OUT-OF-BAND WINDOWS SECURITY PATCHES
Priority: High Executive Summary: Microsoft have issued urgent, out-of-band patches for two vulnerabilities found in the Windows Codecs Libraries.[1] The vulnerabilities, discovered by Abdul-Aziz Hariri of Trend Micro’s Zero Day Initiative, are CVE-2020-1425 and CVE-2020-1457. Both represent issues in the way in which the Windows Codecs Library handles certain objects in memory and exploiting these […]
PAN-OS CRITICAL VULNERABILITY
Priority: Critical Executive Summary: Palo Alto Networks have released details of a critical vulnerability affecting PAN-OS, the operating system which runs on all Palo Alto next-generation firewalls [1]. The vulnerability, CVE-2020-2021, can allow attackers to bypass authentication, meaning an attacker can log into a server as an administrator. This means that a threat actor who […]
106 MALICIOUS CHROME EXTENSIONS TAKEN OFFLINE
Priority: Medium Executive Summary: Google have removed 106 malicious browser extensions from the Chrome Web Store after being found malicious. The malicious extensions are said to have posed as a variety of tools, such as file conversion tools and even security scanners. However, analysis of the extensions’ behaviour and code indicates that they had ulterior […]
SMBLEED AND MICROSOFT PATCH TUESDAY
Priority: Critical Executive Summary: Researchers at ZecOps have publicly disclosed a Proof of Concept (PoC) for a vulnerability that they discovered in SMBv3 whilst investigating SMBGhost [1]. They have named this vulnerability SMBleed (CVE-2020-1206). Although, by itself, exploiting the vulnerability only achieves information disclosure, the researchers have combined the attacks of SMBleed (as advised yesterday) […]
SMBGHOST (CVE-2020-0796) REMOTE CODE EXECUTION PROOF OF CONCEPT
Priority: Critical Executive Summary: A functional remote code execution (RCE) proof of concept has been publicly released for CVE-2020-0796 (a.k.a. SMBGhost, NexternalBlue, CoronaBlue). Previous research was only able to achieve local privilege escalation (LPE).[1] SMBGhost is caused by a flaw in the SMBv3 protocol that mishandles certain requests. An unauthenticated attacker can target an SMBv3 […]
MAZE RANSOMWARE ATTACKS
Priority: High Executive Summary: Cognizant, an IT services provider based in the US, has confirmed it has fallen victim to the Maze ransomware. Their statement was released over the weekend (Saturday 18th April), confirming that the security incident had caused disruption to some of their customers, and was followed by an update on Sunday 19th […]
WINDOWS REMOTE CODE EXECUTION VULNERABILITY
Priority: High Executive Summary: Microsoft have revealed details of two vulnerabilities in the Adobe Type Manager Library which are being actively exploited in the wild [1]. The vulnerabilities, which Microsoft have said are being exploited in a “limited” capacity, allow for remote code execution. However, supported versions of Windows 10 with AppContainer setup will contain […]
INTEL GRAPHICS DRIVER VULNERABILITIES AND LOAD VALUE INJECTION
Priority: High Executive Summary: Intel have released an advisory detailing 17 vulnerabilities in their Windows graphics drivers [1]. These would allow an attacker to perform privilege escalation, perform a denial of service (DoS) attack and/or enable information disclosure. These vulnerabilities exist due to various issues in the graphics drivers, including buffer overflow flaws and improper […]
ITC THREAT HORIZON: CYBER RESILIENCE
[vc_row][vc_column][vc_column_text css=”.vc_custom_1583406373992{margin-bottom: 0px !important;}”]The highly infectious coronavirus (COVID-19) continues to spread globally and is causing disruption to many businesses and their security operations. Whilst many things are still unknown about the disease, it is of particular concern because of how contagious the virus is. Over the past weeks we have been working around the clock […]
CISCO DISCOVERY PROTOCOL VULNERABILITIES
Priority: High Executive Summary: Armis (an IoT security company) discovered and disclosed five Cisco zero-day vulnerabilities which have been named (as a collective) ‘CDPwn’. They were discovered in the Cisco Discovery Protocol (CDP) [1-6] and consist of four remote code execution (RCE) vulnerabilities and a denial of service (DoS) vulnerability. These vulnerabilities impact a large […]