This is one for the experts.   swiat July 13th, 2017   Introduction   Recently we announced a series of blog posts dissecting the exploits released by the ShadowBrokers in April 2017; specifically some of the less explored exploits. This week we are going to take a look at Eternal Synergy, an SMBv1 authenticated exploit. This… Continue reading Eternal Synergy Exploit Analysis

Black Hat USA researchers show how bad guys can use cloud AV connections to bypass air-gaps and extremely segmented networks to keep stolen data flowing.Over the past few years, security researchers have been drawing increasing attention to the fact that under the right circumstances security products could potentially be used to attack the very machines… Continue reading Cloud AV Can Serve as an Avenue for Exfiltration

14th July 2017  By Catalin Cimpanu     Starting next week Google will overhaul its two-step verification (2SV) procedure and replace one-time codes sent via SMS with prompts shown on the user’s smartphone.   This change in the Google 2SV scheme comes after an increase in SS7 telephony protocol attacks that have allowed hackers to… Continue reading Google to Replace SMS Codes With Mobile Prompts in 2-Step-Verification Procedure

By Michael Mimoso  July 14, 2017   Cisco has patched nine serious remote code execution vulnerabilities in the SNMP subsystem running in its IOS and IOS XE software. The vulnerabilities had been publicly disclosed. Cisco notified users of the availability of patches after releasing its initial advisory on the matter on June 29, warning of… Continue reading Cisco Patches Publicly Disclosed SNMP Vulnerabilities in IOS, IOS XE

By Michael Mimoso  July 14, 2017   A handful of vulnerabilities in Siemens’ SiPass integrated server have been patched, including one that allows an attacker to bypass authentication on the box. SiPass is the company’s integrated access control server managing physical access in a number of industries and use cases. The product supports card readers… Continue reading Siemens Patches Authentication Bypass Flaw in SiPass Server

By Tom Spring July 14, 2017     Two malware families, NemucodAES and Kovter, are being packaged together in .zip attachments and delivered via active spam campaigns. Researcher Brad Duncan said, “together these two pieces of malware could deliver a nasty punch.”   Duncan, a handler at the SANS Institute Internet Storm Center, said that… Continue reading NemucodAES Ransomware, Kovter Click-Fraud Malware Spreading in Same Campaigns

—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA256   ******************************************************************** Title: Microsoft Security Update Minor Revisions Issued: July 13, 2017 ********************************************************************   Summary =======   The following CVEs have undergone a minor revision increment.   * CVE-2017-8563 * CVE-2017-8589   Revision Information: =====================   CVE-2017-8563    – Title: CVE-2017-8563 | Windows Elevation of Privilege    Vulnerability  –… Continue reading Microsoft Security Update Minor Revisions Issued: July 13, 2017

   A London health insurance agency has been hit with a massive data breach. The personal information of about 547,000 people was compromised.   Unlike recent ransomware attacks, this breach came from within the company. “The data breach really highlights the fact that employees can still be an organization’s weakest link with regards to security,”… Continue reading Bupa breach affects more than half a million customers

Graham CLULEY 13th July 2017     Healthcare insurance giant Bupa has warned customers that it has suffered a breach, after an employee inappropriately copied and removed customer information from the business.   In all, around 108,000 international health insurance policies are said to be affected.   An email sent to affected policy holders describes… Continue reading Bupa warns health insurance information exposed by rogue employee

By Chris Brook July 13, 2017   Attackers have been setting their sights on freshly installed WordPress deployments, taking advantage of users who fail to follow through when it comes to configuring their server’s settings.   Researchers at the WordPress security plugin WordFence said Tuesday they observed a significant spike in attacks targeting WordPress accounts… Continue reading Attackers Using Automated Scans to Takeover WordPress Installs