Rampant Cybersecurity Bulletin
September 2017
Latest Cybersecurity News
You should be aware of the following vulnerabilities, and we recommend patching them immediately if they apply to your systems. Click titles below for more details.
Equifax Data Breach: 143 Million US Consumers Affected
Deloitte Data Breach Affected All Company Email And Admin Accounts
NIST Publishes Draft Ransomware Guidelines
Kaspersky Allegedly Stole NSA Cyber Defense Data
Previous Cybersecurity Bulletins
Not sure if you are vulnerable? Rampant specializes in vulnerability assessments and penetration testing for small & mid-size businesses!
New High Risk Vulnerabilities
You should be aware of the following vulnerabilities, and we recommend patching them immediately if they apply to your systems. Click titles below for more details.
Cisco IOS XE REST API Security Bypass
Apache Struts REST Plugin Code Execution
Linux Kernel Bluetooth Stack Buffer Overflow
Microsoft Office Groove Security Bypass
Microsoft Windows Failover DHCP Server Service Code Execution
Microsoft Windows NetBIOS Code Execution
ZTE Microwave NR8000 Series Code Execution
Reported: September 15, 2017
Affected Products: ZTE Microwave NR8000 series
Details: : A remote attacker could execute arbitrary code on the system caused by a Java deserialization in the Java RMI service.
Solution: Upgrade to the latest version as provided by ZTE website.
References:
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008422
https://exchange.xforce.ibmcloud.com/vulnerabilities/132736
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10932
New Threat Advisories
You should be aware of the following threats and implement the recommended mitigations to ensure your systems are not impacted. Click titles below for more details.
Ransomware SPAM Campaign
MongoDB Ransom Attacks Affect 26,000 New Databases
Hackers Hid Malware Inside Popular CCleaner Software
Hackers Hid Malware Inside Popular CCleaner Software