( UTM ) solutions often offer the easiest option for placing all these protections under one pane of glass
Ransomware scammers have been exploiting a flaw in Apple 's Mobile Safari browser in a campaign to extort feesAttack.Ransomfrom uninformed users . The scammers particularly target those who viewed porn or other controversial content . Apple patchedVulnerability-related.PatchVulnerabilitythe vulnerability on Monday with the releaseVulnerability-related.PatchVulnerabilityof iOS version 10.3 . The flaw involved the way that Safari displayed JavaScript pop-up windows . In fact , recovering from the pop-up loop was as easy as going into the device settings and clearing the browser cache . This simple fix was possibly lost on some uninformed targets who were too uncomfortable to ask for outside help . `` The attackers effectively used fear as a factor to get what they wanted before the victim realized that there was little actual risk , '' Lookout researchers Andrew Blaich and Jeremy Richards wrote in Monday 's post . The user provided the screenshot shown above , which attempts to instill fear with the claim the device was being locked `` for illegal pornography . '' Below those words was a pop-up Window that said `` Can not Open Page . '' Each time the person clicked on the accompanying OK button , a new window would open again . The JavaScript used in the attack shows signs of being used to exploit the same Safari flaw present inVulnerability-related.DiscoverVulnerabilityiOS version 8 , which was released in 2014 . The attackers , the Lookout researchers said , purchased a large number of domains in an attempt to `` catch users that are seeking controversial content on the internet and coerce them into paying a ransomAttack.Ransomto them . '' Sites tailored the messages they delivered based on country identifiers . The campaign in many respects resembles one that hitAttack.RansomAndroid users in 2014 . That one demandedAttack.Ransoma $ 300 ransom paidAttack.Ransomin the form of mechanisms such as Paysafecard or uKash
A broad array of Android phones are vulnerableVulnerability-related.DiscoverVulnerabilityto attacks that use booby-trapped Wi-Fi signals to achieve full device takeover , a researcher has demonstratedVulnerability-related.DiscoverVulnerability. The vulnerability resides inVulnerability-related.DiscoverVulnerabilitya widely used Wi-Fi chipset manufactured by Broadcom and used in both iOS and Android devices . Apple patchedVulnerability-related.PatchVulnerabilitythe vulnerability with Monday 's releaseVulnerability-related.PatchVulnerabilityof iOS 10.3.1 . `` An attacker within range may be able to execute arbitrary code on the Wi-Fi chip , '' Apple 's accompanying advisory warnedVulnerability-related.DiscoverVulnerability. In a highly detailed blog post publishedVulnerability-related.DiscoverVulnerabilityTuesday , the Google Project Zero researcher who discoveredVulnerability-related.DiscoverVulnerabilitythe flaw saidVulnerability-related.DiscoverVulnerabilityit allowed the execution of malicious code on a fully updated 6P `` by Wi-Fi proximity alone , requiring no user interaction . '' Google is in the process of releasingVulnerability-related.PatchVulnerabilityan update in its April security bulletin . The fix is availableVulnerability-related.PatchVulnerabilityonly to a select number of device models , and even then it can take two weeks or more to be available as an over-the-air update to those who are eligible . Company representatives did n't respond to an e-mail seeking comment for this post . The proof-of-concept exploit developed by Project Zero researcher Gal Beniamini uses Wi-Fi frames that contain irregular values . The values , in turn , cause the firmware running on Broadcom 's wireless system-on-chip to overflow its stack . By using the frames to target timers responsible for carrying out regularly occurring events such as performing scans for adjacent networks , Beniamini managed to overwrite specific regions of device memory with arbitrary shellcode . Beniamini 's code does nothing more than write a benign value to a specific memory address . Attackers could obviously exploit the same series of flaws to surreptitiously execute malicious code on vulnerable devices within range of a rogue access point . Besides the specific stack overflow bugs exploitedVulnerability-related.DiscoverVulnerabilityby the proof-of-concept attack , Beniamini saidVulnerability-related.DiscoverVulnerabilitya lack of security protections built into many software and hardware platforms made the Broadcom chipset a prime target . `` We â ve seen that while the firmware implementation on the Wi-Fi SoC is incredibly complex , it still lags behind in terms of security , '' he wrote . `` Specifically , it lacks all basic exploit mitigationsâincluding stack cookies , safe unlinking and access permission protection ( by means of [ a memory protection unit . ] ) '' The Broadcom chipset contains an MPU , but the researcher found that it 's implemented in a way that effectively makes all memory readable , writeable , and executable . `` We can conveniently execute our code directly from the heap . '' He said that Broadcom has informed him that newer versions of the chipset implement the MPU more effectively and also add unspecified additional security mechanisms . Given the severity of the vulnerability , people with affectedVulnerability-related.DiscoverVulnerabilitydevices should installVulnerability-related.PatchVulnerabilitya patch as soon as it 's available . For those with vulnerable iPhones , that 's easy enough . As is all too often the case for Android users , there 's no easy way to getVulnerability-related.PatchVulnerabilitya fix immediately , if at all . That 's because Google continues to stagger the releaseVulnerability-related.PatchVulnerabilityof its monthly patch bundle for the minority of devices that are eligible to receive it . At the moment , it 's not clear if there are effective workarounds available for vulnerable devices . Turning off Wi-Fi is one possibility , but as revealed in recent research into an unrelated Wi-Fi-related weakness involving Android phones , devices often relay Wi-Fi frames even when Wi-Fi is turned off
