July 13, SecurityWeek – (International) SAP patches critical Clickjacking vulnerabilities. SAP released 10 Security Patch Day Notes and 26 Support Package Notes addressing several vulnerabilities, including a critical Clickjacking flaw in multiple SAP frameworks and technologies, denial of service flaws, missing authorization checks, code injection, and a cross-site scripting (XSS) issue, among other vulnerabilities. Source
July 13, Softpedia – (International) New Stampado ransomware advertised on the Dark Web for only $39. Heimdal Security researchers spotted a new version of ransomware on the Dark Web dubbed, Stampado, which is offered via Ransomware-asa-Service (RaaS) model and locks files with a “.locked” file extension, similar to other ransomware families. Stampado is being offered for $39 for a lifetime license and mimics the Jigsaw ransomware, in that it deletes a random file from the infected computer every 6 hours in order to scare the victim into paying the ransom. Source
July 12, SecurityWeek – (International) Microsoft patches critical flaws in Internet Explorer, Edge. Microsoft released 11 bulletins addressing 15 bugs in Internet Explorer, 13 bugs in Edge, and several other flaws in Office, Jscript, VBScript, and .NET Framework including a remote code execution (RCE) bug, an elevation of privilege issue in Windows Print Spooler, and a scripting engine memory corruption vulnerability in Jscript and VBScript, among others. Source
July 12, SecurityWeek – (International) Adobe patches critical vulnerabilities in Flash, Acrobat, Reader. Adobe released security updates for Flash Player, Acrobat, Reader, and XMP Toolkit for Java patching more than 82 bugs affecting Microsoft Windows, Mac OS X, ChromeOS, and Linux users, including an integer overflow issue, a user-after-free vulnerability, a heap buffer overflow bug, and multiple memory corruption vulnerabilities, among others. Source
Above Reprinted from the USDHS Daily Open Source Infrastructure Report