A critical vulnerability in all Samba versions past 3.5 has been identified that can lead to remote code execution. This vulnerability can be exploited by anyone who has write permissions to a share by writing a library to it. Samba has already released patches for this vulnerability. The IT Security Office recommends that this vulnerability is patched ASAP.
Articles
DocuSign the company that allows users to electronically sign their documents has recently been breached and data about their customers has been exposed. Attackers are now using this information to send out Phishing emails to trick unsuspecting users into opening attachments, which leads to the installation of malware. The currently known subject lines of these malicious emails are:
Adobe and Microsoft have released several critical security updates on 7/11/17 to address vulnerabilities in Windows, Internet Explorer, Edge, Office, .NET Framework and Exchange as well as both Adobe Flash Player and Adobe Connect.
Adobe and Microsoft have released a large number of critical security updates on August 8th, 2017, to address 48 different vulnerabilities in Windows, Internet Explorer, Edge, Microsoft SharePoint, Microsoft SQL Server, as well as Adobe Flash Player.
The Windows update corrects a security flaw in the Windows Search Service in both Windows workstations and servers.
Campus Information Security Community,
On April 4th 2017 a group calling themselves The Shadow Brokers released a multitude of tools that were stolen from a NSA hacking group called The Equation Group. Among these sets of tools are Windows attacks against SMBv1, v2, v3. affecting windows versions Windows XP, Windows 2003, Windows Vista, Windows 7, Windows 2008, and Windows 2008r2.
Reports are coming in from Europe that a new form of ransomware called WannaCry/WanaCrypto 2.0 is using the previously patched MS17-010 vulnerability. This vulnerability was part of an 0-day exploit dump that occurred a few weeks ago by a group calling themselves “The Shadow Brokers.” This vulnerability affects SMBv1, SMBv2, SMBv3 in Windows Versions XP, 2003, 7, 2008 and 2008r2. Currently the malware is spreading by acting as a worm (A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers.
On June 13, 2017, Microsoft released patches for new critical vulnerabilities that have an imminent risk of exploitation. Due to the severity of the vulnerability, Microsoft released patches for both supported and many unsupported versions of Windows. Considering the threat posed by this vulnerability to easily spread throughout campus, the IT Security Office recommends that this vulnerability is patched as soon as practical.
On September 28, 2016, updates were released for bind that prevent the execution of denial of service attacks through specially-crafted queries. More information about this vulnerability and the corresponding patch can be found on Red Hat’s bind security update page.
On September 27, 2016, updates were released for OpenSSL that prevent memory leaks, remote execution of arbitrary code, and the crashing of unpatched implementations through specially-crafted requests. More information about these vulnerabilities and the corresponding patch can be found on Red Hat’s OpenSSL security update page.
On September 22, 2016, Yahoo Inc. gave public notice of a security investigation that uncovered an alleged state-sponsored attack against the company in which attackers were able to obtain the account information of approximately 500 million Yahoo users in late 2014. The information obtained by attackers includes the following:
Recently-disclosed zero-day exploits affecting MySQL and its various forks (including MariaDB and Percona) allow for complete compromise of vulnerable systems.
On September 1, 2016, Apple released a set of security updates for Safari and OS X designed to patch vulnerabilities that allow attackers to perform memory disclosure and code execution on vulnerable OS X hosts. The following operating system versions are affected by these vulnerabilities:
On August 25, 2016, Apple released iOS version 9.3.5 which contains a series of security patches designed to fix vulnerabilities in iPhone, iPad, and iPod devices that allow attackers to disclose the contents of kernel memory and execute arbitrary code with kernel privileges on affected devices.
The following devices are affected by these vulnerabilities:
Enterprise security firm Fortinet is the latest company with a potentially large security breach. Find out if this affects you and what to do to stay protected.
What Happened?According to an anonymous security researcher, code discovered in the FortiOS operating system includes an SSH backdoor that can be used to access the FortiGate firewall networking equipment. This exploit code has been making its rounds on the Internet, helping hackers potentially gain access to the backdoor’s password and thereby allowing remote access control.
The UCLA Information Security Office is providing the campus community with a reminder that several important security patches have recently been made available for commonly-used software including Adobe Flash, Adobe Reader, and Microsoft Windows.
OpenSSL recently released a series of patches that fix six different vulnerabilities, these include two high-severity flaws that could allow an attacker to execute malicious code on a web server, as well as decrypt HTTPS traffic between a client and secure web site(s) hosted by an HTTPS enabled webserver.
It has been brought to our attention that a fraud ring is targeting international students by providing an “alternative” payment option. Several individuals working together have approached foreign students in person and via social media, and offered to pay the student’s tuition with their credit card. In turn, the student gives the person access to their student system account and the person pays using a credit card. Then, the student will pay the person for their bill with a check or wire transfer. The deal for the student is that they pay the person the amount of their bill, minus 5%.
Cisco (ASA/PIX) and Fortinet (Fortigate) have released firmware security patches to address exploits made public this week due to the purported NSA hack.
Cisco rates this newly discovered vulnerability as high because it could allow execution of remote code on affected devices, which would allow full control. The devices affected are listed below:
August's Microsoft Patch Tuesday includes a number of important security updates for Internet Explorer, Office, Edge, and other components of Windows. These patches fix vulnerabilities in Windows systems that allow for remote code execution, privilege escalation, and information disclosure. In total, Microsoft released a total of 9 security updates, 5 of which were rated critical and 4 of which were rated Important.