Six months of relative quiet around exploit kits recently changed when a public proof-of-concept attack disclosedVulnerability-related.DiscoverVulnerabilityby a Texas startup was integrated into the Sundown Exploit Kit . The proof-of-concept exploit was developedVulnerability-related.DiscoverVulnerabilityby Theori , a research and development firm in Austin , which opened its doors last spring . The PoC targets two vulnerabilities , CVE-2016-7200 and CVE-2016-7201 , in Microsoft Edge that were patchedVulnerability-related.PatchVulnerabilityin November in MS16-129 and privately disclosedVulnerability-related.DiscoverVulnerabilityto Microsoft by Google Project Zero researcher Natalie Silvanovich . French researcher Kafeine said on Saturday that he had spotted weaponized versions of the Theori exploits in Sundown two days after they were made public . The payload is most likely the Zloader DLL injector , but Sundown has also moved other malware in the past including banking Trojans such as Zeus Panda and Dreambot , and even Bitcoin mining software . Kafeine said this is the first significant exploit kit activity he â s seen in six months . This is the second time a Theori proof-of-concept exploit has ended up in an exploit kit , Kafeine saidVulnerability-related.DiscoverVulnerability, harkening back to CVE-2016-0189 , which was patchedVulnerability-related.PatchVulnerabilityin May by Microsoft and yet eventually found its way into Neutrino , RIG , Sundown and Magnitude . Kafeine said he expects other exploit kits to quickly integrate this attack as well , but activity could be slowed by Christmas and New Year holidays in the West , and the recently concluded Russian holiday season . A request for comment from researchers at Theori was not returned in time for publication . In the Readme for the exploits posted to Github , Theori said its PoC was tested on the latest version of Edge running on Windows 10 . The vulnerabilities are in the Chakra JavaScript engine developed for Microsoft in Internet Explorer 9 . The Theori exploits trigger information leak and type confusion vulnerabilities in the browser , leading to remote code execution . The bugs were patchedVulnerability-related.PatchVulnerabilityNov. 8 by Microsoft in a cumulative update for the Edge browser ; Microsoft characterizedVulnerability-related.DiscoverVulnerabilitythem as memory corruption flaws and rated them both critical for Windows clients and moderate for Windows server . An attacker could also embed an ActiveX control marked â safe for initialization â in an application or Microsoft Office document that hosts the Edge rendering engine . The integration of new exploits , however , has slowed significantly since the erasure of Angler and other popular kits from the underground . Angler â s disappearance coincided with the June arrests of 50 people in Russia allegedly connected to the development and distribution of the Lurk Trojan . Researchers at Kaspersky Lab who investigated the infrastructure supporting Lurk said there was little doubt that the criminals behind Lurk were also responsible for Angler â s constant development and profit-making . Since the end of the summer , however , exploit kit development has all but ended while attackers have returned to large-scale spamming campaigns and a resurgence of macro malware to move attacks along . â Regarding the why , I don â t know for sure , â Kafeine said . â Either it â s harder to code those , [ or ] those who were providing fully working exploits ( for Angler for instance ) are not anymore into this . â I think [ exploit kits ] have not been so far behind in years â . Microsoft patchedVulnerability-related.PatchVulnerabilitythis on Nov 8th , bug the huge problem is that whenever you buy a new computer , it doesn â t come with that pacthâĤ You have to run the updates once you set up the new computer . And from what I have been finding over the last 6 months , is that the moment you open a brand new laptop with windows 10 and start to try to update it , the vulnerability is wide open for attack . The WORST part is that if you are a regular person not knowing anything about security , and you set up windows 10 with the â express settings â the computer is setup to connect to any open wifi hotspot and Bluetooth devices ! So if you live in NYC or any heavy populated area , or your home wifi is already infected by Miria Botnet , you are screwed instantlyâĤ I have proof that it is happening to everyone and no one knows it . The internet is going to implode within the next 3-4 months and the government will have to shut it down .
