It was a relatively low-key year-ender for Microsoft’s Patch Tuesday, as the company’s monthly release of updates was relatively light in terms of noteworthy vulnerabilities. With that said, there were still a few notable vulnerabilities that were addressed.Read More
Intel recently released a security advisory detailing several security flaws in its Management Engine (ME). The advisory provides critical ME, Trusted Execution Technology (TXT), and Server Platform Services (SPS) firmware updates for versions 8.X-11.X covering multiple CVE IDs, with CVSS scores between 6.7 and 8.2.
But there is also another notable vulnerability that can pose a bigger risk especially to corporate computers and networks: CVE-2017-5689, a privilege escalation flaw. While there are certain factors and/or triggers for this vulnerability, it can provide attackers administration access and enable them to remotely reset or power off the vulnerable system if exploited successfully. This security issue was divulged in the research, “Silent Bob is Silent.” Compared to the recently identified ME vulnerabilities, CVE-2017-5689 was assigned a CVSSv3 score of 9.8.Read More
The waves of backdoor-laden spam emails we observed during June and July that targeted Russian-speaking businesses were part of bigger campaigns. The culprit appears to be the Cobalt group, based on the techniques used. In their recent campaigns, Cobalt used two different infection chains, with social engineering hooks that were designed to invoke a sense of urgency in its recipients—the bank’s employees.
Of note were Cobalt’s other targets. The hacking group’s first spam run also targeted a Slovenian bank, while the second run targeted financial organizations in Azerbaijan, Belarus, and Spain.Read More
Microsoft rolled out fixes for over 50 security issues in this month’s Patch Tuesday. The updates cover vulnerabilities and bugs in the Windows operating system, Internet Explorer (IE), Edge, ASP .NET Core, Chakra Core browsing engine, and Microsoft Office. Microsoft also released a security advisory providing defense-in-depth mitigations against attacks abusing the Dynamic Data Exchange (DDE) protocol in light of recent attacks misusing this feature.
Abusing DDE isn’t new, but the method has made a resurgence with reports of cyberespionage and cybercriminal groups such as Pawn Storm, Keyboy, and FIN7 leveraging it to deliver their payloads.Read More