Let's talk shop!
We’ve got our first Patch Tuesday Index up and running! Currently, only Adobe has released their patches, and there were only 2. But we will be updating the index throughout the day so check back a little later once things start to pick up! 🔒 Feel free to comment any news or updates you see out there. What are you expecting from this month’s Patch Tuesday? #PatchYourShit automox.com September 2019 Patch Tuesday Index For the latest Patch Updates from Microsoft and third-party vendors, read our September 2019 Patch Tuesday index consisting of live updates throughout the day.
TechCrunch A huge database of Facebook users’ phone numbers found online – TechCrunch Hundreds of millions of phone numbers linked to Facebook accounts have been found online. The exposed server contained more than 419 million records over several databases on users across geographies, including 133 million records on U.S.-based... Looks like they have phone numbers matched up with Facebook IDs. Some of the records have name, location and gender as well. FB is claiming the data is old and was scraped from the site before they stopped displaying phone numbers.
Rapid7 Blog – 6 Sep 19 Initial Metasploit Exploit Module for BlueKeep (CVE-2019-0708) Today, Metasploit is releasing an initial public exploit module for CVE-2019-0708, also known as BlueKeep, as a pull request on Metasploit Framework. Now you can go test and make sure you didn’t miss updating any devices!
http://www.computing.co.uk – 29 Aug 19 Google patches high-severity Chrome browser engine security flaw | Computing The flaw could enable attackers to carry out remote code-execution or denial-of-service attacks,Threats and Risks,Security,Software ,remote code-execution,CVE-2019-5869,Blink,Chrome,Google,Qihoo 360 Update your Chrome right away!
Hey all - sadly, we’ve tracked down a shiny new Chrome zero day that appears to be impacting basically every version of Chrome past 76.0.3809.132. As usual, the details, severity, and even the fix are a bit murky, but Google has released a new patch. For the security nerds, it’s listed under CVE-2019-5869, but don’t go looking - nothing has been published. The exploit allows for arbitrary code execution when a user visits an infected website, targeting Chrome’s Blink rendering engine. Once your employees visit an infected site (which they’ll do immediately), code can run and do various nefarious things. If you’re really out of date, this could in theory be combined with recent Chrome browser escape vulnerabilities, potentially allowing access to the system itself. Automox has some cool new tools to get you patched - namely the Software page. The new Software page allows you to search by Chrome and sort by date, showing a list of exactly which machines are fully up to date and which ar
ProPublica The Extortion Economy: How Insurance Companies Are Fueling a Rise in... Even when public agencies and companies hit by ransomware could recover their files on their own, insurers prefer to pay the ransom. Why? The attacks are good for business. From the article: “Paying the ransom was a lot cheaper for the insurer,” he said. “Cyber insurance is what’s keeping ransomware alive today. It’s a perverted relationship. They will pay anything, as long as it is cheaper than the loss of revenue they have to cover otherwise.”
What sites and tools do you find are the most responsive, fast-acting, and organized to gather the latest news on Patch Tuesdays? I generally use Krebs on Security and Tenable, amongst a few others, but wanted to see what other tools you all are keen on. Thanks in advance, everyone!
Forbes BitDefender Confirms Security Flaw In Free Windows Antivirus 2020, Millions... Atherton Research's Principal Analyst and Futurist Jeb Su weighs in on the new critical security vulnerability found in BitDefender's latest popular free antivirus software for Microsoft Windows. The vulnerability allows a hacker to take control of Windows systems using DLL hijacking. There is a patch for the issue so make sure to update your software if you use the free version of BitDefender.
https://krebsonsecurity.com/2019/08/cybersecurity-firm-imperva-discloses-breach/ They got away with emails, hashed passwords, API keys and SSL certs for some of their firewall customers. If you use Incapsula, time to update everything unless you want someone else managing your firewall! 🙂
BleepingComputer Hackers Want $2.5 Million Ransom for Texas Ransomware Attacks The threat actor that hit multiple Texas local governments with file-encrypting malwarelast week may have done it by compromising a managed service provider. The attacker demanded a collective ransom of $2.5 million, the mayor of a municipality says. The mayor of one of the towns is claiming that the ransomware was delivered through the RMM software that the MSP was using. If you outsource your IT, make sure you pick a good MSP who won’t leave you exposed!