To understand why it is so difficult to defend computers from even moderately capable hackers , consider the case of the security flaw officially known asVulnerability-related.DiscoverVulnerabilityCVE-2017-0199 . The bug was unusually dangerous but of a common genre : it was in Microsoft software , could allow a hacker to seize control of a personal computer with little trace , and was fixedVulnerability-related.PatchVulnerabilityApril 11 in Microsoft â s regular monthly security update . But it had traveled a rocky , nine-month journey from discovery to resolution , which cyber security experts say is an unusually long time . Google â s security researchers , for example , give vendors just 90 daysâ warningVulnerability-related.DiscoverVulnerabilitybefore publishingVulnerability-related.DiscoverVulnerabilityflaws they findVulnerability-related.DiscoverVulnerability. Microsoft Corp ( MSFT.O ) declined to say how long it usually takes to patchVulnerability-related.PatchVulnerabilitya flaw . While Microsoft investigated , hackers foundVulnerability-related.DiscoverVulnerabilitythe flaw and manipulated the software to spy on unknown Russian speakers , possibly in Ukraine . And a group of thieves used it to bolster their efforts to stealAttack.Databreachfrom millions of online bank accounts in Australia and other countries . Those conclusions and other details emerged from interviews with researchers at cyber security firms who studied the events and analyzed versions of the attack code . Microsoft confirmed the sequence of events . The tale began last July , when Ryan Hanson , a 2010 Idaho State University graduate and consultant at boutique security firm Optiv Inc in Boise , foundVulnerability-related.DiscoverVulnerabilitya weakness in the way that Microsoft Word processes documents from another format . That allowed him to insert a link to a malicious program that would take control of a computer . The company often pays a modest bounty of a few thousands dollars for the identification of security risks . Soon after that point six months ago , Microsoft could have fixedVulnerability-related.PatchVulnerabilitythe problem , the company acknowledgedVulnerability-related.DiscoverVulnerability. But it was not that simple . A quick change in the settings on Word by customers would do the trick , but if Microsoft notifiedVulnerability-related.DiscoverVulnerabilitycustomers about the bug and the recommended changesVulnerability-related.PatchVulnerability, it would also be telling hackers about how to break in . Alternatively , Microsoft could have createdVulnerability-related.PatchVulnerabilitya patch that would be distributedVulnerability-related.PatchVulnerabilityas part of its monthly software updates . But the company did not patch immediatelyVulnerability-related.PatchVulnerabilityand instead dug deeper . It was not aware that anyone was using Hanson â s method , and it wanted to be sure it had a comprehensive solution . â We performedVulnerability-related.PatchVulnerabilityan investigation to identify other potentially similar methods and ensure that our fix addresses [ sic ] more than just the issue reported , â Microsoft said through a spokesman , who answered emailed questions on the condition of anonymity . â This was a complex investigation. â Hanson declined interview requests . The saga shows that Microsoft â s progress on security issues , as well as that of the software industry as a whole , remains uneven in an era when the stakes are growing dramatically . Finally , on the Tuesday , about six months after hearing from Hanson , Microsoft madeVulnerability-related.PatchVulnerabilitythe patch availableVulnerability-related.PatchVulnerability. As always , some computer owners are lagging behind and have not installed it . Ben-Gurion University employees in Israel were hacked , after the patch , by attackers linked to Iran who took over their email accounts and sent infected documents to their contacts at technology companies and medical professionals , said Michael Gorelik , vice president of cyber security firm Morphisec . When Microsoft patchedVulnerability-related.PatchVulnerability, it thanked Hanson , a FireEye researcher and its own staff . A six-month delay is bad but not unheard of , said Marten Mickos , chief executive of HackerOne , which coordinates patching efforts between researchers and vendors . â Normal fixing times are a matter of weeks , â Mickos said . Privately-held Optiv said through a spokeswoman that it usually gives vendors 45 days to makeVulnerability-related.PatchVulnerabilityfixes before publishing researchVulnerability-related.DiscoverVulnerabilitywhen appropriate , and that it â materially followed â that practice in this case . If the patchingVulnerability-related.PatchVulnerabilitytook time , others who learned of the flaw moved quickly . On the final weekend before the patch , the criminals could have sold it along to the Dridex hackers , or the original makers could have cashed in a third time , Hultquist said , effectively staging a last clearance sale before it lost peak effectiveness . It is unclear how many people were ultimately infected or how much money was stolen .
