Each week we scour the web to discover the latest developments, news and tips that will help you keep your technology (and your business) safe and secure.
Here are the most interesting articles we’ve found this week that could be helpful to you:
The August patch Tuesday might be one for the record books. Exploited Zero Days, Remote Code Executions, and Privilege Escalations this month we have it all. As usual our current customers have begun getting critical updates. If your not a current Digital Data Communications managed service customer please manually run Windows updates (and Adobe too). Stay safe!
..security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an update for a tenth publicly disclosed zero-day
While it’s not a remote code execution (RCE) flaw or a privilege escalation flaw. It still can have a detrimental effect on your business day.
Narvaja said the vulnerability poses a significant risk as it can lead to system instability and denial of service (DoS) attacks. An attacker could exploit this flaw to repeatedly crash affected systems, potentially causing data loss and disruption to operations.
Brief from CISA and FBI on Blacksuit(Royal) Ransomware
This is a great threat briefing but pretty much the same old tricks. This is a very active campaign.
BlackSuit actors gain initial access to victim networks in several ways, including:
- Phishing. According to third-party reporting, BlackSuit actors most commonly gain initial access to victim networks via phishing emails [T1566]
- Remote Desktop Protocol (RDP). The second most common vector (around 13.3% of incidents) BlackSuit actors use for initial access is RDP compromise [T1021.001]
- Public-facing applications. FBI has observed BlackSuit actors gain initial access through exploiting vulnerable public-facing applications [T1190]
- Brokers. Reports from trusted third-party sources indicate that BlackSuit actors may leverage initial access brokers to gain initial access and source traffic by harvesting virtual private network (VPN) credentials from stealer logs [T1650]
Adobe Reader Security Bulletin
This type of vulnerability is a common target for phishing campaigns. If you are one of our managed service customers its likely this vulnerability has already been patched.
Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution, privilege escalation and memory leak.