Discuss the latest breaches and security news
- 204 Topics
- 198 Replies
Don't Forget About Legacy Systems
Good article from Forbes around protecting your legacy systems: Forbes Council Post: Don't Forget About Legacy Systems The retention of legacy IT systems comes with a unique set of risks. This stat in particular boggled my mind: In fact, most of the U.S. government’s IT budget is allocated toward protecting its legacy systems. Did you know that we support patching XP systems? How many of you are still having to run ancient technology in your environments?
WannaCry Detections at an All-Time High
Even though it’s been more than two years since the WannaCry disaster, detection of the malware has reached an all-time high. It’s crazy that the vulnerability remains unpatched on so many systems given how public the event was. Dark Reading WannaCry Detections At An All-Time High More than 12,000 variants of the infamous malware are targeting systems that are still open to the EternalBlue exploit - but the potential danger is low, Sophos warns. Naked Security – 18 Sep 19 WannaCry – the worm that just won’t die WannaCry never went away – it just became less obvious.
125 New Flaws Found in Routers and NAS Devices from Popular Brands
The Hacker News 125 New Flaws Found in Routers and NAS Devices from Popular Brands Cybersecurity experts discover a total of 125 different security vulnerabilities across 13 small office and home office (SOHO) routers and Network Attached Storage (NAS) devices. Here’s the list of manufacturers who are possibly affected: SOHO routers and NAS devices tested by the researchers are from the following manufacturers: Buffalo Synology TerraMaster Zyxel Drobo ASUS and its subsidiary Asustor Seagate QNAP Lenovo Netgear Xiaomi Zioncom (TOTOLINK)
LastPass bug leaks credentials from previous site
ZDNet LastPass bug leaks credentials from previous site | ZDNet LastPass has released a fix last week. Vulnerability details are now public. Users advised to update. There’s a fix out, so make sure you update your LastPass if you’re a customer of theirs!
NY Payroll Company Vanishes With $35 Million
https://krebsonsecurity.com/2019/09/ny-payroll-company-vanishes-with-35-million/ The company shut down and reversed previous payroll deposits. Some people have gotten the transactions fixed, but others are still waiting for their paycheck. Hopefully none of you were customers of theirs! It does bring up the issue of who has access to your bank accounts and how much do you trust them.
September Patch Tuesday Index
We’ve got our first Patch Tuesday Index up and running! Currently, only Adobe has released their patches, and there were only 2. But we will be updating the index throughout the day so check back a little later once things start to pick up! 🔒 Feel free to comment any news or updates you see out there. What are you expecting from this month’s Patch Tuesday? #PatchYourShit automox.com September 2019 Patch Tuesday Index For the latest Patch Updates from Microsoft and third-party vendors, read our September 2019 Patch Tuesday index consisting of live updates throughout the day.
A huge database of Facebook users’ phone numbers found online
TechCrunch A huge database of Facebook users’ phone numbers found online – TechCrunch Hundreds of millions of phone numbers linked to Facebook accounts have been found online. The exposed server contained more than 419 million records over several databases on users across geographies, including 133 million records on U.S.-based... Looks like they have phone numbers matched up with Facebook IDs. Some of the records have name, location and gender as well. FB is claiming the data is old and was scraped from the site before they stopped displaying phone numbers.
Initial Metasploit Exploit Module for BlueKeep (CVE-2019-0708)
Rapid7 Blog – 6 Sep 19 Initial Metasploit Exploit Module for BlueKeep (CVE-2019-0708) Today, Metasploit is releasing an initial public exploit module for CVE-2019-0708, also known as BlueKeep, as a pull request on Metasploit Framework. Now you can go test and make sure you didn’t miss updating any devices!
Google patches high-severity Chrome browser engine security flaw
http://www.computing.co.uk – 29 Aug 19 Google patches high-severity Chrome browser engine security flaw | Computing The flaw could enable attackers to carry out remote code-execution or denial-of-service attacks,Threats and Risks,Security,Software ,remote code-execution,CVE-2019-5869,Blink,Chrome,Google,Qihoo 360 Update your Chrome right away!
New Chrome Zero-Day - Patch Now!
Hey all - sadly, we’ve tracked down a shiny new Chrome zero day that appears to be impacting basically every version of Chrome past 76.0.3809.132. As usual, the details, severity, and even the fix are a bit murky, but Google has released a new patch. For the security nerds, it’s listed under CVE-2019-5869, but don’t go looking - nothing has been published. The exploit allows for arbitrary code execution when a user visits an infected website, targeting Chrome’s Blink rendering engine. Once your employees visit an infected site (which they’ll do immediately), code can run and do various nefarious things. If you’re really out of date, this could in theory be combined with recent Chrome browser escape vulnerabilities, potentially allowing access to the system itself. Automox has some cool new tools to get you patched - namely the Software page. The new Software page allows you to search by Chrome and sort by date, showing a list of exactly which machines are fully up to date and which ar
The Extortion Economy: How Insurance Companies Are Fueling a Rise in Ransomware Attacks
ProPublica The Extortion Economy: How Insurance Companies Are Fueling a Rise in... Even when public agencies and companies hit by ransomware could recover their files on their own, insurers prefer to pay the ransom. Why? The attacks are good for business. From the article: “Paying the ransom was a lot cheaper for the insurer,” he said. “Cyber insurance is what’s keeping ransomware alive today. It’s a perverted relationship. They will pay anything, as long as it is cheaper than the loss of revenue they have to cover otherwise.”