A zero-day vulnerability exists inVulnerability-related.DiscoverVulnerabilityWordPress Core that in some instances could allow an attacker to reset a user â s password and gain access to their account . Researcher Dawid Golunski of Legal Hackers disclosedVulnerability-related.DiscoverVulnerabilitythe vulnerability on Wednesday via his new ExploitBox service . All versions of WordPress , including the latest , 4.7.4 , are vulnerableVulnerability-related.DiscoverVulnerability, the researcher said . The vulnerability ( CVE-2017-8295 ) happens because WordPress uses what Golunski calls untrusted data by default when it creates a password reset email . In a proof-of-concept writeup , Golunski points out that WordPress uses a variable , SERVER_NAME , to get the hostname to create a From/Return-Path header for the password reset email . Since that variable , by its nature , can be customized , an attacker could insert a domain of his choosing and make it so an outgoing email could be sent to a malicious address , the researcher says . The attacker would then receive the reset email and be able to change the account password and take over . â Depending on the configuration of the mail server , it may result in an email that gets sent to the victim WordPress user with such malicious From/Return-Path address set in the email headers , â Golunski wrote . â This could possibly allow the attacker to intercept the email containing the password reset link in some cases requiring user interaction as well as without user interaction. â Golunski writes that there are three scenarios in which a user could be trickedAttack.Phishing, and only one of them relies on user interaction . In one , an attacker could perform a denial of service attack on the victim â s email account in order to prevent the password reset email from reaching the victim â s account . Instead , it could bounce back to the malicious sender address , pointed at the attacker . Second , Golunski says some auto-responders may attach a copy of the email sent in the body of the auto-replied message . Third , by sending multiple password reset emails , he says the attacker could trigger the victim to ask for an explanation , below , which could contain the malicious password link . Golunski saidVulnerability-related.DiscoverVulnerabilityhe reportedVulnerability-related.DiscoverVulnerabilitythe issue to WordPress â s security team multiple times , initially more than 10 months ago in July 2016 . The researcher told Threatpost that WordPress never outright rejected his claim â he says WordPress told him it was working on the issue â but acknowledged that too much time has passed without a clear resolution , something which prompted him to release detailsVulnerability-related.DiscoverVulnerabilityon the bug on Wednesday . Campbell said that it â s possible WordPress will patchVulnerability-related.PatchVulnerabilitythe issue , even if just for poorly configured servers , but acknowledged he didn â t have a timetable for the fix . Concerned WordPress users should follow a public ticket that was started for the issue last July , Campbell added . While there â s no official fix availableVulnerability-related.PatchVulnerabilityyet , Golunski says users can enable the UseCanonicalName setting on Apache to enforce a static SERVER_NAME value to ensure it doesn â t get modified . Golunski has had his hands full findingVulnerability-related.DiscoverVulnerabilityvulnerabilities related to PHP-based email platforms . He discoveredVulnerability-related.DiscoverVulnerabilitya remote code execution bug in SquirrelMail in January that disclosedVulnerability-related.DiscoverVulnerabilityand quickly patchedVulnerability-related.PatchVulnerabilitylast month and similar RCE bugs in PHPMailer and SwiftMailer , libraries used to send emails via PHP , at the end of 2016 .
