January 14, SecurityWeek – (International) Cisco patches serious flaw in networking, security products. Cisco released software updates that addressed multiple critical vulnerabilities in several of its networking and security products including an unauthorized access issue that affects Cisco standalone and modular controllers running Wireless LAN Controller (LAN) software that allowed attackers to modify the device’s configuration and compromise the device. Source
January 13, Softpedia – (International) DHCP gets a fix for denial-of-service bug. The Internet Systems Consortium (ICS) patched a flaw in its Dynamic Host Configuration Profile (DHCP) software packages after a security researcher from Sophos discovered the vulnerability allowed attackers to crash the systems by sending a malicious network packet with an invalid IPv4 UDP length field. Source
January 13, IDG News Service – (International) Microsoft fixes critical flaws in Windows, Office, Edge, IE and other products. Microsoft released security updates that patched critical flaws in its Windows, Office, Edge, Internet Explorer, Silverlight, and Visual Basic products, including remote code execution vulnerabilities, elevation of privilege vulnerabilities, and a spoofing flaw. Source
January 13, Softpedia – (International) Shoddy ransomware destroys user’s files. Security researchers from Trend Micro identified a ransomware dubbed RANSOME_CRYPTEAR.B that used a crypto flaw hidden in the Hidden Tear ransomware to infect users and encrypt their files by redirecting users to fake Adobe Flash websites that distributes a malicious Flash Player update and allows attackers to infect the victim’s system with a crypto-ransomware that would encrypt all data files. Authors of the malware were seen throwing away the encryption key, rendering all encrypted files unrecoverable. Source