Cyber Security Roundup for June 2019
Keep Patching!
June 2019 was another very busy month for security update releases. Microsoft released updates to patch 22 critical rated vulnerabilities, Intel released 11 fixes, and there were also several critical security updates for Apple Airport, Adobe Flash Player, Cisco devices, Cisco Data Centre Network Manager, Dell SupportAssist, Google Chrome, Firefox and Apache. One further standout vulnerability was the “SACK Panic” TCP Linux and FreeBSD kernel vulnerability, uncovered by Netflix researchers, however, Microsoft released a security advisory in regards to TCP SACK Panic by the end of the month.
The National Security Agency (NSA) backed up UK National Cyber Security Centre (NCSC) and Microsoft’s continuing strong recommendations for everyone to apply the latest security updates to all versions of Microsoft Windows, including the unsupported XP, Vista and Windows 2003 Server, to protect against the supercritical CVE-2019-0708 “BlueKeep” vulnerability.
More Major Ransomware Attacks coming to the UK?
We all know the United States government famously takes a stand of no negotiation with terrorists and kidnappers, with the specific policy of never paying ransom demands. There is a good reason for this policy, as paying ransoms just serves to encourage further kidnapping and ransom demands. So it was interesting to learn this month, that US local government does not adhere to the same policy when dealing with ransomware demands. Rivera Beach (Florida) paid a whopping $600,000 ransom to hackers after its computers systems were taken over by ransomware after an employee clicked on a link within a phishing email. Phishing emails are the typical starting ingress of most mass ransomware outbreaks which cripple organisations. The Lake City (Florida) government officials said they had also paid a $460,000 ransom to cybercrooks following a ransomware attack on their municipality on 10th June. Meanwhile, Baltimore officials approved $10 million to cover ongoing expenses related to its ransomware attack.
BLOG
- How can UK Financial Services Organisations Combat the Cyber Threat?
- How organisations can effectively manage, detect and respond to a data breach?
- Blocking DDoS Attacks Using Automation
- UK Security BSides, Mark Your Calendar & Don’t Miss Out
- Cyber Security Roundup for May 2019
NEWS
- UK Police suspend use of Hacked Police Forensics Eurofins
- Riviera Beach, Florida pays $600,000 Ransomware Payment
- Second Florida City hit by Ransomware
- Baltimore approve $10 for Ransomware relief and expects $18 million in damages
- Six Arrested in European heist that netted £21M in Cryptocurrency
- Raspberry Pi used to Steal Data Nasa’s Jet Propulsion Laboratory
- Deliveroo and Just Eat Customers Complain of Fraud
- Data Management Firm Exposed Client Info on Open Amazon S3 buckets
- 5M records exposed by misconfigured MedicareSupplement.com MongoDB
- Silex bricks 2,000 plus IoT devices, the 14-year-old author has bigger plans for botnet
- Microsoft Patches 91 Vulnerabilities, including 22 Critical for Windows, IE, Chakra and Flash Player
- NSA Urges Admins to Patch the BlueKeep Vulnerability on Legacy Versions of Windows
- Adobe Releases Critical Fix for Flash Player
- Intel Release 11 Security Updates
- Cisco announces 26 new vulnerabilities, three Critical
- Cisco Updates include fixes for ‘high’ rated RCE, DoS flaws
- Excel Vulnerable by default as a new flaw, Microsoft’s familiar refrain ‘Disable macros to avoid malware’
- Google Chrome 75 rolls out with 42 Security Fixes
- Firefox Updates address takeover Vulnerability
- Dell SupportAssist bug leaves millions of PCs Vulnerable
- Apache Advisory Addresses incomplete Tomcat Update
- Cisco release Security Updates for Data Center Network Manager
- Apple releases eight updates for AirPort BaseStation bugs
- Palo Alto’s Unit 42 discovered 10 ‘Important’ Microsoft bugs
- Netflix Patches Linux SACK Vulnerability
- Huawei building UK 5G ‘like letting a kleptomaniac into your house’, US ambassador says
- Huawei’s US head of security hints that the company would be open to working with the US government to ease its concerns over cybersecurity
- Facebook stops apps being pre-installed on Huawei phones
- Huawei products riddled with backdoors, zero days and critical vulnerabilities
- The US ‘could ease Huawei sanctions’ if China trade deal advances
- Huawei: We don’t have to cooperate with the Chinese state
- Huawei cancels laptop launch because of US trade blacklist
- Nokia distances itself from boss’s warning over Huawei 5G kit
AWARENESS, EDUCATION AND THREAT INTELLIGENCE
- Inside the West’s failed fight against China’s ‘Cloud Hopper’ (APT10) Hackers
- Operation Soft Cell campaign targets cellular telecom providers, points to China’s APT10
- Russian Cyber Spies likely Hijacked Iranian APT34 Turla Group’s Infrastructure to deliver Backdoor
- New ‘BlackSquid’ Malware targets Web Servers and Drives
*** This is a Security Bloggers Network syndicated blog from IT Security Expert Blog authored by SecurityExpert. Read the original post at: http://feedproxy.google.com/~r/securityexpert/~3/_q95WWYNobA/cyber-security-roundup-for-june-2019.html