Patrick Domingues

Adobe has pushed out security updates for two critical vulnerabilities . Adobe Acrobat and Reader for Windows and Mac are affected.

The flaw reported by Apelt is identified as the CVE-2018-16011 and is a bug that can lead to arbitrary code execution. An Attacker can exploit the flaw by tricking an end user into clicking a PDF file which would execute a script with the privileges of the current logged in user.

The last vulnerability was discovered by Hariri and identified it as the CVE-2018-19725, is a security bypass flaw that could result in privilege escalation.

Contact your IT Leaders and make sure your software is updates. Some of you may already have the software to auto update or you can try to update the software yourself by opening up Adobe Acrobat or Reader and clicking Help Check for Updates .

More Resources for downloads.… Read the rest

This new malware uses Twitter to deploy Remote Access Tojans (RATs) from a image. The malware can infect vulnerable computers and collect information, take screenshots and jump to other computers to infect them as well.

Trend Micro said in their Blog Post that the malware listens for commands within the the hackers twitter account . The researchers found two tweets that are used to hide a “/print” command in the image which told the malware to take a screenshot of an infected computer. The malware then separately obtains the address where its command and control server is located from a Pastebin post, which directs the malware where to send the screenshots .

• More Details can be found on Trend Micros Blog

… Read the rest

A newly discovered malware infection targeting macOS devices. 
Malwarebytes security researchers say it has the ability of injecting ads into encrypted web traffic.

This malware is call OSX.SearchAwesome, the malware is delivered by a malicious installer that arrives as an app downloaded using a torrent file. The malware installer looks like a disk image file but doesn’t have the usual icon art that is used to make it look legitimate.

When the malware is launched, the image file installs the the payload silently and then it requests the user to authorize changes to the Certificate Trust Settings and to allow a component called spi to modify the network configuration. This will then allow the malware to inject itself to network traffic.

… Read the rest

On Tuesday Microsoft notified users that digital certificates have been compromised for two apps which allowed someone to remotely spoof websites and content.  The issue was that the certificate and private key were the same for anyone who installed these two applications. Which allowed a hacker to decrypt the software’s private key which compromised the security of the windows computers. The certificate became susceptible to attacks like spoofing, phishing, or man-in-the-middle attacks.

November 23, following a vulnerability identified in Sennheiser HeadSetup and HeadSetup Pro, new versions have been made available.

Updating the software to its latest version will rid the software of vulnerable certificates. Additionally, the invalidation by Windows November 27th of the former certificates fully eliminate the possibility to exploit the certificates.

The latest software versions are as follows:

• HeadSetup Pro: v.2.6.8235
• HeadSetup: v.8.1.6114 (for PC) and v. 5.3.7011 (for Mac).

Mac users and Windows users, that

… Read the rest

Crash Skype for Business by sending a large number of emojis 800+ kittens in one message and the client freezes the program for a few seconds. This can be exploited to perform Denial of Service attacks against Skype for Business users and compromises the availability of the program.

How would an attacker go about performing this attack? Well its quite simple, the attacker can continuously send many messages to the chat window and it will freeze the program for all participants in the meeting room and prevent them from using the chat or seeing the video.

 Are you affected?

You could send yourself a few hundred emojis and see if your client freezes but we wouldn’t recommend it. Plus, there is an easier way. Just check if your client is one of these:

• Skype for Business 2016 MSO (16.0.93).64-Bit or before
• Lync 2013 (15.0) 64-Bit part of Microsoft Office Professional

… Read the rest

New reports on not just ransomware but all malware saw massive growth year after year. From SonicWall the cyber-security company detected 45 percent growth of malware infections towards desktops. SoncWall spotted 300,000 new attack variants so far this year. SonicWall’s recently announced Capture Cloud Platform is designed to counter these rising threats.

SonicWall Capture Threat Network, which includes more than 1 million sensors across the world, recorded the following 2018 year-to-date attack data through September 2018:

• 8.5 billion malware attacks (54 percent increase from 2017)
• 2.9 trillion intrusion attempts (49 percent increase)
• 262.4 million ransomware attacks (108 percent increase)
• 1.9 million encrypted threats (56 percent increase)

In September 2018 alone, the average SonicWall customer faced:

• 1,662 malware attacks (24 percent decrease from July 2017)
• 791,015 intrusion attempts (19 percent increase)
• 56 ransomware attacks (99 percent increase)
• 70.9 encrypted threats (61 percent decrease)
• 10 phishing attacks each day (92 percent decrease)

… Read the rest

There is another large-scale spam campaign going to spread the Emotet banking trojan. The Emotet banking trojan is mostly used as the dropper for other payloads like ICedID, Trickbot, Zeus Panda Banker and a few others. These infections can scan and harvest different types of sensitive information, scan email 180 days back,  have the ability to open firewall ports and it can spread around in the network like a worm.

So how is this infection infiltrate a network? Well this infection comes in as an email with an attachment being a word doc or pdf doc. When you open up the document and click on a link and allow it to run that’s when you have compromised the system and potentially the entire network.

Do you have the best AV around? Sometimes that doesn’t help there are new variants of this Emotet payload being created every day and it can … Read the rest

A brand new botnet which is a variant of the BCMUPnP_Hunter is taking advantage of this 5 year router flaw and 360 Netlab research shows that hundreds and thousands of of bots have already seeded themselves into routers.  This same bot takes advantage of the same vulnerability that was discovered in 2013 (  BroadCom UPnp Vulnerability ).

Once the targeted router has been taken over the hacker can make Proxy changes to the next work profit from scripting simulation clicks and using mail servers like Outlook, Hotmail, and Yahoo mail just to take a few to send massive amounts of spam from your network.

Affected Router Brands Are:

• D-Link,
• Linksys,
• Technicolor router,
• Netgear
• Asus
• Trendnet
• Belkin
• TP-Link,
• ZTE,
• Zyxel,
• NetComm,
• ISP CenturyLink Routers

You may want to look up your router model and see if you are affected. Contact me on Linkedin, Twitter or through email if you need assistance … Read the rest

A New Intel CPU Exploit : As if the Intel CPU couldn’t catch a break. A team of researches discovered a serious side-channel vulnerability in the CPU which could allow the attacker to find protected data like OPENSSL keys, Cypto Keys, Passwords and other processes that are running but only if the CPU has multi-threading feature enabled. They have dubbed the Vulnerability PortSmash (CVE-2018-5407), This Vulnerability is just as dangerous as the Meltdown and Spectre, TLbleed and Foreshadow.

So how do you protect yourself for the PortSmash vulnerability? The only method right now is to disable SMT/Hyper-Threading in the CPU chip’s BIOS until Intel releases security patches.

OpenSSL software is offering users a patch that can prevent the exploit from its own software.

• Tackling Shadow IT: The Unseen Network Security Risk
• How to Spot and Report Cybercrime Effectively
• IT Management Strategies For Startups
• 3 Common Mistakes in IT Operations You Can’t

… Read the rest

The author of Kraken Ransomware has adopted the ransomware-as-a-service (RaaS) Model.  In the Dark Web you can find more details about joining the affiliate program which requires a small fee to be considered a trusted partner. The interesting part about this affiliate program is that you get about 70% to 80% of the earnings and requires little to no knowledge of the criminal of deployment or software coding. The developer gets enough kick back to continue updates to the software code. This means they can afford a bigger Dev Team and instead of updates and revisions of Kraken taking a week or two they can do it within a day or a matter of hours. This put Antivirus providers on their toes day to day. I believe the integration of some sort of AI intelligence must play a roll here to combat these Zero Day ransomware infections. Regardless no matter … Read the rest