What sites/tools do you use for Patch Tuesday release news?
What sites and tools do you find are the most responsive, fast-acting, and organized to gather the latest news on Patch Tuesdays? I generally use Krebs on Security and Tenable, amongst a few others, but wanted to see what other tools you all are keen on. Thanks in advance, everyone!
BitDefender Confirms Security Flaw In Free Windows Antivirus 2020, Millions At Risk -- Update Now
Forbes BitDefender Confirms Security Flaw In Free Windows Antivirus 2020, Millions... Atherton Research's Principal Analyst and Futurist Jeb Su weighs in on the new critical security vulnerability found in BitDefender's latest popular free antivirus software for Microsoft Windows. The vulnerability allows a hacker to take control of Windows systems using DLL hijacking. There is a patch for the issue so make sure to update your software if you use the free version of BitDefender.
Cybersecurity Firm Imperva Discloses Breach
https://krebsonsecurity.com/2019/08/cybersecurity-firm-imperva-discloses-breach/ They got away with emails, hashed passwords, API keys and SSL certs for some of their firewall customers. If you use Incapsula, time to update everything unless you want someone else managing your firewall! 🙂
MSP responsible for Texas govt ransomware
BleepingComputer Hackers Want $2.5 Million Ransom for Texas Ransomware Attacks The threat actor that hit multiple Texas local governments with file-encrypting malwarelast week may have done it by compromising a managed service provider. The attacker demanded a collective ransom of $2.5 million, the mayor of a municipality says. The mayor of one of the towns is claiming that the ransomware was delivered through the RMM software that the MSP was using. If you outsource your IT, make sure you pick a good MSP who won’t leave you exposed!
Deepfakes used to fake CEO orders
BBC News Fake voices 'help cyber-crooks steal cash' A security firm says deepfaked audio is being used to steal millions of pounds. These are like the phishing scams where it’s a fake email from your CEO, but instead this is faking a phone call from your CEO telling you to indeed send that $1M wire transfer.
New Data Breach Has Exposed Millions Of Fingerprint And Facial Recognition Records: Report
Forbes New Data Breach Has Exposed Millions Of Fingerprint And Facial Recognition... And now it's happened—actual fingerprints and facial recognition records for millions of people, exposed in a huge data breach. Kinda hard to get issued a new set of fingerprints! According to the article they’re storing the actual fingerprint too, instead of just a hash.
Hy-Vee issues warning to customers after discovering point-of-sale breach
ZDNet Hy-Vee issues warning to customers after discovering point-of-sale breach |... Company doesn't know what locations were impacted, but it's warning customers early so they can keep an eye out for suspicious transactions. They don’t yet know the extent of the hack and exactly which of their customers are affected. But if you’ve made a purchase at any of their gas stations, coffee shops or restaurants then you could be impacted. They also didn’t indicate how long this has been going on for. Here’s their official announcement: https://www.hy-vee.com/corporate/news-events/announcements/notice-of-payment-card-data-incident/
New Critical Bluetooth Security Issue Exposes Millions Of Devices To Attack
Forbes New Critical Bluetooth Security Issue Exposes Millions Of Devices To Attack An 'update now' warning has been issued after "a serious threat to the security and privacy of all Bluetooth users" was discovered. Looks like this affects every Bluetooth device they tested. No patches for it yet, but they’re recommending increasing the minimum length of the encryption key to all BT product developers.
CloudFlare going IPO
CNBC – 15 Aug 19 Web security company Cloudflare files to go public Cloudflare has been at the center of controversies. Now it's looking to capitalize on having such a major user base. Hopefully they’ll be able to keep doing well and providing us with great postmortems like this one: The Cloudflare Blog – 12 Jul 19 Details of the Cloudflare outage on July 2, 2019 Almost nine years ago, Cloudflare was a tiny company and I was a customer not an employee. Cloudflare had launched a month earlier and one day alerting told me that my little site, jgc.org, didn’t seem to have working DNS any more. Anyone here using them?
Kasper-Spy: Kaspersky Anti-Virus puts users at risk
A super interesting read on the failure of Kasperky to protect the data of their users from leaking out, revealing user’s web browsing for years. If you are a user, the vulnerability is filed under CVE-2019-8286. Read the report here: https://www.heise.de/ct/artikel/Kasper-Spy-Kaspersky-Anti-Virus-puts-users-at-risk-4496138.html
Patch Tuesday roundup from KrebsOnSecurity
https://krebsonsecurity.com/2019/08/patch-tuesday-august-2019-edition/ More RDP vulnerabilities - we do have a worklet for turning that off, in case you haven’t already: Worklet: How to Disable Remote Desktop Protocol Connection Worklets Here’s an example of a worklet we recently created in response to managing updates for the BlueKeep vulnerability: Introducing the Automox Worklet To enable your ability to configure and update systems using the Automox platform, we’ve created an endpoint hardening worklet that disables the remote desktop protocol connection. An Automox worklet is an open extensible automation architecture that allows IT operations to create any custom task that they can imagine. Our tool consumes and contain…
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.