Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On October 13, 2016

October 12, Softpedia – (International) Microsoft patches four zero-days used in live attacks. Microsoft released a security bulletin addressing 4 zero-day vulnerabilities in several of its products, including an information disclosure bug in Internet Explorer, remote code execution (RCE) flaws in Edge’s scripting engine and Windows graphics device interface (GDI), and a memory corruption vulnerability in Office, among other vulnerabilities. Microsoft reported all four zero-days have been exploited in the wild. Source

October 12, SecurityWeek – (International) SAP patches multiple implementation flaws. SAP released security patches resolving 48 vulnerabilities affecting its products, including a denial-of-service (DoS) flaw in SAP ASE that could be exploited to terminate a process in a vulnerable component, a Structured Query Language (SQL) injection issue in SAP ST-PI component that allows an attacker to read and alter sensitive database information, and a cross-site scripting (XSS) flaw in SAP Messaging System Service that enables a malicious actor to inject script into a page to access all session tokens, cookies, and other critical information, among other vulnerabilities. Source

October 11, SecurityWeek – (International) Adobe patches critical flaws in Flash Player, PDF apps. Adobe released patches resolving 71 critical vulnerabilities affecting its Acrobat, Reader, Flash Player, and Creative Cloud desktop application products , including a security bypass vulnerability, an unquoted search path vulnerability that could lead to local privilege escalation in Creative Cloud for Microsoft Windows, and several memory flaws that could allow arbitrary code execution, among other vulnerabilities. Source

October 11, SecurityWeek – (International) DXXD ransomware encrypts files on unmapped network shares. Security researchers from BleepingComputer reported a new ransomware family, dubbed DXXD was spotted targeting and encrypting files on both mapped and unmapped network shares, and was abusing Remote Desktop Services and brute-forcing passwords on infected devices for distribution. DXXD changes a Microsoft Windows Registry setting in order to display a notice when a victim logs in to their infected device, ensuring that the user sees the ransom note. Source

Above Reprinted from the USDHS Daily Open Source Infrastructure Report

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.