Rampant Cybersecurity Bulletin
November 2017
Latest Cybersecurity News
The latest cybersecurity news so that you can stay on top of what is going on in the cybersecurity world. Click titles below for more details.
Google’s Captcha Broken
Intel Chip Flaws Leave Millions of Devices Exposed
No Patch Available for RCE Bug Affecting Mail Servers
2017 Worst Year On Record for Data Breaches - 305% Increase
Websites Can Use Your CPU to Mine for Cryptocurrency After Browser is Closed
Top Secret NSA and Army Data Leaked Online
Github Introduces Security Alerts
Previous Cybersecurity Bulletins
Not sure if you are vulnerable? Rampant specializes in vulnerability assessments and penetration testing for small & mid-size businesses!
New High Risk Vulnerabilities
You should be aware of the following vulnerabilities, and we recommend patching them immediately if they apply to your systems. Click titles below for more details.
Linux Kernel XFRM Privilege Escalation
Cisco Voice Operating System-Based Products Unauthorized Access
Cisco Firepower 4100 Series NGFW and Firepower 9300 Service Command Execution
Microsoft Excel Code Execution
Microsoft Windows Kernel Privilege Escalation
Apache Hadoop YARN Privilege Escalation
Debian Nginx Package Privilege Escalation
Reported: October 25, 2017
Affected Products: Debian nginx 1.6.2-5+deb8u2
Details: : A local attacker could gain elevated privileges on the system caused by a failure to properly handle log file permissions. An attacker with www-data privileges could obtain root privileges on the target system.
Solution: Refer to Debian Security Advisory – DSA-3701-1 nginx — security update for patch.
References:
https://www.debian.org/security/2016/dsa-3701
https://www.debian.org/security/2016/dsa-3701
New Threat Advisories
You should be aware of the following threats and implement the recommended mitigations to ensure your systems are not impacted. Click titles below for more details.
Ordinypt Ransomware Wipes Disk Instead of Encrypting
New Mirai Variant Scanning With New Exploit
IOTroop Botnet Now Utilizing Reaper Malware
Vault 7 and 8 Release By WikiLeaks