October 12, Softpedia – (International) Microsoft patches four zero-days used in live attacks. Microsoft released a security bulletin addressing 4 zero-day vulnerabilities in several of its products, including an information disclosure bug in Internet Explorer, remote code execution (RCE) flaws in Edge’s scripting engine and Windows graphics device interface (GDI), and a memory corruption vulnerability in Office, among other vulnerabilities. Microsoft reported all four zero-days have been exploited in the wild. Source
October 12, SecurityWeek – (International) SAP patches multiple implementation flaws. SAP released security patches resolving 48 vulnerabilities affecting its products, including a denial-of-service (DoS) flaw in SAP ASE that could be exploited to terminate a process in a vulnerable component, a Structured Query Language (SQL) injection issue in SAP ST-PI component that allows an attacker to read and alter sensitive database information, and a cross-site scripting (XSS) flaw in SAP Messaging System Service that enables a malicious actor to inject script into a page to access all session tokens, cookies, and other critical information, among other vulnerabilities. Source
October 11, SecurityWeek – (International) Adobe patches critical flaws in Flash Player, PDF apps. Adobe released patches resolving 71 critical vulnerabilities affecting its Acrobat, Reader, Flash Player, and Creative Cloud desktop application products , including a security bypass vulnerability, an unquoted search path vulnerability that could lead to local privilege escalation in Creative Cloud for Microsoft Windows, and several memory flaws that could allow arbitrary code execution, among other vulnerabilities. Source
October 11, SecurityWeek – (International) DXXD ransomware encrypts files on unmapped network shares. Security researchers from BleepingComputer reported a new ransomware family, dubbed DXXD was spotted targeting and encrypting files on both mapped and unmapped network shares, and was abusing Remote Desktop Services and brute-forcing passwords on infected devices for distribution. DXXD changes a Microsoft Windows Registry setting in order to display a notice when a victim logs in to their infected device, ensuring that the user sees the ransom note. Source
Above Reprinted from the USDHS Daily Open Source Infrastructure Report