Sophos has released technical details and indicators of compromise for the ransomware variant known as Snatch. Researchers have been investigating an ongoing series of ransomware attacks in which the ransomware executable forces the Windows machine to reboot into Safe Mode before beginning the encryption process. The attackers may be using this technique to circumvent endpoint […]
VMware has released security updates to address a critical vulnerability in ESXi and Horizon DaaS. An attacker could exploit this vulnerability to take control of an affected system. TTCSIRT encourages users and administrators to review the following release from VMware and apply the necessary solutions: https://www.vmware.com/security/advisories/VMSA-2019-0022.html
Zscaler has reported a phishing campaign that is abusing Appspot.com and Web.app; both legitimate domains associated with Google Cloud. The campaign deploys well-executed landing pages that spoof the two widely used sites. TTCSIRT strongly encourages administrators to review the following report from Zscaler and blacklist the listed domains and URLs: https://www.zscaler.com/blogs/research/phishing-attacks-abusing-appspotcom-and-webapp-domains-google-cloud
Please be advised that VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit some of these vulnerabilities to take control of an affected system. TTCSIRT encourages users and administrators to review the following releases from VMware and apply the necessary solutions: VMSA-2019-0020 – VMware ESXi, Workstation, and […]
Intel has released security updates to address 68 vulnerabilities across multiple products. TTCSIRT encourages users and administrators to review the following releases from Intel and apply the necessary security updates: INTEL-SA-00313 – BMC – https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00313.html INTEL-SA-00280 – UEFI – https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00280.html INTEL-SA-00220 – SGX and TXT – https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00220.html INTEL-SA-00240 – Processor Security – https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00240.html INTEL-SA-00241 – […]
Today Microsoft’s Patch Tuesday! Microsoft has released their monthly security updates for all supported Windows systems. TTCSIRT encourages users and administrators to update their systems. Visit the following link or more details on the vulnerabilities and issues addressed in this month’s Patch Tuesday: https://portal.msrc.microsoft.com/en-us/security-guidance As a reminder, there are now 69 days until 20/1/20, […]
In light of the ongoing Emotet malware campaign and the reports of threat actors exploiting the BlueKeep vulnerability, TTCSIRT has developed the following response plan in the event your organization becomes infected with ransomware: Isolate the infected computer(s) immediately – Infected systems should be removed from the network as soon as possible to prevent the […]
Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. TTCSIRT encourages users and administrators to review the following releases from Cisco and apply the necessary solutions. Issues addressed include the following high level vulnerabilities: CVE-2019-15958 – […]
There are confirmed reports that the BlueKeep RDP flaw in Windows based systems is now being actively exploited in the wild. BlueKeep (CVE-2019-0708) is a security vulnerability that was discovered in Microsoft’s Remote Desktop Protocol implementation, which allows for the possibility of remote code execution. BlueKeep has the potential to cause significant damage like the […]
Google has released Chrome version 78.0.3904.87 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. One of these vulnerabilities (CVE-2019-13720) is a zero day as it was detected in exploits in the wild. TTCSIRT encourages users and administrators to review the following release […]
