Security Month: September 2018
September has not been a far cry from other months of this year and it also has brought lot of vulnerability patches. It has been discovered that out of 370,000 potentially vulnerable MikroTik routers, more than 7,500 devices have been compromised to enable Socks4 proxy maliciously, allowing attackers to actively eavesdrop on the targeted network traffic since mid-July. MikroTik RouterOS users are highly recommended to update their devices and also check if the HTTP proxy, Socks4 proxy, and network traffic capture function are being maliciously exploited (For further details follow the link).
Cisco also informed customers that patches are available for over a dozen critical and high severity vulnerabilities affecting the company’s RV series, SD-WAN, Umbrella and other products.
Two of the announced flaws have been rated “critical” by Cisco. One of them, CVE-2018-0423, is a buffer overflow vulnerability in the web-based management interface of various RV series firewalls and routers. The security hole allows a remote and unauthenticated attacker to cause a denial-of-service (DoS) condition or to execute arbitrary code.
The second flaw assigned a “critical” rating by the networking giant is CVE-2018-0435 and it impacts the Cisco Umbrella API. A remote attacker could leverage the vulnerability to read or modify data across multiple organizations, but exploitation requires authentication. Cisco noted that the bug has been addressed in the API and no user interaction is required to apply the patch (For further details follow the link).
This month’s security updates also patch vulnerabilities in Microsoft Windows, Edge, Internet Explorer, MS Office, ChakraCore, .NET Framework, Microsoft.Data.OData, ASP.NET, and more.
Four of the security vulnerabilities patched by the tech giant this month have been listed as “publicly known” and more likely exploited in the wild at the time of release. Users are strongly advised to apply all security patches as soon as possible to keep hackers and cybercriminals away from taking control of their computers (For details follow the link).
Another important news that hit the cyber world this month is XBash – an all-in-one malware that features ransomware and cryptocurrency mining capabilities, as well as worm-like ability similar to WannaCry or Petya/NotPetya.
In addition to self-propagating capabilities, XBash also contains a functionality, which is not yet implemented, that could allow the malware to spread quickly within an organization’s network.
Developed in Python, XBash hunts for vulnerable or unprotected web services and deletes databases such as MySQL, PostgreSQL, and MongoDB running on Linux servers, as part of its ransomware capabilities (For further details follow the link ).