Situation An existing critical vulnerability in Windows has seen an increase in exploitation by an attack known as BlueKeep (CVE-2019-0708). Problem The BlueKeep vulnerability is a high severity wormable security flaw in Microsoft’s Remote Desktop Services. The BlueKeep vulnerability was recently seen being exploited to install ransomware in systems in Spain. Implication The BlueKeep vulnerability affects a large number of Windows operating systems, from Windows 2000 all the way up to Windows… Read More
Security Advisory: Cisco Patching Critical Vulnerability in Aironet Access
Situation Cisco has released a patch to update Aironet Access Point software for their wireless controllers and access points. This is to prevent a vulnerability that allows for insufficient access control for certain URLs on an affected device. This could result in denial of service, remote reset of end devices, modification of the SSID wireless ID information, and view sensitive information on the network. Problem Unpatched Cisco Aironet controllers and… Read More
Security Advisory: Three Critical Remote Code Execution Vulnerabilities Found in Android Media Framework
Situation Three critical Remote Code Execution vulnerabilities (CVE-2019-2184, CVE-2019-2185, CVE-2019-2186), were found in the Android Media Framework. Problem These vulnerabilities affect a large number of Android models and versions, specifically ones with a Qualcomm chip. Models include LG, Samsung, Google, Huawei, and Xiaomi. Versions include 7.1.1, 7.1.2, 8.0, 8.1, and 9. Implication Remote attackers could use a specially crafted file to execute code, which could lead to attacker installing malicious apps… Read More
Security Advisory: Critical Vulnerabilities Found in Internet Explorer and Microsoft Defender
Situation Microsoft has issued an out-of-band security patch to address critical vulnerabilities in Internet Explorer and Microsoft Defender. Problem The security patch addresses two vulnerabilities: 1. An Internet Explorer remote code execution vulnerability exists in the way that the scripting engine handles objects in memory. 2. A Microsoft Defender denial of service vulnerability caused by improperly handling files. The vulnerabilities affect Windows 10, 8.1, 7, Windows Server 2019, 2016, 2012, 2012 R2, 2008,… Read More
Security Advisory: Vulnerability in Samba 4.9.0 through 4.10.7
Situation A vulnerability (CVE-2019-10197) was found in Samba versions 4.9.0 through 4.10.7 that could allow for unintended access, addition, and/or modification to files over the network. Problem The vulnerability is a flaw with Samba SMB server which does not properly prevent clients from escaping outside the share root directory. Implication An attacker could use this vulnerability to gain access to files outside of the Samba share which could lead to… Read More
Security Advisory: Critical vulnerabilities found in Cisco’s Integrated Management Controller (IMC) Supervisor
Situation Critical vulnerabilities have been found in Cisco’s Integrated Management Controller (IMC) Supervisor, Unified Computing System (UCS) Director, and UCS Director Express for Big Data. Problem Four critical vulnerabilities have been found impacting UCS Director, and UCS Director Express for Big Data. Three of the vulnerabilities impact IMC Supervisor. The vulnerabilities and what devices they impact: Two authentication bypass vulnerabilities affecting IMC Supervisor, UCS Director, and UCS Director Express for… Read More
Security Advisories: Ransomware eCh0raix Targeting NAS Machines and Phishing Kit Targets Amazon Prime Day Shoppers
Ransomware eCh0raix Targeting NAS Machines Situation A new ransomware called eCh0raix is targeting NAS (network attached storage) machines produced by the vendor QNAP Systems. The eCh0raix ransomware uses brute-force attacks to infect QNAP NAS systems. Problem The eCh0raix ransomware is specifically targeting unpatched QNAP NAP systems. If eCh0raix successfully infects a system, it can decrypt files stored on QNAP NAS systems. eCh0raix will then deliver the ransomware by maliciously encrypting… Read More
Security Advisory: Vulnerability Found on Linux Exim Mail Transport Agent
Situation A critical vulnerability was found on Linux Exim mail transport agent (MTA) versions 4.87 to 4.91. Problem The vulnerability found on Exim, allows for improper validation of the recipient address, which may lead to remote command execution. Implication Successful exploitation of this vulnerability can allow an attacker to perform command executions as root. The attacker can then install programs; view, change, or delete data; or create new accounts with… Read More
Security Advisory: Slack for Windows 3.3.7 Vulnerability
Situation Vulnerability found in Slack, a common messaging platform. Problem A vulnerability in Slack for Windows, version 3.3.7, can allow an attacker to change the destination of downloaded files and the data integrity of files. Implication An attacker can gain access to confidential and sensitive files by forwarding documents on Slack to their own SMB server. An attacker can also redirect the user’s links so that malware and ransomware is downloaded…. Read More
Security Advisory: Microsoft Vulnerability CVE-2019-0708
Situation The critical vulnerability CV3E-2019-0708 affecting Windows Server 2008 and Windows 7. Problem This vulnerability allows unauthenticated users to make requests through RDP (remote desktop protocol). Implication Unauthenticated actors can exploit this vulnerability to “view, change, or delete data; or create new accounts with full user rights.” Need Temporarily disabling RDP is the immediate mitigation for this vulnerability. Updating affected systems is the preferred mitigation. Workarounds include enabling NLA (network level authentications)… Read More