A ransomware threat called SLocker , which accounted for one-fifth of Android malware attacks in 2015 , is back with avengeance , according to security firm Wandera . SLocker encrypts images , documents and videos on Android devices and demands a ransomAttack.Ransomto decrypt the files . Once the malware is executed , it runs in the background of a user 's device without their knowledge or consent . Once it has encrypted files on the phone , the malware hijacks the device , blocking the user 's access , and attempts to intimidate them into paying a ransomAttack.Ransomto unlock it . Last year , security company Bitdefender said that ransomware was the largest malware risk to Android users in the second half of 2015 - with SLocker accounting for 22 per cent of Android malware threats in the UK in that period . The malware also topped the ransomware charts in Germany and Australia , and Bitdefender claimed that 44 per cent of Android users it asked had already paid out a ransomAttack.Ransomin order to regain access to their devices . The malware continued to cause problems and , in mid-2016 , its attacksAttack.Ransomwere estimated to have resulted in tens of millions of dollars in ransoms paidAttack.Ransom. Weeks after the initial wave of attacks , security companies patchedVulnerability-related.PatchVulnerabilitythe issue for their enterprise customers , devices were updatedVulnerability-related.PatchVulnerabilityand the threat disappeared . That is until now . Mobile security firm Wandera said that its mobile intelligence engine MI : RIAM had detected more than 400 variants of the same malware . It said that these strains were targeting businesses ' mobile fleets through easily accessible third-party app stores and websites where security checks are not as rigorous as they ought to be . According to Wandera , the variants have been redesigned and repackaged to avoid all known detection techniques . `` They utilise a wide variety of disguises including altered icons , package names , resources and executable files in order to evade signature-based detection , '' the company said . Third-party app stores and unknown vendors should be avoided by Android users , while corporate administrators should be wary of SLocker returning and put in place security measures to monitor devices accordingly .
Argentinean security researcher Manuel Caballero has discoveredVulnerability-related.DiscoverVulnerabilityanother vulnerability in Microsoft 's Edge browser that can be exploitedVulnerability-related.DiscoverVulnerabilityto bypass a security protection feature and steal data such as passwords from other sites , or cookie files that contain sensitive information . The vulnerability is a bypass of Edge 's Same Origin Policy ( SOP ) , a security feature that prevents a website from loading resources and code from other domains except its own . To exploit the flaw , Caballero says that an attacker can use server redirect requests combined with data URIs , which would allow him to confuse Edge 's SOP filter and load unauthorized resources on sensitive domains . The expert explains the attack step by step on his blog . In the end , the attacker will be able to inject a password form on another domain , which the built-in Edge password manager will automatically fill in with the user 's credentials for that domain . Below is a video of the attack . Additionally , an attacker can steal cookies in a similar manner . More demos are available on a page Caballero set up here . Two weeks ago , Caballero foundVulnerability-related.DiscoverVulnerabilityanother SOP bypass in Edge , which an attacker could also exploit to steal cookies and passwords . That particular exploit relied on a combination of data URIs , meta refresh tag , and domainless pages , such as about : blank . Compared to the previous SOP bypass , the technique Caballero disclosedVulnerability-related.DiscoverVulnerabilityyesterday has the advantage that it 's faster to execute compared to the first , which required the attacker to log users out of their accounts and re-authenticate them in order to collect their credentials . Caballero has a history of findingVulnerability-related.DiscoverVulnerabilitysevere bugs in Microsoft browsers . He previously also bypassed the Edge SOP using Edge 's new Reading Mode , showed how you could abuse the SmartScreen security filter for tech support scams , and found a serious JavaScript attack in Internet Explorer 11 ( still unpatched ) . What 's more worrisome is that Microsoft has not patchedVulnerability-related.PatchVulnerabilityany of the SOP bypass issues the expert discoveredVulnerability-related.DiscoverVulnerability. `` We have 3 SOP bypasses right now , '' Caballero told Bleeping Computer today when asked to confirm the status of the three bugs . This month 's Patch Tuesday , releasedVulnerability-related.PatchVulnerabilitytwo days ago , patchedVulnerability-related.PatchVulnerabilitythe Edge SmartScreen issue Caballero discoveredVulnerability-related.DiscoverVulnerabilitylast December , but the researcher found a way to bypass Microsoft 's patch within minutes .
