You are here

Home » Cybersecurity

Cybersecurity

Microsoft Releases May 2019 Security Updates

Microsoft has released its monthly update to address vulnerabilities in its software. For this month, Microsoft has released security updates for Adobe Flash Player, Microsoft Windows, Internet Explorer, Microsoft Edge, Microsoft Office and Microsoft Office Services and Web Apps, Team Foundation Server, Visual Studio, Azure DevOps Server, SQL Server, .NET Framework, .NET Core, ASP.NET Core, ChakraCore, Online Services, Azure, NuGet, and Skype for Android.

Analysis Report: Microsoft Office 365 Security Observations

The NCCIC has published an Analysis Report providing information on the risk associated with migrating email services to Microsoft Office 365 (O365) and other cloud services, a phenomenon it notes is increasing. It states that organizations and their third-party partners need to be aware of the risks involved in transitioning to O365 and other cloud services. The report includes recommendations for mitigating these risks and vulnerabilities. Read the report at NCCIC/US-CERT.

PrinterLogic Print Management Software Vulnerabilities

The CERT Coordination Center (CERT/CC) has released information on vulnerabilities affecting PrinterLogic Print Management Software. A remote attacker could exploit these vulnerabilities to take control of an affected system. The NCCIC encourages users and administrators to review the CERT/CC Vulnerability Note VU#1629249 and consider the listed workarounds until patches are made available.

GandCrab Ransomware’s New Evasive Infection Chain

Cybereason has posted a research article on the GandCrab ransomware, which it notes has adopted different evasive techniques to enable successful infections. According to Cybereason, these techniques include combining a phishing email and weaponized Office documents to gain initial entry onto a targeted machine and leveraging “living-off-the-land” binaries to bypass Windows AppLocker and fetch the ransomware payload, among others. The article contains details discussions of these techniques, including screenshots, and provides recommendations for preventing infections.

FBI FLASH: Indicators of Compromise Associated with Ryuk Ransomware

The FBI has released a FLASH message containing information and indicators of compromise associated with the Ryuk ransomware. It notes that cyber criminals have targeted more than 100 businesses with Ryuj since about August 2018, encrypting files on network shares and infecting computer file systems. Ransom sums of up to $5 million have been demanded by the cyber criminals in exchange for the decryptor program. Ryuk’s targets have varied, but the FBI notes they have had a disproportionate impacts on certain kinds of organizations, which include small municipalities.

NCCIC Alert: New Exploits for Unsecure SAP Systems

The U.S. Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC) has issued an alert in response to recently disclosed exploits that target unsecure configurations of SAP components. According to the alert, a presentation at the April 2019 Operation for Community Development and Empowerment (OPCDE) cybersecurity conference describes SAP systems with unsecure configurations exposed to the internet. Typically, SAP systems are not intended to be exposed to the internet, as it is an untrusted network.

GE Communicator (ICSA-19-122-02) – Product Used in the Energy Sector

The NCCIC has published an advisory on uncontrolled search path, use of hard-coded credentials, and improper access controls vulnerabilities in GE Communicator. Communicator components, all versions prior to 4.0.517, are affected. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges, manipulate widgets and UI elements, gain control over the database, or execute administrative commands. GE recommends users upgrade to GE Communicator version 4.0.517 or newer.

Orpak SiteOmat (ICSA-19-122-01) – Product Used in the Energy Sector

The NCCIC has published an advisory on use of hard-coded credentials, cross-site scripting, SQL injection, missing encryption of sensitive data, code injection, and stack-based buffer overflow vulnerabilities in Orpak SiteOmat. Versions prior to 6.4.414.122 and 6.4.414.084 are affected. Successful exploitation of these vulnerabilities could result in arbitrary remote code execution resulting in possible denial-of-service conditions and unauthorized access to view and edit monitoring, configuration, and payment information.

Average Ransom Amount and Downtime from Ransomware Attacks Increased in Last Quarter, according to Report

A report from cybersecurity company Coveware provides some interesting statistics on ransomware incidents that were experienced in the first quarter of 2019. Coveware found the average ransom for these incidents increased by nearly 90% to $12,762, as compared to $6,733 in the fourth quarter of 2018. According to Coveware, this reflected increased infection by more expensive types of ransomware, including Ryuk, which are typically used in targeted attacks on larger organizations.

Pages

Subscribe to Cybersecurity