WCry Ransomware Using NSA Exploit Leaked by Shadow Brokers running wild
Today security experts are warning of the continued spread of WCry and of numerous variants being released over the weekend.
Typical of Any Ransomware users should be vigilant with any emails that could be carrying a payload or be links to a payload. At this point Microsoft has not ruled out any attack vectors:
We haven’t found evidence of the exact initial entry vector used by this threat, but there are two scenarios we believe are highly possible for this ransomware family:
- Arrival through social engineering emails designed to trick users to run the malware and activate the worm-spreading functionality with the SMB exploit
- Infection through SMB exploit when an unpatched computer can be addressed in other infected machines
Microsoft has released a patch for Operating systems going as far back as XP:
Windows update MS17-010
Security Update for Microsoft Malware Protection Engine
Microsoft has released an update to the Microsoft Malware Protection Engine addressing a security vulnerability. The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system.
Users should run their Microsoft updates ASAP and apply the patch if using one of the Microsoft Provided Malware products such as the Windows Defender line.
Firefox Updated to 53
Firefox 53 marks the first version to not support Windows XP. Users of XP will still get security updates for Firefox 52 for the next six months.
The full list of changes are available at Mozilla
Security: Microsoft Word Vulnerability
Multiple security companies have reported an exploit in the wild infecting users with the Dridex Trojan. When recipients open the document, the exploit – if successful – is used to carry out a series of actions that lead to the installation of Dridex botnet ID 7500 on the user’s system.
All users should always be extremely careful when opening any attachment in email and should apply the patch expected to be provided by Microsoft tonight.
Windows Vista: End of Support
Mainstream support for Vista ended in April 2012, Extended support is ending April 11, 2017 which means no further security updates or paid support. With no updates the use of Windows Vista is not advices and we recommend all personal and business computers be updated to Windows 7 or Windows 10.
Source: Microsoft
Phishing attacks targeting Airline Ticketholders
US-CERT is warning consumers of email-based phishing campaigns targeting airline consumers. Consumers who have booked flights should be vigilante and ensure any email the receive is indeed legitimate. We recommend not following links from received emails and to go directly to the Airline web pages and verify any information there.
Source: US-CERT
Apple Product Critical Security Updates
Apple has released security updates for several of its products, products that received security updates include macOS Server, tvOS, watchOS, iOS, macOS, Safari, and their productivity applications; Pages, Numbers, and Keynote.
Source: Apple
Symantec and Norton Security Products Critical Vulnerabilities
Symantec and Norton branded antivirus products contain multiple vulnerabilities. Some of these products are in widespread use throughout government and industry. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected system.
CVE-2016-2207
- Symantec Antivirus multiple remote memory corruption unpacking RAR
CVE-2016-2208
- Symantec antivirus products use common unpackers to extract malware binaries when scanning a system. A heap overflow vulnerability in the ASPack unpacker could allow an unauthenticated remote attacker to gain root privileges on Linux or OSX platforms. The vulnerability can be triggered remotely using a malicious file (via email or link) with no user interaction.
CVE-2016-2209
- Symantec: PowerPoint misaligned stream-cache remote stack buffer overflow
CVE-2016-2210
- Symantec: Remote Stack Buffer Overflow in dec2lha library
CVE-2016-2211
- Symantec: Symantec Antivirus multiple remote memory corruption unpacking MSPACK Archives
CVE-2016-3644
- Symantec: Heap overflow modifying MIME messages
CVE-2016-3645
- Symantec: Integer Overflow in TNEF decoder
CVE-2016 -3646
- Symantec: missing bounds checks in dec2zip ALPkOldFormatDecompressor::UnShrink
The large number of products affected (24 products), across multiple platforms (OSX, Windows, and Linux), and the severity of these vulnerabilities (remote code execution at root or SYSTEM privilege) make this a very serious event. A remote, unauthenticated attacker may be able to run arbitrary code at root or SYSTEM privileges by taking advantage of these vulnerabilities. Some of the vulnerabilities require no user interaction and are network-aware, which could result in a wormable-event.
Users and network administrators should patch Symantec or Norton antivirus products immediately.
Source: US-CERT
Adobe Acrobat Chrome extension vulnerability
Adobe Acrobat Chrome extension version 15.1.0.3 and earlier have a DOM-based cross-site scripting vulnerability. Successful exploitation could lead to JavaScript code execution.
Adobe has released a security update for the Adobe Acrobat extension for Chrome. This update addresses a cross-site scripting vulnerability rated important that could potentially lead to javascript execution in the browser.
Oracle Patches 270 Vulnerabilities
Oracle has released the first Critical Patch Update of 2017. Oracle is patching 270 different vulnerabilities. Oracle strongly recommends that organizations patch quickly.
Check for your products Here
capitalregionit 