Argentinean security researcher Manuel Caballero has discoveredVulnerability-related.DiscoverVulnerabilityanother vulnerability in Microsoft 's Edge browser that can be exploitedVulnerability-related.DiscoverVulnerabilityto bypass a security protection feature and steal data such as passwords from other sites , or cookie files that contain sensitive information . The vulnerability is a bypass of Edge 's Same Origin Policy ( SOP ) , a security feature that prevents a website from loading resources and code from other domains except its own . To exploit the flaw , Caballero says that an attacker can use server redirect requests combined with data URIs , which would allow him to confuse Edge 's SOP filter and load unauthorized resources on sensitive domains . The expert explains the attack step by step on his blog . In the end , the attacker will be able to inject a password form on another domain , which the built-in Edge password manager will automatically fill in with the user 's credentials for that domain . Below is a video of the attack . Additionally , an attacker can steal cookies in a similar manner . More demos are available on a page Caballero set up here . Two weeks ago , Caballero foundVulnerability-related.DiscoverVulnerabilityanother SOP bypass in Edge , which an attacker could also exploit to steal cookies and passwords . That particular exploit relied on a combination of data URIs , meta refresh tag , and domainless pages , such as about : blank . Compared to the previous SOP bypass , the technique Caballero disclosedVulnerability-related.DiscoverVulnerabilityyesterday has the advantage that it 's faster to execute compared to the first , which required the attacker to log users out of their accounts and re-authenticate them in order to collect their credentials . Caballero has a history of findingVulnerability-related.DiscoverVulnerabilitysevere bugs in Microsoft browsers . He previously also bypassed the Edge SOP using Edge 's new Reading Mode , showed how you could abuse the SmartScreen security filter for tech support scams , and found a serious JavaScript attack in Internet Explorer 11 ( still unpatched ) . What 's more worrisome is that Microsoft has not patchedVulnerability-related.PatchVulnerabilityany of the SOP bypass issues the expert discoveredVulnerability-related.DiscoverVulnerability. `` We have 3 SOP bypasses right now , '' Caballero told Bleeping Computer today when asked to confirm the status of the three bugs . This month 's Patch Tuesday , releasedVulnerability-related.PatchVulnerabilitytwo days ago , patchedVulnerability-related.PatchVulnerabilitythe Edge SmartScreen issue Caballero discoveredVulnerability-related.DiscoverVulnerabilitylast December , but the researcher found a way to bypass Microsoft 's patch within minutes .