BBC News Fake voices 'help cyber-crooks steal cash' A security firm says deepfaked audio is being used to steal millions of pounds. These are like the phishing scams where it’s a fake email from your CEO, but instead this is faking a phone call from your CEO telling you to indeed send that $1M wire transfer.
Forbes New Data Breach Has Exposed Millions Of Fingerprint And Facial Recognition... And now it's happened—actual fingerprints and facial recognition records for millions of people, exposed in a huge data breach. Kinda hard to get issued a new set of fingerprints! According to the article they’re storing the actual fingerprint too, instead of just a hash.
ZDNet Hy-Vee issues warning to customers after discovering point-of-sale breach |... Company doesn't know what locations were impacted, but it's warning customers early so they can keep an eye out for suspicious transactions. They don’t yet know the extent of the hack and exactly which of their customers are affected. But if you’ve made a purchase at any of their gas stations, coffee shops or restaurants then you could be impacted. They also didn’t indicate how long this has been going on for. Here’s their official announcement: https://www.hy-vee.com/corporate/news-events/announcements/notice-of-payment-card-data-incident/
Forbes New Critical Bluetooth Security Issue Exposes Millions Of Devices To Attack An 'update now' warning has been issued after "a serious threat to the security and privacy of all Bluetooth users" was discovered. Looks like this affects every Bluetooth device they tested. No patches for it yet, but they’re recommending increasing the minimum length of the encryption key to all BT product developers.
CNBC – 15 Aug 19 Web security company Cloudflare files to go public Cloudflare has been at the center of controversies. Now it's looking to capitalize on having such a major user base. Hopefully they’ll be able to keep doing well and providing us with great postmortems like this one: The Cloudflare Blog – 12 Jul 19 Details of the Cloudflare outage on July 2, 2019 Almost nine years ago, Cloudflare was a tiny company and I was a customer not an employee. Cloudflare had launched a month earlier and one day alerting told me that my little site, jgc.org, didn’t seem to have working DNS any more. Anyone here using them?
A super interesting read on the failure of Kasperky to protect the data of their users from leaking out, revealing user’s web browsing for years. If you are a user, the vulnerability is filed under CVE-2019-8286. Read the report here: https://www.heise.de/ct/artikel/Kasper-Spy-Kaspersky-Anti-Virus-puts-users-at-risk-4496138.html
https://krebsonsecurity.com/2019/08/patch-tuesday-august-2019-edition/ More RDP vulnerabilities - we do have a worklet for turning that off, in case you haven’t already: Worklet: How to Disable Remote Desktop Protocol Connection Worklets Here’s an example of a worklet we recently created in response to managing updates for the BlueKeep vulnerability: Introducing the Automox Worklet To enable your ability to configure and update systems using the Automox platform, we’ve created an endpoint hardening worklet that disables the remote desktop protocol connection. An Automox worklet is an open extensible automation architecture that allows IT operations to create any custom task that they can imagine. Our tool consumes and contain…
The Verge – 11 Aug 19 Security researchers find that DSLR cameras are vulnerable to ransomware attack Canon has issued a security advisory and firmware patch for the vulnerability Looks like it’s a remote exploit, so watch out what Wifi you connect your Canon to until you’ve updated your camera. It would suck to have your images encrypted before you even get to download them to a safe location.
TechCrunch With warshipping, hackers ship their exploits directly to their target’s mail... Why break into a company’s network when you can just walk right in — literally? Gone could be the days of having to find a zero-day vulnerability in a target’s website, or having to scramble for breached usernames and passwords to break through a... Do any of you take any security measures against packages delivered to your office?
https://www.scmagazine.com/home/security-news/data-breach/independent-researcher-xxdesmus-discovered-a-honda-motor-company-database-leaking-the-computer-data-of-134-million-rows-roughly-40gb-of-employee-information/ Looks like it’s mostly information about their computer endpoints, but that can still give hackers info they can use to try to break in using known vulnerabilities. Especially targeting the endpoints that don’t have their security software installed.
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.