Rampant Cybersecurity Bulletin
October 2017
Latest Cybersecurity News
The latest cybersecurity news so that you can stay on top of what is going on in the cybersecurity world. Click titles below for more details.
KRACK WiFi Attack
Kaspersky Antivirus Purged from US Government Systems
CrySiS Ransomware Targeted US Businesses Through Open RDP Ports
BadRabbit Ransomware Hits Ukraine and Russia
Disqus, The Commenting System For News Websites, Confirmed Data Breach Affecting 17.5 Million Users
OWASP Publishes New Top 10 Vulnerabilities List
Previous Cybersecurity Bulletins
Not sure if you are vulnerable? Rampant specializes in vulnerability assessments and penetration testing for small & mid-size businesses!
New High Risk Vulnerabilities
You should be aware of the following vulnerabilities, and we recommend patching them immediately if they apply to your systems. Click titles below for more details.
Microsoft Windows Graphics Component Information Disclosure
Cisco Cloud Services Platform (CSP) 2100 Security Bypass
Microsoft Skype for Business Privilege Escalation
Oracle Fusion Middleware Identity Manager Connector Microsoft Active Directory Unspecified
Microsoft Office Code Execution
Linux Kernel mmu.c Code Execution
Linux Kernel ALSA Sequencer Interface Privilege Escalation
Reported: October 12, 2017
Affected Products: Linux Kernel 4.14-rc4
Details: : A local attacker could gain elevated privileges on the system and execute arbitrary code on the system with elevated privileges.
Solution: Apply patch for the vulnerability, available from Linux Kernel Mailing List.
References:
https://exchange.xforce.ibmcloud.com/vulnerabilities/133342
http://mailman.alsa-project.org/pipermail/alsa-devel/2017-October/126292.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15265
New Threat Advisories
You should be aware of the following threats and implement the recommended mitigations to ensure your systems are not impacted. Click titles below for more details.
Bad Rabbit Ransomware
Botnet Based LFI Attack
Zero Day Adobe Flash Player Vulnerability Being Used In the Wild
IOTroop Botnet