Microsoft Releases Security Update for Yammer

Original release date: October 19, 2018 Microsoft has released a security update to address a vulnerability in the Yammer desktop application. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review the Microsoft Security Advisory and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Trivial Post-Intrusion Attack Exploits Windows RID

Simple technique enables attackers to leverage Windows OS component to maintain stealth and persistence post system compromise.

AWS FreeRTOS Bugs Allow Compromise of IoT Devices

The bugs let hackers crash IoT devices, leak their information, and completely take them over.

libssh Authentication Bypass Makes it Trivial to Pwn Rafts of Servers

The flaw affects thousands of servers; but GitHub, a major libssh user, is unaffected.

Oracle Fixes 301 Flaws in October Critical Patch Update

The update includes one critical flaw in Oracle GoldenGate with a CVSS 3.0 score of 10.0.

Multiple D-Link Routers Open to Complete Takeover with Simple Attack

The vendor only plans to patch two of the eight impacted devices, according to a researcher.

On Heels of Criticism, Newly-Released Google Chrome 70 Prioritizes Privacy

The update also features 23 security fixes.

As End of Life Nears, More Than Half of Websites Still Use PHP V5

Support for PHP 5.6 drops on December 31 – but a recent report found that almost 62 percent of websites are still using version 5.

Remote Code Implantation Flaw Found in Medtronic Cardiac Programmers

The flaw impacted patients with pacemakers, implantable defibrillators, cardiac resynchronization devices and insertable cardiac monitors.

FBI Releases Article on Defending Against Payroll Phishing Scams

Original release date: October 16, 2018 The Federal Bureau of Investigation (FBI) has released an article on building a digital defense against phishing scams targeting electronically deposited paychecks. In these schemes, scammers use phishing emails to direct employees to fraudulent websites and collect their work credentials. Scammers then use victims’ credentials to replace legitimate direct deposit information with their own account details. NCCIC encourages users to review the FBI Article and NCCIC Tip on Avoiding Social Engineering and Phishing Attacks …
Read More »