WINDOWS CRYPTOAPI VULNERABILITY
Priority: High Executive Summary: Microsoft’s latest Patch Tuesday includes a fix to address a vulnerability in Windows CryptoAPI, specifically in crypt32.dll, which implements “Certificate and Cryptographic messaging functions in the CryptoAPI”. This would allow an attacker to spoof a code-signing certificate, enabling them to sign malicious executables, masquerade as legitimate websites and perform man-in-the-middle attacks […]
GEOPOLITICAL TENSIONS AND THREATS
Priority: Medium Executive Summary: Recent developments in the Middle East Using ITC’s advanced Threat Intelligence tools, the ITC Secure Security Operations Centre (SOC) constantly monitors all our customers. Our alerting is configured to trigger on any potential hacking or defacement of websites related to our customers, or on market related issues. On January 3rd, the […]
WIDESPREAD TOR SCANNING
Priority: High Executive Summary: On 30th October 2019 between 20:18 and 23:22 BST, ITC’s SIEM service picked up a heavy, unexpected surge in connection attempts to our customers from Tor node IPs. To understand volumes, ITC typically observe only a few of these events a day, however in this instance there were several thousand detections […]
INTERNET EXPLORER CRITICAL VULNERABILITY
Priority: High Executive Summary: Microsoft have released an emergency security update for Internet Explorer following the discovery of a remote code execution vulnerability in the product [1]. The vulnerability, which is known to affect at least versions 9-11 of Internet Explorer, is caused by an issue in how the web browser’s scripting engine handles objects […]
IMPERVA DATA EXPOSURE – WAF CUSTOMERS AFFECTED
Priority: High Executive Summary: Imperva, an Internet Firewall Services provider has announced that on Tuesday 20th August they were alerted by a third party to a data exposure that includes email addresses, hashed and salted passwords and, for a subset of the Incapsula customers, hashed API keys and customer-provided SSL certificates for Cloud WAF customers […]
KUBERNETES DENIAL OF SERVICE VULNERABILITIES (CVE-2019-9512, CVE-2019-9514)
Priority: High Executive Summary: Two severe vulnerabilities allowing for easy Denial of Service attacks against almost all versions of Kubernetes clusters have been released this week as part of a set of HTTP/2 implementation vulnerabilities. Kubernetes is an open-source container-orchestration system – analogous to lightweight virtual machines, with less of a requirement for isolation from […]
BLUEKEEP II, III, IV AND V REMOTE DESKTOP SERVICES AND DHCP ‘WORMABLE’ VULNERABILITIES
Priority: High Executive Summary: Microsoft have discovered 4 new remote code execution vulnerabilities in their Remote Desktop Services, similar to the recently patched ‘BlueKeep’ RDP vulnerability, affecting a number of Windows versions (see Affected Products for more information)[1-4]. The original BlueKeep vulnerability was reported by ITC in a previous Threat Horizon: https://itcsecure.com/remote-desktop-services-wormable-vulnerability/ The security flaws, […]
SWAPGS CVE-2019-1125
Priority: High Executive Summary: Microsoft and Red Hat have released a security notification stating that there is a new potential exploit that utilizes a new variant of the Spectre side-channel vulnerability, it has been identified as CVE-2019-1125. This vulnerability affects Intel CPUs built since 2012 running x86 and x64 architectures and can allow an unprivileged […]
ORACLE WEBLOGIC, NEW CRITICAL FLAW DISCOVERED CVE-2019-2729
Priority: Critical Executive Summary: A new critical vulnerability has been discovered that affects several versions of the Oracle WebLogic server. The bug has classed as critical-level security risk and has a CVSS Base Score of 9.8. The vulnerability has already been exploited in the wild by several unknown hacker groups. This security update highlights a […]
MICROARCHITECTURE DATA SAMPLING
Priority: High Executive Summary: Intel have publicly disclosed a set of vulnerabilities involving side-channel attacks which allow microarchitecture data sampling (MDS), affecting Intel microprocessors. The four vulnerabilities are similar to Spectre/Meltdown in nature. The issue exists in Intel’s implementation of simultaneous multithreading, named Hyper-Threading. Microprocessor performance is improved by splitting a single physical processor core […]