Microsoft’s July Patch Tuesday updates resolve 77 vulnerabilities in Windows software, including two zero-day vulnerabilities which are being actively exploited and remote code execution vulnerabilities in DHCP Server and MS SQL Server. DHCP Server RCE vulnerability If you have your Microsoft DHCP server configured with a failover server, an attacker can send a specially crafted […]
July patch Tuesday fixes RCE in DHCP Read More »
The June Patch Tuesday updates from Microsoft included a change to the Bluetooth LE stack which could prevent some of your Bluetooth devices from connecting – and you’ll be glad! When vendors publish specifications, such as the one for Bluetooth LE, it is common practice to include some example code to give adopters an idea
June Patch Tuesday breaks Bluetooth – in a good way Read More »
Nansh0u is a crypto-mining attack which has infected 50,000 MSSQL servers since February 2019 It is notable because its primary attack vector is poor SecOps on the part of victims and not a vulnerability per se First detected by security firm Guardicore, Nansh0u was observed infecting some 700 new servers each day. A study of
Nansh0u – anatomy of a cyber attack Read More »
Microsoft included a fix for a serious RDP remote code execution vulnerability known as BlueKeep in the May patch Tuesday update. The vulnerability, which has become known as BlueKeep or CVE-2019-0708, remains unpatched on millions of internet connected systems. It affects all Windows-NT based operating systems ranging from Windows 2000 and Windows XP up to
Bluekeep – critical Windows vulnerability Read More »
LightNeuron is a backdoor specifically designed to target Microsoft Exchange mail servers. It permits attackers to read and reroute all email passing through the server and execute commands on the server hidden in incoming email attachments. A recent paper published by ESET describes how the malware functions and the risks it poses. The researcher says:
LightNeuron malware targets Exchange servers Read More »
Organisations using Office365 are being targeted with an ingenious credential stealing campaign which uses Azure hosting to add legitimacy. First reported by Edgewave, this approach uses fake Office365 login pages which are hosted on Azure. By using Azure Blob Storage to host the html pages, the URL for the malicious webpage is delivered from the
Office365 credential stealing tactics Read More »
Kaspersky has recently published information on what their security products are observing in their clients systems – and the dramatic rise of MS Office as a malware target. In 2016 MS Office was the target of 16% of attacks, behind Android at 19% and web browsers who were the dominant target with 45% of all
MS Office now most targeted malware vector Read More »
Microsoft is changing the way it digitally signs updates to Windows to improve protection against supply chain attacks – ensuring only valid original patches from Microsoft are installed through the Windows update utility. Currently, Windows patches are digitally-signed using both the SHA-1 and SHA-2 algorithms; however, because of known vulnerabilities in the SHA-1 hashing algorithm,
Microsoft improve code-signing on security updates with SHA-2 Read More »
In 2017 MS Office files accounted for just 5% of malicious email attachments – this jumped to 48% by the end of 2018 A recent report by Symantec reveals that Microsoft Office files are increasing used as the delivery mechanism for malicious payloads over email, especially targeting businesses. In 2017 MS Office files accounted for
Microsoft Office files increasing used as attack vector Read More »
The February 2019 Exchange Quarterly updates (https://blogs.technet.microsoft.com/exchange/2019/02/12/released-february-2019-quarterly-exchange-updates/) from Microsoft includes a fix for the NTLM relay vulnerability we reported last week. The fix changes the way Exchange Web Services operates in order to remove the ability for a man in the middle attack to capture and replay the authentication traffic and so escalate their privileges
Microsoft release fix for Exchange NTLM relay vulnerability Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.