Patch Tuesday? More Like Patch Doomsday

August Patch Tuesday Release Microsoft have released 60 security patches today covering Internet Explorer (IE), Edge, ChakraCore, Windows components, .NET Framework, SQL Server, as well as Microsoft Office and Office Services. Out of these 60 CVEs, 19 are listed as Critical, 39 are rated Important, one is rated as Moderate, and one is rated as…

Zero-Day: HP Printer Hack

Exposing your network with HP OfficeJet Printers A malicious fax sent to an vulnerable all-in-one inkjet printer can give hackers control of the printer and act as a springboard into your network environment. HP’s implementation of a widely used fax protocol is used in all its OfficeJet all-in-one inkjet printers.  HP Inc. has released patches for…

FBI PSA: IoT Devices Targeted by Attackers

The FBI has Released a New PSA According to the alert, I-080218-PSA, actors with malicious intent have been actively using vulnerable IoT devices. Said devices act as proxies to route malicious traffic for cyber attacks and computer network exploitation. This reinforces what we have been saying for a very long time. Ignoring or mismanaging IoT…

Bluetooth Authentication Exploitable

Avoiding Bluetooth Decay A CERT advisory has been released regarding the stability of Bluetooth authentication. In short, the advisory outlines that “the authentication provided by the Bluetooth pairing protocols is insufficient.” This weakness in the Bluetooth key exchange is exploitable and could allow a remote attacker to intercept encryption data. Potentially, malicious actors could view…

Ransomware Disrupts Massive Shipping Company

Cyberattack Causes Shipping Industry Disaster COSCO, one of the world’s largest shipping companies, has experienced a ransomware attack on their US network. Their Long Beach terminal reported that their website and telephone network went down on July 25. The company initially downplayed the event, however it quickly became apparent this was much more than a…

Severe Oracle Vulnerabilities

WebLogic Server Needs Immediate Patching If you are using an Oracle WebLogic Server in your environment, you must patch it now. This easily exploitable vulnerability allows an unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. To compound this…

Microsoft Patch Tuesday: Uninstall

It’s Buggy Out There Microsoft has republished all of the recent July Patch Tuesday updates with one exception: KB 4018385. Microsoft have recalled this update because it crashes Office. What are you to do if you already deployed this patch? We highly recommend our clients uninstall this update and reboot their systems as quickly as…

Will You Avoid This Major Security Threat?

Two Major Vulnerabilities Could Expose You Security vulnerability CVE-2018-8225 and CVE-2018-8267 are both publicly disclosed exploits that have garnered high CVSS scores. These weaknesses were reported to Microsoft through Trend Micro’s Zero Day Initiative (ZDI). CVE-2018-8225 is a vulnerability that impacts the Windows DNS component DNSAPI.dll. An attacker can leverage this flaw to execute arbitrary…

Third-Party Patch Update: June 2018

Third Party Software Updates: June 2018 Roku TV & Sonos IoT devices, which are widely used in businesses that handle sensitive consumer data, such as credit card number and health records, are vulnerable to DNS hacking. These two IoT devices are frequently installed within fast casual dining, medical and dentist businesses. These devices can be…