The ransomware attackAttack.Ransomtargeting global hospitals , governments and telecoms using a leaked National Security Agency ( NSA ) exploit may be the result of a `` targeted attack gone horribly wrong '' , according to a team of well-regarded security researchers . Experts from Recorded Future , a threat intelligence company headquartered in the US , say analysis of the hackers ' bitcoin addresses â set up to receive money from infected computers â indicates the attackers were unprepared for such a widespread incident . `` A part of carefully planned large-scale ransomware attackAttack.Ransomrequires a separate bitcoin address for each victim , guaranteeing the miscreant controlling the operation would later be able to identify the paymentAttack.Ransomand decrypt the correct system , '' wrote security expert John Wetzel in a blog post . He said in the WannaCry ransomware campaignAttack.Ransom, however , only a `` handful '' of wallets were used . `` Such unusual behaviour suggests the current epidemic was never planned by criminals , and resulted from targeted attacks going horribly wrong , '' he added . At the time of writing , the criminals ' bitcoin wallets have received over $ 40,000 worth of bitcoin , a type of cryptocurrency . All funds remain untouched . The security firm said the inaction is likely due to `` intense scrutiny '' of police and investigators . `` Unintended or not , the scale and scope of damage in this attack is unprecedented . Criminals will utilise any method available in their pursuit of monetary gain . While the gain in this attack was limited , the damage was massive , and possibly avoidable , '' Wetzel noted . Recorded Future is just one of many firms probing the malware â which was exploiting the same Microsoft Windows vulnerability as a leaked NSA exploit called EternalBlue . The bug , patchedVulnerability-related.PatchVulnerabilityin March 2017 , targeted the SMB ( Server Message Block ) , experts foundVulnerability-related.DiscoverVulnerability. Microsoft has been outspoken on the topic of the NSA storing vulnerabilities for its software . `` Repeatedly , exploits in the hands of governments have leaked into the public domain and caused widespread damage , '' said the firm 's president , Brad Smith , on 14 May . `` We expect to see further attacks from variants of this malware , '' warned Recorded Future , adding : `` The best advice is to update your antivirus on endpoints , to ensure that all Windows systems are fully patchedVulnerability-related.PatchVulnerability, to configure firewalls to block access to SMB and RDP ports . '' On 15 May , as the UK working week was set to begin , fears mounted that a second round of infections could take place . According to Kaspersky Lab 's Costin Raiu , the malware was still in circulation , but appeared to be less widespread than previously predicted . `` Kaspersky Lab has noted about 500 new attempted WannaCry attacksAttack.Ransomacross its customer base â by comparison , on 12 May ( Friday ) there were six times as many attempts during the first hour alone . This suggests the infection may be coming under control , '' Raiu said . Security experts , including MalwareTech and Matt Suiche , worked through the weekend ( 13-14 May ) to locate so-called `` kill-switches '' that could curb the spread of the ransomware . At the same , law enforcement around the world launched investigations into the incident .
The 'WannaCrypt ' ransomware has been a worldwide dilemma , impacting many countries . Luckily , the malware only impacts older versions of Microsoft 's operating system -- Windows 10 is not vulnerable . Also immune to WannaCrypt is macOS and Linux distributions . Unfortunately , many people run older versions of Windows , but Microsoft has been very active in issuingVulnerability-related.PatchVulnerabilitypatches for them -- including for the now-unsupported XP . Patches aside , security software can protect vulnerable computers too . In fact , today , Symantec announces that it has successfully blocked almost 22 million WannaCrypt attacksAttack.Ransom. The company even leveraged machine learning in its fight against the ransomware . The company explains that it , `` blocked nearly 22 million WannaCry infection attempts across 300,000 endpoints , providing full protection for Symantec customers through its advanced exploit protection technology . The WannaCry ransomware attacksAttack.Ransomtargeted and affected users in various countries across the globe by encrypting data files on infected computers and demandingAttack.Ransomusers payAttack.Ransoma $ 300USD ransomAttack.Ransomin bitcoin to decrypt their files . The protection of Symantec customers was enabled in part due to the integration of real-time threat intelligence shared across both Symantec Endpoint Protection and the Blue Coat ProxySG , which provided real-time threat awareness across the endpoint , network and cloud . '' Mike Fey , president and chief operating officer at Symantec explains , `` The WannaCry ransomware attackAttack.Ransomis the largest we 've ever seen of its kind and we 're pleased to share that Symantec customers benefited from multiple layers of protection even before it happened , through innovations and new capabilities in our Integrated Cyber Defense Platform . Our proactive network protection and advanced machine learning technologies provided real-time , zero-day , protection for all SEP and Norton customers when WannaCry was released last week . And , our Global Intelligence Network automatically shares WannaCry intelligence between Symantec endpoint , email and Blue Coat network products , providing full protection across all control points , including the cloud . '' While Symantec 's announcement highlights the importance of security software for both home and business users , it should n't distract from the fact that it is also imperative to apply operating system updates in a timely matter . Also important is using supported software . Yes , Microsoft patchedVulnerability-related.PatchVulnerabilitythe unsupported Windows XP , but that OS should really not even be in use anymore .