Daily NCSC-FI news followup 2020-07-14

Microsoft July 2020 Patch Tuesday: 123 vulnerabilities, 18 Critical!

www.bleepingcomputer.com/news/microsoft/microsoft-july-2020-patch-tuesday-123-vulnerabilities-18-critical/ This Patch Tuesday is the second-largest update ever, with the largest one being issued in June 2020 with 129 fixes.

17-Year-Old Critical ‘Wormable’ RCE Vulnerability Impacts Windows DNS Servers

thehackernews.com/2020/07/windows-dns-server-hacking.html Microsoft patched today a new highly critical “wormable” vulnerability – – carrying a severity score of 10 out of 10 on the CVSS scale – affecting Windows Server versions 2003 to 2019. The 17-year-old remote code execution flaw (CVE-2020-1350), dubbed ‘SigRed’ by Check Point, could allow an unauthenticated, remote attacker to gain domain administrator privileges. See also:

msrc-blog.microsoft.com/2020/07/14/july-2020-security-update-cve-2020-1350-vulnerability-in-windows-domain-name-system-dns-server/

Adobe fixes critical bugs in Creative Cloud, Media Encoder

www.bleepingcomputer.com/news/security/adobe-fixes-critical-bugs-in-creative-cloud-media-encoder/ Adobe has released security updates to address four critical vulnerabilities that could allow attackers to execute arbitrary code and write arbitrary files on Windows devices running vulnerable versions of Creative Cloud, Adobe Download Manager, and Adobe Media Encoder.

Britannia julisti kiellon Huaweille 5g-verkoissa – Nokia ja Ericsson heti valmiita korvaajiksi

www.kauppalehti.fi/uutiset/kl/a8df18ea-00e2-46d2-ad6f-5aeb4a9c5ec5 Brittihallitus on pyörtänyt aiemman päätöksensä ja kieltää uusien 5g-laitteiden ostot kiinalaisyhtiö Huaweilta vuoden lopussa. Päätös viivästyttää verkon rakentamista ja lisää kuluja jopa pari miljardia puntaa.

Tietosuojaongelma kaupparekisterin tietopalvelussa, 144 henkilön tiedot näkyneet virheellisesti

yle.fi/uutiset/3-11446744 Kaupparekisterissä on lähes 1, 6 miljoonan ihmisen henkilötiedot. PRH:n mukaan vika johtui ohjelmistovirheestä. Vikatilanne alkoi jo kesäkuun 16. päivä, mutta se huomattiin vasta 6. heinäkuuta. Palvelu suljettiin heti.

Katalaanijohtaja epäilee Espanjan valtiota vakoilusta – kybertutkijoiden mukaan Roger Torrentin puhelimessa oli vakoiluohjelma

yle.fi/uutiset/3-11446945 Kyseessä on israelilaisen NSO-yhtiön kehittämä vakoiluohjelma Pegasus, joka pystyttiin ilmeisesti asentamaan puhelimeen WhatsApp-viestisovelluksessa olleen haavoittuvuuden kautta. Torrentia varoitti vakoiluohjelmasta kyberturvallisuusyhtiö, joka tutki asiaa WhatsAppin puolesta.

Just 21% of security pros haven’t considered quitting their current job

www.theregister.com/2020/07/14/infosec_job_change/ Almost one in five infosec pros have quit a job due to overwork or burnout caused by the constant pressure of keeping things safe and doing so without the resources to counter ever-evolving threats. Some 18 per cent [n=445] said they had personally walked out of a role permanently because of burnout; 36 per cent professed to knowing someone that had left due to it; and another 25 per cent claimed they had considered it.

You might be interested in …

Daily NCSC-FI news followup 2021-09-15

Patch now! PrintNightmare over, MSHTML fixed, a new horror appears OMIGOD blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/patch-now-printnightmare-over-mshtml-fixed-a-new-horror-appears-omigod/ The September 2021 Patch Tuesday could be remembered as the final patching attempt in the PrintNightmare nightmare. The ease with which the vulnerabilities shrugged off the August patches doesn’t look to get a rerun. So far we haven’t seen any indications that this […]

Read More

Daily NCSC-FI news followup 2020-02-25

Mobile malware evolution 2019 securelist.com/mobile-malware-evolution-2019/96280/ Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT www.fireeye.com/blog/threat-research/2020/02/ransomware-against-machine-learning-to-disrupt-industrial-production.html Firefox enables DNS-over-HTTPS by default (with Cloudflare) for all U.S. users thehackernews.com/2020/02/firefox-dns-over-https.html Install Latest Chrome Update to Patch 0-Day Bug Under Active Attacks thehackernews.com/2020/02/google-chrome-zero-day.html New OpenSMTPD RCE Flaw Affects Linux and OpenBSD […]

Read More

Daily NCSC-FI news followup 2020-02-14

U.S. Charges Huawei with Stealing Trade Secrets from 6 Companies thehackernews.com/2020/02/united-states-china-huawei.html The US Department of Justice (DoJ) and the Federal Bureau of Investigation (FBI) charged Huawei with racketeering and conspiring to steal trade secrets from six US firms, in a significant escalation of a lawsuit against the Chinese telecom giant that began last year. North […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.